CVE-2023-52874

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro<br /> <br /> In the TDX_HYPERCALL asm, after the TDCALL instruction returns from the<br /> untrusted VMM, the registers that the TDX guest shares to the VMM need<br /> to be cleared to avoid speculative execution of VMM-provided values.<br /> <br /> RSI is specified in the bitmap of those registers, but it is missing<br /> when zeroing out those registers in the current TDX_HYPERCALL.<br /> <br /> It was there when it was originally added in commit 752d13305c78<br /> ("x86/tdx: Expand __tdx_hypercall() to handle more arguments"), but was<br /> later removed in commit 1e70c680375a ("x86/tdx: Do not corrupt<br /> frame-pointer in __tdx_hypercall()"), which was correct because %rsi is<br /> later restored in the "pop %rsi". However a later commit 7a3a401874be<br /> ("x86/tdx: Drop flags from __tdx_hypercall()") removed that "pop %rsi"<br /> but forgot to add the "xor %rsi, %rsi" back.<br /> <br /> Fix by adding it back.