On Fri, Oct 20, 2023, Pawan Gupta wrote:
> diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
> index c55cc243592e..e1b623a27e1b 100644
> --- a/arch/x86/include/asm/nospec-branch.h
> +++ b/arch/x86/include/asm/nospec-branch.h
> @@ -111,6 +111,24 @@
> #define RESET_CALL_DEPTH_FROM_CALL
> #endif
>
> +/*
> + * Macro to execute VERW instruction to mitigate transient data sampling
> + * attacks such as MDS. On affected systems a microcode update overloaded VERW
> + * instruction to also clear the CPU buffers.
> + *
> + * Note: Only the memory operand variant of VERW clears the CPU buffers. To
> + * handle the case when VERW is executed after user registers are restored, use
> + * RIP to point the memory operand to a part NOPL instruction that contains
> + * __KERNEL_DS.
> + */
> +#define __EXEC_VERW(m) verw _ASM_RIP(m)
> +
> +#define EXEC_VERW \
> + __EXEC_VERW(551f); \
> + /* nopl __KERNEL_DS(%rax) */ \
> + .byte 0x0f, 0x1f, 0x80, 0x00, 0x00; \
> +551: .word __KERNEL_DS; \
Why are there so many macro layers? Nothing jumps out to justfying two layers,
let alone three.
> +
> /*
> * Fill the CPU return stack buffer.
> *
> @@ -329,6 +347,13 @@
> #endif
> .endm
>
> +/* Clear CPU buffers before returning to user */
> +.macro USER_CLEAR_CPU_BUFFERS
> + ALTERNATIVE "jmp .Lskip_verw_\@;", "", X86_FEATURE_USER_CLEAR_CPU_BUF
> + EXEC_VERW
Rather than a NOP after VERW, why not something like this?
/* Clear CPU buffers before returning to user */
.macro USER_CLEAR_CPU_BUFFERS
ALTERNATIVE "jmp .Lskip_verw_\@;", "jmp .Ldo_verw_\@;", X86_FEATURE_USER_CLEAR_CPU_BUF
551: .word __KERNEL_DS
.Ldo_verw_\@: verw _ASM_RIP(551b)
.Lskip_verw_\@:
.endm
> +.Lskip_verw_\@:
> +.endm
