Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp314844ima; Wed, 24 Oct 2018 01:32:43 -0700 (PDT) X-Google-Smtp-Source: AJdET5evwGNwUOMUgwHlEIorHQA3GsvY6lJ+MshReyHuFoWXhXZkS5e4I+1Z+5tqBQKlgrAKTmnf X-Received: by 2002:a62:750f:: with SMTP id q15-v6mr1754084pfc.70.1540369963139; Wed, 24 Oct 2018 01:32:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540369963; cv=none; d=google.com; s=arc-20160816; b=E7EOV0j1ieEGPqD/fWTkv8Pt9xnCstPHvPQPVxQe0UlbT1vUvHMf0AEHWNrRtBszQR ZpCAgJdcTYyMHfEE1W9G+igt0P/oHlJ7llVFXYH/FMv9PMWxz4z9AxdNqlLfOXWr8FQe ZlzZFWeNsNX+rCDR0Y2IzBPMTBnhWSvcLuV7nadVlWcEuLHOThKf9PV8c6RBXVYHJ4K6 X0wDFxgy9xFRr879GnF6vSUpmuVCgzj/3jkd1X+5auyiEcxQ9BwTqXEs3Tj/UeqjxWYz kETg5z7LzSC5NxY7zJ2r703/4rNF8Y5tqW48uCQm2OK8aQAl4hjUfO6mMyUPM9En+G0/ 6rmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=5sqDDn7QP7sBKIfJPTSAIDBRqBS3u0CYMIP5f/m9YTo=; b=reqE0uora37wxPxIq1l+Z3jvj5k8kH90SDkKI21MNIjkvuoUPo0Ioyc8thRkD7Fl8K 4cTy9ZvjPli5vA53Q9v9t3OL59YDYOpXtUJLaHzaI7TBRotucDrSMAEtgKshg1uBq2xh DlfTc+WiVC2EyWYp6nHbaAXuOEbyrQxNAofc3wUmidQc3ux7kgDxUJ17F0tcozHr+QmR vBuM+FejANbrs8Hld5DNSNUoAkzcR4qs5lHWF5ysVOdEO0v3Gh4g0On2B3rvR/VhbrXo Enr6HYaofTN8k4fW+aEM+EMmM+Jeww2f0g21GLA0XPaOONfxQWlPHG65Erzg1zzsSBh1 lwsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=H8fIi0NQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x8-v6si4100023pge.545.2018.10.24.01.32.27; Wed, 24 Oct 2018 01:32:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=H8fIi0NQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727407AbeJXQ4v (ORCPT + 99 others); Wed, 24 Oct 2018 12:56:51 -0400 Received: from smtp-fw-2101.amazon.com ([72.21.196.25]:47755 "EHLO smtp-fw-2101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726267AbeJXQ4v (ORCPT ); Wed, 24 Oct 2018 12:56:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1540369782; x=1571905782; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=5sqDDn7QP7sBKIfJPTSAIDBRqBS3u0CYMIP5f/m9YTo=; b=H8fIi0NQckGtDMIdojY9H6PbWpp9t59nOMM8mx3cC/6JecjoWMetEwu5 HYpf2105umSBBMp92wYHj4SztDiqR+3Kd2W70sIgvE3cwkRisuz775P19 YlQ1ZXs93AiZFGYn4c6buhiJLDdKyH6IbUHLUclYV+S24hR4Gb3c3+4Ph 0=; X-IronPort-AV: E=Sophos;i="5.54,419,1534809600"; d="scan'208";a="701226933" Received: from iad6-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2b-2eab95aa.us-west-2.amazon.com) ([10.124.125.2]) by smtp-border-fw-out-2101.iad2.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Oct 2018 08:29:41 +0000 Received: from u54ee758033e858cfa736.ant.amazon.com (pdx2-ws-svc-lb17-vlan2.amazon.com [10.247.140.66]) by email-inbound-relay-2b-2eab95aa.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w9O8TbpF022039 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Oct 2018 08:29:38 GMT Received: from u54ee758033e858cfa736.ant.amazon.com (localhost [127.0.0.1]) by u54ee758033e858cfa736.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w9O8Ta9A030178; Wed, 24 Oct 2018 10:29:36 +0200 Received: (from jsteckli@localhost) by u54ee758033e858cfa736.ant.amazon.com (8.15.2/8.15.2/Submit) id w9O8TaIe030177; Wed, 24 Oct 2018 10:29:36 +0200 From: Julian Stecklina To: kvm@vger.kernel.org, Paolo Bonzini Cc: Julian Stecklina , js@alien8.de, linux-kernel@vger.kernel.org Subject: [PATCH 2/4] kvm, vmx: move register clearing out of assembly path Date: Wed, 24 Oct 2018 10:28:57 +0200 Message-Id: <558fea0b4df498eefcaea5ae07a089ad9706c1a2.1540369608.git.jsteckli@amazon.de> X-Mailer: git-send-email 2.7.4 In-Reply-To: <09986c98c9655f1542768ecfda644ac821e67a57.1540369608.git.jsteckli@amazon.de> References: <09986c98c9655f1542768ecfda644ac821e67a57.1540369608.git.jsteckli@amazon.de> In-Reply-To: <09986c98c9655f1542768ecfda644ac821e67a57.1540369608.git.jsteckli@amazon.de> References: <09986c98c9655f1542768ecfda644ac821e67a57.1540369608.git.jsteckli@amazon.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Split the security related register clearing out of the large inline assembly VM entry path. This results in two slightly less complicated inline assembly statements, where it is clearer what each one does. Signed-off-by: Julian Stecklina Reviewed-by: Jan H. Schönherr Reviewed-by: Konrad Jan Miller --- arch/x86/kvm/vmx.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 93562d5..9225099 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10797,20 +10797,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "mov %%r13, %c[r13](%0) \n\t" "mov %%r14, %c[r14](%0) \n\t" "mov %%r15, %c[r15](%0) \n\t" - "xor %%r8d, %%r8d \n\t" - "xor %%r9d, %%r9d \n\t" - "xor %%r10d, %%r10d \n\t" - "xor %%r11d, %%r11d \n\t" - "xor %%r12d, %%r12d \n\t" - "xor %%r13d, %%r13d \n\t" - "xor %%r14d, %%r14d \n\t" - "xor %%r15d, %%r15d \n\t" #endif - - "xor %%eax, %%eax \n\t" - "xor %%ebx, %%ebx \n\t" - "xor %%esi, %%esi \n\t" - "xor %%edi, %%edi \n\t" "pop %%" _ASM_BP "; pop %%" _ASM_DX " \n\t" ".pushsection .rodata \n\t" ".global vmx_return \n\t" @@ -10847,6 +10834,26 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif ); + /* Don't let guest register values survive. */ + asm volatile ( + "" +#ifdef CONFIG_X86_64 + "xor %%r8d, %%r8d \n\t" + "xor %%r9d, %%r9d \n\t" + "xor %%r10d, %%r10d \n\t" + "xor %%r11d, %%r11d \n\t" + "xor %%r12d, %%r12d \n\t" + "xor %%r13d, %%r13d \n\t" + "xor %%r14d, %%r14d \n\t" + "xor %%r15d, %%r15d \n\t" +#endif + :: "a" (0), "b" (0), "S" (0), "D" (0) + : "cc" +#ifdef CONFIG_X86_64 + , "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15" +#endif + ); + /* * We do not use IBRS in the kernel. If this vCPU has used the * SPEC_CTRL MSR it may have left it on; save the value and -- 2.7.4