Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp859772imd; Thu, 1 Nov 2018 06:44:54 -0700 (PDT) X-Google-Smtp-Source: AJdET5cymQ9CUG3q45iR4SSobgpXp0SlI+Nx9wD7liKch518KlxU2N2AhGxdAgyrsAUqQtOBrUu4 X-Received: by 2002:a17:902:380c:: with SMTP id l12-v6mr7758305plc.37.1541079894034; Thu, 01 Nov 2018 06:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541079894; cv=none; d=google.com; s=arc-20160816; b=pWE3/2Ja4yjYzxcyqdQ8416HFa+3WjRv951WYUMMp3XaIa2SW8oi9Pal4kodbqP/JH At/Pncp1pbP0gtubqdw8G3wZkfaCrR9Notx65QIW4ipHbTiLwiPdc1iPHOcJ7cvSOal/ gjOvzczXbD84aBQindnJBadOi5D11nlUfm8jxI8/MJlWREjVPIKCqh6kFFmzxUi1e6Hx /219RDIVyHgFaxw/pSEIaOmNophFXSiO3VRbgRvSYUcs4emlIl2mobybGSrJ499EzzIB FI1CKm2ZhKunqlXPwPtgGq6hw96dC0FfKbm/aGNHQiUXS1BX4oTkFD7mrvY8ZHdIuxsh aWqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=cmPSq4O4t/ZoVzS9e0JD5eV9J2AijNZfE0ieCjJ7n1w=; b=xd0FyApq1ZNwrz6pz844mOhWQJSdInRU6057oXcRwpn+tcb/ddnTP79QvFDqyAG7ks 4X0+sB5r3gS359ea51alSit1VwWt0VjqoPLW+Wu3FYFoUuyNKjubUuoE68AMAkOsW/Du HJnjnhNAsuuagrCMVe1S4AgcMBCBgG8rkYqTEotJBGaUmUpBNfaQLTa978ifgJgrcO6g yBe5fvlaUIIMKTeLB3ZWH4ozZHNjRKPjgDN3GG2NjPSrBdQ9SqmMFFP5lsvw5kPJDle4 x73pIG5oufuGzsaxHE1AQBGwQA2UG0wdQj1mDFa2MBkYkvOiRAgh9NUJyqrvbZfqxJ4h KKSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=oh8sveRD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 33-v6si13896499plg.96.2018.11.01.06.44.35; Thu, 01 Nov 2018 06:44:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b=oh8sveRD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728762AbeKAWqc (ORCPT + 99 others); Thu, 1 Nov 2018 18:46:32 -0400 Received: from smtp-fw-2101.amazon.com ([72.21.196.25]:22182 "EHLO smtp-fw-2101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728514AbeKAWqb (ORCPT ); Thu, 1 Nov 2018 18:46:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1541079810; x=1572615810; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=cmPSq4O4t/ZoVzS9e0JD5eV9J2AijNZfE0ieCjJ7n1w=; b=oh8sveRDCgRt653Tbd/Gq4fTZBQgToAHO5tEYRvdgSY5ayZnGtulxASm Pn43tfGGa3s9NkQ/DRqEIDlXO/Qmwwl56ewOXCcbZrEcpJbU3yB6GV7TR 5ecPvlZExMNee/xonI0eNl6QRluCp2RuUcaS4HA493QygrftW/IHj9/fZ w=; X-IronPort-AV: E=Sophos;i="5.54,452,1534809600"; d="scan'208";a="702530356" Received: from iad6-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-1d-5dd976cd.us-east-1.amazon.com) ([10.124.125.2]) by smtp-border-fw-out-2101.iad2.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Nov 2018 13:43:29 +0000 Received: from u54ee758033e858cfa736.ant.amazon.com (iad7-ws-svc-lb50-vlan3.amazon.com [10.0.93.214]) by email-inbound-relay-1d-5dd976cd.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id wA1DhNMj005651 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 1 Nov 2018 13:43:25 GMT Received: from u54ee758033e858cfa736.ant.amazon.com (localhost [127.0.0.1]) by u54ee758033e858cfa736.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id wA1DhMQw004819; Thu, 1 Nov 2018 14:43:22 +0100 Received: (from jsteckli@localhost) by u54ee758033e858cfa736.ant.amazon.com (8.15.2/8.15.2/Submit) id wA1DhMOs004818; Thu, 1 Nov 2018 14:43:22 +0100 From: Julian Stecklina To: kvm@vger.kernel.org, Paolo Bonzini Cc: Julian Stecklina , Julian Stecklina , linux-kernel@vger.kernel.org Subject: [PATCH v3 2/3] kvm, vmx: move register clearing out of assembly path Date: Thu, 1 Nov 2018 14:42:48 +0100 Message-Id: X-Mailer: git-send-email 2.7.4 In-Reply-To: <0b290ddce11ab78951592b9435469cd16773629c.1541079752.git.jsteckli@amazon.de> References: <0b290ddce11ab78951592b9435469cd16773629c.1541079752.git.jsteckli@amazon.de> In-Reply-To: <0b290ddce11ab78951592b9435469cd16773629c.1541079752.git.jsteckli@amazon.de> References: <0b290ddce11ab78951592b9435469cd16773629c.1541079752.git.jsteckli@amazon.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Split the security related register clearing out of the large inline assembly VM entry path. This results in two slightly less complicated inline assembly statements, where it is clearer what each one does. Signed-off-by: Julian Stecklina Reviewed-by: Jan H. Schönherr Reviewed-by: Konrad Jan Miller Reviewed-by: Jim Mattson --- arch/x86/kvm/vmx.c | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index a6e5a5c..8ebd41d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -11281,24 +11281,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "mov %%r13, %c[r13](%0) \n\t" "mov %%r14, %c[r14](%0) \n\t" "mov %%r15, %c[r15](%0) \n\t" - /* - * Clear host registers marked as clobbered to prevent - * speculative use. - */ - "xor %%r8d, %%r8d \n\t" - "xor %%r9d, %%r9d \n\t" - "xor %%r10d, %%r10d \n\t" - "xor %%r11d, %%r11d \n\t" - "xor %%r12d, %%r12d \n\t" - "xor %%r13d, %%r13d \n\t" - "xor %%r14d, %%r14d \n\t" - "xor %%r15d, %%r15d \n\t" #endif - - "xor %%eax, %%eax \n\t" - "xor %%ebx, %%ebx \n\t" - "xor %%esi, %%esi \n\t" - "xor %%edi, %%edi \n\t" "pop %%" _ASM_BP "; pop %%" _ASM_DX " \n\t" ".pushsection .rodata \n\t" ".global vmx_return \n\t" @@ -11336,6 +11319,35 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) ); /* + * Explicitly clear (in addition to marking them as clobbered) all GPRs + * that have not been loaded with host state to prevent speculatively + * using the guest's values. + */ + asm volatile ( + "xor %%eax, %%eax \n\t" + "xor %%ebx, %%ebx \n\t" + "xor %%esi, %%esi \n\t" + "xor %%edi, %%edi \n\t" +#ifdef CONFIG_X86_64 + "xor %%r8d, %%r8d \n\t" + "xor %%r9d, %%r9d \n\t" + "xor %%r10d, %%r10d \n\t" + "xor %%r11d, %%r11d \n\t" + "xor %%r12d, %%r12d \n\t" + "xor %%r13d, %%r13d \n\t" + "xor %%r14d, %%r14d \n\t" + "xor %%r15d, %%r15d \n\t" +#endif + ::: "cc" +#ifdef CONFIG_X86_64 + , "rax", "rbx", "rsi", "rdi" + , "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15" +#else + , "eax", "ebx", "esi", "edi" +#endif + ); + + /* * We do not use IBRS in the kernel. If this vCPU has used the * SPEC_CTRL MSR it may have left it on; save the value and * turn it off. This is much more efficient than blindly adding -- 2.7.4