On Thu, Oct 26, 2023 at 02:15:11PM -0700, Pawan Gupta wrote: > On Thu, Oct 26, 2023 at 12:40:49PM -0700, Dave Hansen wrote: > > On 10/26/23 12:29, Pawan Gupta wrote: > > > On Thu, Oct 26, 2023 at 07:25:27PM +0300, Nikolay Borisov wrote: > > >> On 25.10.23 г. 23:52 ч., Pawan Gupta wrote: > > >>> @@ -1520,6 +1530,7 @@ SYM_CODE_START(ignore_sysret) > > >>> UNWIND_HINT_END_OF_STACK > > >>> ENDBR > > >>> mov $-ENOSYS, %eax > > >>> + CLEAR_CPU_BUFFERS > > >> nit: Just out of curiosity is it really needed in this case or it's doesn > > >> for the sake of uniformity so that all ring3 transitions are indeed > > >> covered?? > > > Interrupts returning to kernel don't clear the CPU buffers. I believe > > > interrupts will be enabled here, and getting an interrupt here could > > > leak the data that interrupt touched. > > > > Specifically NMIs, right? > > Yes, and VERW can omitted for the same reason as NMI returning to > kernel. Thinking more on this, we should not omit verw here, as this spot is way easier to target NMIs. A user executing SYSENTER in a loop has much higher chances of causing an NMI to return to kernel, and skip verw.
