Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp1327655rdb; Fri, 20 Oct 2023 15:55:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFjrCJZVJfspbkTqhs1uHbM4KuP50yQFnoN0ica1UkP7e7kdf+CmPGMusJq7v+fm3JTCPa6 X-Received: by 2002:a17:903:2288:b0:1c6:e1d:8be0 with SMTP id b8-20020a170903228800b001c60e1d8be0mr5430230plh.2.1697842557399; Fri, 20 Oct 2023 15:55:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697842557; cv=none; d=google.com; s=arc-20160816; b=EG9g7Uu52Wjjat7EhkY62VSKQ/QheK+PTpwWE7OdJiCsvDcMOfqK99Tdm/uIhuGp5h t/N5s+21kkKjNz6GvG2eSwhZGidRaNVRdic4oiVTJQHI6dPjlTv6SPrJ/J9yEZuxWLaH w2qBDTwhyg6PkMN+vadNrBfVennNax/b7I5juJX5wtGWBaOdwE9EZ6vRtvpYyHwFS1L3 QnoZ2BNGI8lFbzkTO92tXZXISproXxWsNPfjaL0R5WVZyMwdzfHfexNsVUWIJIMg4nf6 K53GaN7RGnQ59S9dNYdY9lJlM1vIZOZR+AhNCYZMoeH3VbZeMVXirfV8G5HXzB//uQ3R hwRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=+g38I1Y8PaKbaByFCxxvsTO4uB3YltKuRgG8s7U1tVw=; fh=SyxcvViqygumIva4yJbQoxy7Vq6BRqnWLLPsvZppLLU=; b=fwpJlB0maJqGbBIo5WjNP0hH61p/T94MfrWwvFhg0y//OY+w0QaNf/WwK6eujIdeJR kwJWbmBSvwEeHmj2dXfXse63lDFeKYbGSrv21og6dllze7Ipy98hDCZFqFgIz5M/burs 9J6oQ2kaCBBfUaWjysRVVSG4U31PXa4AK2StbI6WXBd73D4RjCPruD+K1m7MRqg0rvLj yfElha3BuHiHczILiYzjLe0mtAfXbKYEyqNzSE2VG343DTXT9efeEB1gXQWXoixZKjdF yh9CklhrYIX+U6IaxOj0z0rbzoyVbSuod2euLEMlkrrecNYFLTsR1gcIH3NbwyoImG9T Pj0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="xk/nimL+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id j14-20020a170902da8e00b001c5db1e47c3si2705430plx.553.2023.10.20.15.55.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Oct 2023 15:55:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="xk/nimL+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 374B580A95B8; Fri, 20 Oct 2023 15:55:32 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230251AbjJTWzO (ORCPT + 99 others); Fri, 20 Oct 2023 18:55:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230086AbjJTWzM (ORCPT ); Fri, 20 Oct 2023 18:55:12 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A01BCD7B for ; Fri, 20 Oct 2023 15:55:09 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5a7c97d5d5aso19446717b3.3 for ; Fri, 20 Oct 2023 15:55:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697842509; x=1698447309; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+g38I1Y8PaKbaByFCxxvsTO4uB3YltKuRgG8s7U1tVw=; b=xk/nimL+eI0gDd5i/VB2O1JHRcQWK6obE8r3F546i3IHLFa47qMggw0YxFa+2Gmp/v GowzfJC9QQck1e+vtS/g1LdAAkuQU6a82T0P1oJaBJVgLUfPoV65Xk7Dps4keA27gFke a7A6IR8asHo63y/IIXR/R2PyN3S1cPAHNR1jEdFVc06FfnyXscUqMlykzLDYTkOF3n0U iS5Yi4lkvnsgF/ZU0UNR3u/a4sEb6IkQtOPSO/x0DVkmXjlNhN5OX2bzy6ols3i+ft68 MbMzQDkC3Qn3dERfAsDAeqge7477AtsNr/30Z3LaKcHDa4XLk8Z/RD/XXfpwSkfCb/NU y8hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697842509; x=1698447309; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+g38I1Y8PaKbaByFCxxvsTO4uB3YltKuRgG8s7U1tVw=; b=O7lOeklBtEo3yqgxIS44aoFPFoylxd/aBlLWA8SJSJlopl9LFLalraSTUmnpMXs4l+ WOElwCHea9cdFbLZ7tpMziVkw3FhFoFaRBoSiQIntD81Hck5SCGCpXkrb0zsvVNPr6Pz cQMyVeRTP6g/huvSHtzIqNIgomJWDQXG+0/huUm3zBrtlrXEWQppp5SoNEhAiuxugkye 4u38rRFS8wy4rVs2w+UDhPOtbxeuo6gRtGxuxJbofdRBIviicHeOa8rKMQkmJ8fTA7rv 3oQaemNp2OZFjtDSfL0vvSc0dw7wtlPZOpHcCRqufbbw8mALsNo9wMtLToJmEgIzSQaq VR1Q== X-Gm-Message-State: AOJu0Yx1QaA4R4OSn4/pxZDkjg9stfE6RosnRHHQoQLXP6P6mjjGBbaq zpobIUtm2xWuIce/QJKAXP6tFwuQVt4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:297:0:b0:d9a:4c45:cfd0 with SMTP id 145-20020a250297000000b00d9a4c45cfd0mr63479ybc.2.1697842508740; Fri, 20 Oct 2023 15:55:08 -0700 (PDT) Date: Fri, 20 Oct 2023 15:55:07 -0700 In-Reply-To: <20231020-delay-verw-v1-6-cff54096326d@linux.intel.com> Mime-Version: 1.0 References: <20231020-delay-verw-v1-0-cff54096326d@linux.intel.com> <20231020-delay-verw-v1-6-cff54096326d@linux.intel.com> Message-ID: Subject: Re: [PATCH 6/6] KVM: VMX: Move VERW closer to VMentry for MDS mitigation From: Sean Christopherson To: Pawan Gupta Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Andy Lutomirski , Jonathan Corbet , Paolo Bonzini , tony.luck@intel.com, ak@linux.intel.com, tim.c.chen@linux.intel.com, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kvm@vger.kernel.org, Alyssa Milburn , Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 20 Oct 2023 15:55:32 -0700 (PDT) On Fri, Oct 20, 2023, Pawan Gupta wrote: > During VMentry VERW is executed to mitigate MDS. After VERW, any memory > access like register push onto stack may put host data in MDS affected > CPU buffers. A guest can then use MDS to sample host data. > > Although likelihood of secrets surviving in registers at current VERW > callsite is less, but it can't be ruled out. Harden the MDS mitigation > by moving the VERW mitigation late in VMentry path. > > Note that VERW for MMIO Stale Data mitigation is unchanged because of > the complexity of per-guest conditional VERW which is not easy to handle > that late in asm with no GPRs available. If the CPU is also affected by > MDS, VERW is unconditionally executed late in asm regardless of guest > having MMIO access. > > Signed-off-by: Pawan Gupta > --- > arch/x86/kvm/vmx/vmenter.S | 9 +++++++++ > arch/x86/kvm/vmx/vmx.c | 10 +++++++--- > 2 files changed, 16 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S > index be275a0410a8..efa716cf4727 100644 > --- a/arch/x86/kvm/vmx/vmenter.S > +++ b/arch/x86/kvm/vmx/vmenter.S > @@ -1,6 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0 */ > #include > #include > +#include > #include > #include > #include > @@ -31,6 +32,8 @@ > #define VCPU_R15 __VCPU_REGS_R15 * WORD_SIZE > #endif > > +#define GUEST_CLEAR_CPU_BUFFERS USER_CLEAR_CPU_BUFFERS > + > .macro VMX_DO_EVENT_IRQOFF call_insn call_target > /* > * Unconditionally create a stack frame, getting the correct RSP on the > @@ -177,10 +180,16 @@ SYM_FUNC_START(__vmx_vcpu_run) > * the 'vmx_vmexit' label below. > */ > .Lvmresume: > + /* Mitigate CPU data sampling attacks .e.g. MDS */ > + GUEST_CLEAR_CPU_BUFFERS I have a very hard time believing that it's worth duplicating the mitigation for VMRESUME vs. VMLAUNCH just to land it after a Jcc. 3b1: 48 8b 00 mov (%rax),%rax 3b4: 74 18 je 3ce <__vmx_vcpu_run+0x9e> 3b6: eb 0e jmp 3c6 <__vmx_vcpu_run+0x96> 3b8: 0f 00 2d 05 00 00 00 verw 0x5(%rip) # 3c4 <__vmx_vcpu_run+0x94> 3bf: 0f 1f 80 00 00 18 00 nopl 0x180000(%rax) 3c6: 0f 01 c3 vmresume 3c9: e9 c9 00 00 00 jmp 497 3ce: eb 0e jmp 3de <__vmx_vcpu_run+0xae> 3d0: 0f 00 2d 05 00 00 00 verw 0x5(%rip) # 3dc <__vmx_vcpu_run+0xac> 3d7: 0f 1f 80 00 00 18 00 nopl 0x180000(%rax) 3de: 0f 01 c2 vmlaunch Also, would it'd be better to put the NOP first? Or even better, out of line? It'd be quite hilarious if the CPU pulled a stupid and speculated on the operand of the NOP, i.e. if the user/guest controlled RAX allowed for pulling in data after the VERW.