[PATCH v7 2/3] x86/entry_32: Clear CPU buffers after register restore in NMI return

Linux kernel -stable discussions
 help / color / mirror / Atom feed

From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
	Robert Gill <rtgill82@gmail.com>,
	Jari Ruusu <jariruusu@protonmail.com>,
	Brian Gerst <brgerst@gmail.com>,
	"Linux regression tracking (Thorsten Leemhuis)"
	<regressions@leemhuis.info>,
	antonio.gomez.iglesias@linux.intel.com,
	daniel.sneddon@linux.intel.com, stable@vger.kernel.org
Subject: [PATCH v7 2/3] x86/entry_32: Clear CPU buffers after register restore in NMI return
Date: Wed, 25 Sep 2024 15:25:44 -0700	[thread overview]
Message-ID: <20240925-fix-dosemu-vm86-v7-2-1de0daca2d42@linux.intel.com> (raw)
In-Reply-To: <20240925-fix-dosemu-vm86-v7-0-1de0daca2d42@linux.intel.com>

CPU buffers are currently cleared after call to exc_nmi, but before
register state is restored. This may be okay for MDS mitigation but not for
RDFS. Because RDFS mitigation requires CPU buffers to be cleared when
registers don't have any sensitive data.

Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.

Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition")
Cc: stable@vger.kernel.org # 5.10+
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/entry/entry_32.S | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
index 9ad6cd89b7ac..20be5758c2d2 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -1145,7 +1145,6 @@ SYM_CODE_START(asm_exc_nmi)
 
 	/* Not on SYSENTER stack. */
 	call	exc_nmi
-	CLEAR_CPU_BUFFERS
 	jmp	.Lnmi_return
 
 .Lnmi_from_sysenter_stack:
@@ -1166,6 +1165,7 @@ SYM_CODE_START(asm_exc_nmi)
 
 	CHECK_AND_APPLY_ESPFIX
 	RESTORE_ALL_NMI cr3_reg=%edi pop=4
+	CLEAR_CPU_BUFFERS
 	jmp	.Lirq_return
 
 #ifdef CONFIG_X86_ESPFIX32
@@ -1207,6 +1207,7 @@ SYM_CODE_START(asm_exc_nmi)
 	 *  1 - orig_ax
 	 */
 	lss	(1+5+6)*4(%esp), %esp			# back to espfix stack
+	CLEAR_CPU_BUFFERS
 	jmp	.Lirq_return
 #endif
 SYM_CODE_END(asm_exc_nmi)

-- 
2.34.1

next prev parent reply	other threads:[~2024-09-25 22:25 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-25 22:25 [PATCH v7 0/3] Fix dosemu vm86() fault Pawan Gupta
2024-09-25 22:25 ` [PATCH v7 1/3] x86/entry_32: Do not clobber user EFLAGS.ZF Pawan Gupta
2024-09-25 22:25 ` Pawan Gupta [this message]
2024-09-25 22:25 ` [PATCH v7 3/3] x86/bugs: Use code segment selector for VERW operand Pawan Gupta
2024-09-25 23:29   ` Andrew Cooper
2024-09-25 23:46     ` Pawan Gupta
2024-09-26  0:17       ` Pawan Gupta
2024-09-26  0:32         ` Andrew Cooper
2024-09-26  1:04           ` Pawan Gupta
2024-09-26 14:52         ` Uros Bizjak
2024-09-26 16:10           ` Pawan Gupta
2024-09-26 16:28             ` Andrew Cooper
2024-09-26 16:56               ` Pawan Gupta
2024-09-26 17:01                 ` Andrew Cooper
2024-10-08 13:52 ` [PATCH v7 0/3] Fix dosemu vm86() fault Thorsten Leemhuis
2024-10-08 22:48   ` Dave Hansen
2024-10-09  8:50     ` Linux regression tracking (Thorsten Leemhuis)

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9ad6cd89b7a dfblob:20be5758c2d )
 OR (
bs:"[PATCH v7 2/3] x86/entry_32: Clear CPU buffers after register restore in NMI return" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240925-fix-dosemu-vm86-v7-2-1de0daca2d42@linux.intel.com \
    --to=pawan.kumar.gupta@linux.intel.com \
    --cc=antonio.gomez.iglesias@linux.intel.com \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=daniel.sneddon@linux.intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=jariruusu@protonmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=regressions@leemhuis.info \
    --cc=rtgill82@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox