Patch "x86/mitigations: Clear CPU buffers on the SYSCALL fast path" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 21 Apr 2020 19:35:42 +0200

This is a note to let you know that I've just added the patch titled

    x86/mitigations: Clear CPU buffers on the SYSCALL fast path

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-mitigations-clear-cpu-buffers-on-the-syscall-fast-path.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


From: Borislav Petkov <bp@xxxxxxx>
Date: Sun, 19 Apr 2020 09:59:03 +0200
Subject: x86/mitigations: Clear CPU buffers on the SYSCALL fast path

From: Borislav Petkov <bp@xxxxxxx>

The fast SYSCALL exit path returns with SYSRET to userspace after
verifying that there's no pending work. MDS mitigation mandates that CPU
buffers must be cleared on transition from kernel to userspace so do
that here too.

Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/entry/entry_64.S        |    2 ++
 arch/x86/include/asm/spec-ctrl.h |    2 ++
 arch/x86/kernel/cpu/bugs.c       |    5 +++++
 3 files changed, 9 insertions(+)

--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -218,6 +218,8 @@ entry_SYSCALL_64_fastpath:
 	testl	$_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
 	jnz	int_ret_from_sys_call_irqs_off	/* Go to the slow path */
 
+	call	mds_user_clear_buffers
+
 	movq	RIP(%rsp), %rcx
 	movq	EFLAGS(%rsp), %r11
 	RESTORE_C_REGS_EXCEPT_RCX_R11
--- a/arch/x86/include/asm/spec-ctrl.h
+++ b/arch/x86/include/asm/spec-ctrl.h
@@ -85,4 +85,6 @@ static inline void speculative_store_byp
 extern void speculation_ctrl_update(unsigned long tif);
 extern void speculation_ctrl_update_current(void);
 
+extern void mds_user_clear_buffers(void);
+
 #endif
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -263,6 +263,11 @@ static int __init mds_cmdline(char *str)
 }
 early_param("mds", mds_cmdline);
 
+void mds_user_clear_buffers(void)
+{
+	mds_user_clear_cpu_buffers();
+}
+
 #undef pr_fmt
 #define pr_fmt(fmt)	"TAA: " fmt
 


Patches currently in stable-queue which might be from bp@xxxxxxx are

queue-4.4/x86-mitigations-clear-cpu-buffers-on-the-syscall-fast-path.patch
queue-4.4/selftests-x86-ptrace_syscall_32-fix-no-vdso-segfault.patch






