On Mon, Mar 04, 2024 at 09:01:52PM -0800, Pawan Gupta wrote:
> This is the backport of recently upstreamed series that moves VERW
> execution to a later point in exit-to-user path. This is needed because
> in some cases it may be possible for data accessed after VERW executions
> may end into MDS affected CPU buffers. Moving VERW closer to ring
> transition reduces the attack surface.
>
> - The series includes a dependency commit f87bc8dc7a7c ("x86/asm: Add
> _ASM_RIP() macro for x86-64 (%rip) suffix").
>
> - Patch 2 includes a change that adds runtime patching for jmp (instead
> of verw in original series) due to lack of rip-relative relocation
> support in kernels <v6.5.
>
> - Fixed warning:
> arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction.
>
> - Resolved merge conflicts in:
> swapgs_restore_regs_and_return_to_usermode in entry_64.S.
> __vmx_vcpu_run in vmenter.S.
> vmx_update_fb_clear_dis in vmx.c.
>
> - Boot tested with KASLR and KPTI enabled.
>
> - Verified VERW being executed with mitigation ON, and not being
> executed with mitigation turned OFF.
>
> To: stable@xxxxxxxxxxxxxxx
>
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> ---
> H. Peter Anvin (Intel) (1):
> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
>
> Pawan Gupta (5):
> x86/bugs: Add asm helpers for executing VERW
> x86/entry_64: Add VERW just before userspace transition
> x86/entry_32: Add VERW just before userspace transition
> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
> KVM/VMX: Move VERW closer to VMentry for MDS mitigation
>
> Sean Christopherson (1):
> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
Could this and below backports be queue up?
5.10.y https://lore.kernel.org/stable/20240305-delay-verw-backport-5-10-y-v1-0-50bf452e96ba@xxxxxxxxxxxxxxx/
5.4.y https://lore.kernel.org/stable/20240226122237.198921-1-nik.borisov@xxxxxxxx/
Just FYI.. this series is already in stable trees for 6.1, 6.6, 6.7.
Thanks,
Pawan
