From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 06 Mar 2019 05:22:03 -0000 Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1h1P0C-0004hk-QB for speck@linutronix.de; Wed, 06 Mar 2019 06:22:02 +0100 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 6F9E9AD93 for ; Wed, 6 Mar 2019 05:21:53 +0000 (UTC) Date: Wed, 6 Mar 2019 06:21:49 +0100 From: Borislav Petkov Subject: [MODERATED] Re: [patch V6 07/14] MDS basics 7 Message-ID: <20190306052149.GB21338@zn.tnic> References: <20190301214738.281554861@linutronix.de> <20190301214847.807540001@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20190301214847.807540001@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable To: speck@linutronix.de List-ID: On Fri, Mar 01, 2019 at 10:47:45PM +0100, speck for Thomas Gleixner wrote: > Subject: [patch V6 07/14] x86/speculation/mds: Clear CPU buffers on exit to= user > From: Thomas Gleixner >=20 > Add a static key which controls the invocation of the CPU buffer clear > mechanism on exit to user space and add the call into > prepare_exit_to_usermode() and do_nmi() right before actually returning. >=20 > Add documentation which kernel to user space transition this covers and > explain why some corner cases are not mitigated. >=20 > Signed-off-by: Thomas Gleixner > Reviewed-by: Greg Kroah-Hartman >=20 > --- > V4 --> v5: Use an inline helper instead of open coding it. > Rework the documentation paragraph about exceptions. >=20 > V3 --> V4: Add #DS mitigation and document that the #MC corner case > is really not interesting. >=20 > V3: Add NMI conditional on user regs and update documentation accordingly. > Use the static branch scheme suggested by Peter. Fix typos ... > --- > Documentation/x86/mds.rst | 52 ++++++++++++++++++++++++++++++= +++++ > arch/x86/entry/common.c | 3 ++ > arch/x86/include/asm/nospec-branch.h | 13 ++++++++ > arch/x86/kernel/cpu/bugs.c | 3 ++ > arch/x86/kernel/nmi.c | 4 ++ > arch/x86/kernel/traps.c | 7 ++++ > 6 files changed, 82 insertions(+) ... > --- a/arch/x86/kernel/traps.c > +++ b/arch/x86/kernel/traps.c > @@ -366,6 +366,13 @@ dotraplinkage void do_double_fault(struc > regs->ip =3D (unsigned long)general_protection; > regs->sp =3D (unsigned long)&gpregs->orig_ax; > =20 > + /* > + * This situation can be triggered by userspace via > + * modify_ldt(2) and the return does not take the regular > + * user space exit, so a CPU buffer clear is required when > + * MDS mitigation is enabled. > + */ > + mds_user_clear_cpu_buffers(); > return; > } > #endif Looks like the traps.c change is missing a hunk, see below. Otherwise: arch/x86/kernel/traps.c: In function =E2=80=98do_double_fault=E2=80=99: arch/x86/kernel/traps.c:375:3: error: implicit declaration of function =E2=80= =98mds_user_clear_cpu_buffers=E2=80=99 [-Werror=3Dimplicit-function-declarati= on] mds_user_clear_cpu_buffers(); ^~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors make[2]: *** [scripts/Makefile.build:276: arch/x86/kernel/traps.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [scripts/Makefile.build:492: arch/x86/kernel] Error 2 make: *** [Makefile:1043: arch/x86] Error 2 make: *** Waiting for unfinished jobs.... --- diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 5942060dba9a..ce33f7f672d6 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -61,6 +61,7 @@ #include #include #include +#include =20 #ifdef CONFIG_X86_64 #include --- with that Reviewed-by: Borislav Petkov --=20 Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imend=C3=B6rffer, Jane Smithard, Graham Norton, HR= B 21284 (AG N=C3=BCrnberg) --=20