[PATCH 6.6.y v2 0/5] Delay VERW - 6.6.y backport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

v2:
- Dropped already backported patch "x86/bugs: Add asm helpers for
  executing VERW"
  https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.20&id=48985d64c4c8105aa3497219df063e1489792e59
- Booted fine with KASLR and KPTI enabled.
- Rebased to v6.6.20

v1: https://lore.kernel.org/r/20240226-delay-verw-backport-6-6-y-v1-0-aa17b2922725@xxxxxxxxxxxxxxx

This is the backport of recently upstreamed series that moves VERW
execution to a later point in exit-to-user path. This is needed because
in some cases it may be possible for data accessed after VERW executions
may end into MDS affected CPU buffers. Moving VERW closer to ring
transition reduces the attack surface.

Patch 1/6 includes a minor fix that is queued for upstream:
https://lore.kernel.org/lkml/170899674562.398.6398007479766564897.tip-bot2@tip-bot2/

Patch 2/6 needed a conflict to be resolved for the hunk
swapgs_restore_regs_and_return_to_usermode.

This is only compile and boot tested on qemu.

Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
To: stable@xxxxxxxxxxxxxxx

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
---
Pawan Gupta (4):
      x86/entry_64: Add VERW just before userspace transition
      x86/entry_32: Add VERW just before userspace transition
      x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
      KVM/VMX: Move VERW closer to VMentry for MDS mitigation

Sean Christopherson (1):
      KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH

 Documentation/arch/x86/mds.rst       | 38 +++++++++++++++++++++++++-----------
 arch/x86/entry/entry_32.S            |  3 +++
 arch/x86/entry/entry_64.S            | 11 +++++++++++
 arch/x86/entry/entry_64_compat.S     |  1 +
 arch/x86/include/asm/entry-common.h  |  1 -
 arch/x86/include/asm/nospec-branch.h | 12 ------------
 arch/x86/kernel/cpu/bugs.c           | 15 ++++++--------
 arch/x86/kernel/nmi.c                |  3 ---
 arch/x86/kvm/vmx/run_flags.h         |  7 +++++--
 arch/x86/kvm/vmx/vmenter.S           |  9 ++++++---
 arch/x86/kvm/vmx/vmx.c               | 20 +++++++++++++++----
 11 files changed, 75 insertions(+), 45 deletions(-)
---
base-commit: 9b4a8eac17f0d840729384618b4b1e876233026c
change-id: 20240226-delay-verw-backport-6-6-y-2cda3298e600

Best regards,
-- 
Thanks,
Pawan
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux