Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp1519609rda; Mon, 23 Oct 2023 15:31:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGEgwo19WRp04ZWJ0n08w2W0/iVPYiUEz5OhwVcwsXIyb/UbwNFzxyOoo9XyqGqAKwDdy0 X-Received: by 2002:a17:902:fb03:b0:1c1:dbd6:9bf6 with SMTP id le3-20020a170902fb0300b001c1dbd69bf6mr8389926plb.41.1698100290064; Mon, 23 Oct 2023 15:31:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698100290; cv=none; d=google.com; s=arc-20160816; b=EXLh93rMa6SD437Qp82H4SZBD6K3XRgiFvBTA/ieqFNlRGNtiI/P4lutTD7aKcjq7x SR8EvKiTxzRgIcJTACd5OzPrC/L6subXyVpi/X3GF40I7EV6yKqnia5rqkw8mU8itwSR N4fdupKLnkrkyLe6hy2FCNVGty/7HSXoRahXdwQdugkgy8+eRt+RK64SFbWyQ0cx8vsF q1+i99exGj9uTn8e0XOhk20bogLrBKEXgHKmh/RzDSYHbe6ns9/aNDr4r/ESDGnl4yub OyXGJaSIq0ggI0D71r1uDRQVsXWSYtcebNnddu2lAL0WfAZYSJpSJxIAq5SivMCwOy4s Kb3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JrgiYm8XTOINzzDVqLlBCK2IwBicn+vKdUVJo2/t4es=; fh=dncd8ud6L9IovtlDluSfOA7x+HzSYgMNdhRYLwrRJy0=; b=qstz66MlQHNhGDXtsyGamIEVWjFRB9pmcsuZ2qpJfgI62XcfMW0qWfUl94nq9UFRNY nd3JFuFQNCiVLy98kbpcmEqY+rEwMKAOwhY71VmEAHURj00+eFyhq5kMsfwiOhG4gz7Y o6z/xS5OQEPCxi4+jVhvq/qPT4H+exj+SbWuqMc/5Bi5JhN8juPvVwe+/vukKrImJU0T KyobyPRhVWbjxCTBGeCe7cREmJaFJGYB7IcRW5/nHKVumJgTvO9upFLl/vQTwKSiSzy/ QU+bYHzujkNHlzWZOWTMe2OKnK7fkSXq97x6jPtmwyk4kPoMKn/P8NR6bKeecmnQhFTA 9CYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AF+FuwpJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id h5-20020a170902f54500b001ca27dfde3dsi7408718plf.541.2023.10.23.15.31.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Oct 2023 15:31:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AF+FuwpJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id DAFBD80AC36D; Mon, 23 Oct 2023 15:31:27 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231396AbjJWWbO (ORCPT + 99 others); Mon, 23 Oct 2023 18:31:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229562AbjJWWbM (ORCPT ); Mon, 23 Oct 2023 18:31:12 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F67310C; Mon, 23 Oct 2023 15:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1698100269; x=1729636269; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=i7z7IMzbJi6+aG7Pz3NCOD4hUct3S3EcCr3SQu21dYE=; b=AF+FuwpJVSPSXqohe1axlDgYFwqHELDGL78crSqFq72NWP5gQGpmo01R /fYMPX2lQ3wUt4hvFeLL7VQ45GCoLa3W1fwKGRGlGjL/XWLGgJZnBGcqm FP40XrS7ibMHfjpeLtSb7UWCzLhDFgrAvUQ8XufPHJdKskSOy/rGl5hh+ 6pBGx4ZuMhLxj7mL/7tIXGXL00sNczgBAn3Sq/laj3T/SKN1ihJQo/Wp+ j9QHrTysqgwOQSAKNTflryBFdsTW4dTso2qqrfNZ8Aq4WbZxFeYNa6ErA tW3ImGgfInSB7/eRS+JlPDeq4doYN8bQErOigsvtTyabSWPF0ob2mPZQs w==; X-IronPort-AV: E=McAfee;i="6600,9927,10872"; a="367170592" X-IronPort-AV: E=Sophos;i="6.03,246,1694761200"; d="scan'208";a="367170592" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2023 15:31:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10872"; a="734817778" X-IronPort-AV: E=Sophos;i="6.03,246,1694761200"; d="scan'208";a="734817778" Received: from qwilliam-mobl.amr.corp.intel.com (HELO desk) ([10.212.150.186]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2023 15:31:08 -0700 Date: Mon, 23 Oct 2023 15:30:59 -0700 From: Pawan Gupta To: Josh Poimboeuf Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Andy Lutomirski , Jonathan Corbet , Sean Christopherson , Paolo Bonzini , tony.luck@intel.com, ak@linux.intel.com, tim.c.chen@linux.intel.com, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kvm@vger.kernel.org, Alyssa Milburn , Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com, Dave Hansen Subject: Re: [PATCH 2/6] x86/entry_64: Add VERW just before userspace transition Message-ID: <20231023223059.4p7l474o5w3sdjuc@desk> References: <20231020-delay-verw-v1-0-cff54096326d@linux.intel.com> <20231020-delay-verw-v1-2-cff54096326d@linux.intel.com> <20231023183521.zdlrfxvsdxftpxly@treble> <20231023210410.6oj7ekelf5puoud6@desk> <20231023214752.2d75h2m64yw6qzcw@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231023214752.2d75h2m64yw6qzcw@treble> X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 23 Oct 2023 15:31:28 -0700 (PDT) On Mon, Oct 23, 2023 at 02:47:52PM -0700, Josh Poimboeuf wrote: > > > > /* > > > > * RSP now points to an ordinary IRET frame, except that the page > > > > * is read-only and RSP[31:16] are preloaded with the userspace > > > > @@ -1502,6 +1511,9 @@ nmi_restore: > > > > std > > > > movq $0, 5*8(%rsp) /* clear "NMI executing" */ > > > > > > > > + /* Mitigate CPU data sampling attacks .e.g. MDS */ > > > > + USER_CLEAR_CPU_BUFFERS > > > > + > > > > /* > > > > * iretq reads the "iret" frame and exits the NMI stack in a > > > > * single instruction. We are returning to kernel mode, so this > > > > > > This isn't needed here. This is the NMI return-to-kernel path. > > > > Yes, the VERW here can be omitted. But probably need to check if an NMI > > occuring between VERW and ring transition will still execute VERW after > > the NMI. > > That window does exist, though I'm not sure it's worth worrying about. I am in favor of omitting the VERW here, unless someone objects with a rationale. IMO, precisely timing the NMIs in such a narrow window is impractical.