Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5944981ybi; Wed, 12 Jun 2019 11:08:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqxSHWz519m4LK5sSERtkM9X/NVY5qM6+hbO/olmAri+TjaWRCejlpuUGAoWBMIHXtKffHZB X-Received: by 2002:a17:90a:aa88:: with SMTP id l8mr463709pjq.65.1560362928932; Wed, 12 Jun 2019 11:08:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560362928; cv=none; d=google.com; s=arc-20160816; b=rKnyYS9pj3tEo86JP5+6SMO15e7a0e34icUSci0EdJHoi+DciebqQpozfOXpDBDyjk nStZCjd9aMbOYTnaIJi2KDY64AwP1Iedpi1UiJ7+0nMjnbF2/vXdLEJIBmBav/HpBFxz 514b2bej5kHP9Jog0bRDCFyB8Dep07Ej7+isCgHeBQv0e/Ek3NCR5PUsvC/IetsQZjpx oVn2sKITVTSS0wKSFKC4rr/ZpnaeA4Coh/jtW0S6SQeK78YTG4AvxTm64J3EL8dTuJdg KFab+Xn9iymsD+DI2rHJ1+JhOPrl3GsVRLGgtF8OEb0fhWquXUpcpeuKte8IjFpDLkwv mZnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=y0y2fCtE+zaOH2XT3643VHxhFHXbECws0ZTrhMzBQQU=; b=kG6kNzA1utyZtXGjSDyl8ew7pKGLla4jyugct0Jq8YEfX0ZEVjCAhPPlU+ZOYCZjwa o6qd2tgF6fhQdZ+19tOWb9sn4iKNYmF6tQDbh6OIDs93uCuhqN8y3lPAmDOLWSo9cNiV qRRI/nKa7fPk9Vo4V3y4j6KjIYvUXkXurBLtYFZ+Yp5pC/mGgLY3bCjn9xv5o0o3jrj6 ehufuk23YyY30qSo9DvGqUJd5LJ8TdJ7WJ6R6A0o05nTCdjwAxPRzKyieQANEMzfZBGg wrjhYVaCuOuAFIWISljtsX+F5Oq2DeCYTgqpyTx9cj6ZlSM2X5pba5T2dgCqzzw5UNz4 3Y9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b="T1+M/fEJ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a90si342925plc.15.2019.06.12.11.08.34; Wed, 12 Jun 2019 11:08:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b="T1+M/fEJ"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2438429AbfFLRL6 (ORCPT + 99 others); Wed, 12 Jun 2019 13:11:58 -0400 Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:49815 "EHLO smtp-fw-33001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727431AbfFLRL5 (ORCPT ); Wed, 12 Jun 2019 13:11:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1560359517; x=1591895517; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=y0y2fCtE+zaOH2XT3643VHxhFHXbECws0ZTrhMzBQQU=; b=T1+M/fEJAofcbX7d4d2xJiXxoxc2bfBBTqATNmcJiX0+868WyIzqcaFX vfkzJ3/fHzIrF9ZBoa+N2KCJZ6rG9MEFonNJLfkEFYFwXWUC1ikCWar+T etfw52zh5mRgCh42rihGWFPb9bAMeEN0jVCT9J3ohqw6tVMTKb5hcZ7Mh w=; X-IronPort-AV: E=Sophos;i="5.62,366,1554768000"; d="scan'208";a="805048839" Received: from sea3-co-svc-lb6-vlan2.sea.amazon.com (HELO email-inbound-relay-2b-c7131dcf.us-west-2.amazon.com) ([10.47.22.34]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 12 Jun 2019 17:11:56 +0000 Received: from ua08cfdeba6fe59dc80a8.ant.amazon.com (pdx2-ws-svc-lb17-vlan3.amazon.com [10.247.140.70]) by email-inbound-relay-2b-c7131dcf.us-west-2.amazon.com (Postfix) with ESMTPS id 45AE6A256D; Wed, 12 Jun 2019 17:11:56 +0000 (UTC) Received: from ua08cfdeba6fe59dc80a8.ant.amazon.com (ua08cfdeba6fe59dc80a8.ant.amazon.com [127.0.0.1]) by ua08cfdeba6fe59dc80a8.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id x5CHBsGK018632; Wed, 12 Jun 2019 19:11:54 +0200 Received: (from mhillenb@localhost) by ua08cfdeba6fe59dc80a8.ant.amazon.com (8.15.2/8.15.2/Submit) id x5CHBr1J018630; Wed, 12 Jun 2019 19:11:53 +0200 From: Marius Hillenbrand To: kvm@vger.kernel.org Cc: Marius Hillenbrand , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, linux-mm@kvack.org, Alexander Graf , David Woodhouse , Julian Stecklina Subject: [RFC 08/10] kvm, vmx: move register clearing out of assembly path Date: Wed, 12 Jun 2019 19:08:40 +0200 Message-Id: <20190612170834.14855-9-mhillenb@amazon.de> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190612170834.14855-1-mhillenb@amazon.de> References: <20190612170834.14855-1-mhillenb@amazon.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Julian Stecklina Split the security related register clearing out of the large inline assembly VM entry path. This results in two slightly less complicated inline assembly statements, where it is clearer what each one does. Signed-off-by: Julian Stecklina [rebased to 4.20; note that the purpose of this patch is to make the changes in the next commit more readable. we will drop this patch when rebasing to 5.x, since major refactoring of KVM makes it redundant.] Signed-off-by: Marius Hillenbrand Cc: Alexander Graf Cc: David Woodhouse --- arch/x86/kvm/vmx.c | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 16a383635b59..0fe9a4ab8268 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -11582,24 +11582,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "mov %%r13, %c[r13](%0) \n\t" "mov %%r14, %c[r14](%0) \n\t" "mov %%r15, %c[r15](%0) \n\t" - /* - * Clear host registers marked as clobbered to prevent - * speculative use. - */ - "xor %%r8d, %%r8d \n\t" - "xor %%r9d, %%r9d \n\t" - "xor %%r10d, %%r10d \n\t" - "xor %%r11d, %%r11d \n\t" - "xor %%r12d, %%r12d \n\t" - "xor %%r13d, %%r13d \n\t" - "xor %%r14d, %%r14d \n\t" - "xor %%r15d, %%r15d \n\t" #endif - - "xor %%eax, %%eax \n\t" - "xor %%ebx, %%ebx \n\t" - "xor %%esi, %%esi \n\t" - "xor %%edi, %%edi \n\t" "pop %%" _ASM_BP "; pop %%" _ASM_DX " \n\t" ".pushsection .rodata \n\t" ".global vmx_return \n\t" @@ -11636,6 +11619,35 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif ); + /* + * Explicitly clear (in addition to marking them as clobbered) all GPRs + * that have not been loaded with host state to prevent speculatively + * using the guest's values. + */ + asm volatile ( + "xor %%eax, %%eax \n\t" + "xor %%ebx, %%ebx \n\t" + "xor %%esi, %%esi \n\t" + "xor %%edi, %%edi \n\t" +#ifdef CONFIG_X86_64 + "xor %%r8d, %%r8d \n\t" + "xor %%r9d, %%r9d \n\t" + "xor %%r10d, %%r10d \n\t" + "xor %%r11d, %%r11d \n\t" + "xor %%r12d, %%r12d \n\t" + "xor %%r13d, %%r13d \n\t" + "xor %%r14d, %%r14d \n\t" + "xor %%r15d, %%r15d \n\t" +#endif + ::: "cc" +#ifdef CONFIG_X86_64 + , "rax", "rbx", "rsi", "rdi" + , "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15" +#else + , "eax", "ebx", "esi", "edi" +#endif + ); + /* * We do not use IBRS in the kernel. If this vCPU has used the * SPEC_CTRL MSR it may have left it on; save the value and -- 2.21.0