Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp732273rdh; Thu, 26 Oct 2023 14:16:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEfUox4hbDRBxnKdimpW9GQhc0+FrWg2jKHa4Oi7I5vOvaZwaO6jWp/c5bjKkOWk90oGQ17 X-Received: by 2002:a9d:6a88:0:b0:6bd:d1fc:2f2f with SMTP id l8-20020a9d6a88000000b006bdd1fc2f2fmr828966otq.21.1698354971719; Thu, 26 Oct 2023 14:16:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698354971; cv=none; d=google.com; s=arc-20160816; b=0AObMFZykAWYa1EOsfccLtocT5F3gHmWQJuCnQhFTGFpy+wBEpbvIiFnAZjEtQdQ99 8SAzP6QBs20geTLPdkadvEsUfnTQWKT6cIJNJIZCWiyFYQpquFr17tJieH/KJlvfDDGM pLdY5LDaHvxXbYbVe0slRTs9RgKGYDn/pS4NcJXV2oBk2dlgq+HmjkiNiy0No/5ZvTkf xL9U0DWQ/E9ET6B0B/p2eQNcECr5HItzwxy/JTO1Ls/oYq6T/ywFqelL0J/ODR7ZifkU ctIdq6UyUZnyGZYuHp4LRJ9YChbmsd1/UXcBYBD5HpJ88cZzaPpVMo9TkkNCspGLmc0p h21g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+xVjDqLS9IzTNGu4Y8O7i1q+KbbLicCl3otEOz1BYxA=; fh=Af9ZdUGt9LRtAE058DQG0StbKo8OAn34TJ6El0L09II=; b=Favdc8vtZuLz6pMBT1RNLszfT9Fz8OF3bV8FEltUBBrXNCgpqMBqwadPy+qsSqQs4a vZJN+zjrN2L16ZP1S7iuoLelVLwCcVUx8cFbNCj2w9AvUZMZJ1BkUix1icbJuVvGlONC u3Bi+9pV1QJgUQtFttRKCvK+tFU8xHUGTLMsAUiy/13Th23ZhDBu9us+gZ4pfxp8k4MK HXPk0kYMBZenVKpC3B9nFhiq85RWmMd8njsdnPFiBCjXm+nilCeM2BnXryehwSBDlKWy +XLv3ZK5Sic3igkP+ccCbew1GwkyITZ+FaifLxlftVnCWMRCbaLu/Z0J1pHwUnub+v1U opIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FVmY8569; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id o20-20020a81de54000000b005a7c58be512si273125ywl.522.2023.10.26.14.16.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Oct 2023 14:16:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=FVmY8569; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 4856A8087252; Thu, 26 Oct 2023 14:15:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344738AbjJZVPS (ORCPT + 99 others); Thu, 26 Oct 2023 17:15:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231701AbjJZVPO (ORCPT ); Thu, 26 Oct 2023 17:15:14 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4156410E; Thu, 26 Oct 2023 14:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1698354912; x=1729890912; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=9ITEn21ERPZbocLmTIC8sZ/1PpEOBtBDdPjs69y5nx8=; b=FVmY8569TykfkKhC6q0SFDXTTIKmpmaX8HIQJRKmijPwcQpIdeYH8dFX EGXfR+3TwFM1vcXf6yIvGzc2O05ox9D9WDa8OaUidTzF0snRDwZua0fX1 pnhGPSRbPTB85isy5zXGshXU46XwL6MFjeVYi+yeRwhrOgRpITCz0cmNj 7ppnV7z5xQSzP0Y/7S5Z6Jqc5g5Im3V0LolT8axufb91qpRIwXWUkgfZc 1tHAb8bf/eCnLI0IXU/mjPIDAmzMl4z2fROGOnw9GllVtaJDsmgQTjPWt Y9rMuIkvDdE/juYH4MzjI1C8BVqqs7lr4MDDfAiqGjv+kaUmdABvtPxAb Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10875"; a="391527760" X-IronPort-AV: E=Sophos;i="6.03,254,1694761200"; d="scan'208";a="391527760" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2023 14:15:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10875"; a="762986083" X-IronPort-AV: E=Sophos;i="6.03,254,1694761200"; d="scan'208";a="762986083" Received: from paseron-mobl4.amr.corp.intel.com (HELO desk) ([10.209.17.113]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2023 14:15:09 -0700 Date: Thu, 26 Oct 2023 14:15:08 -0700 From: Pawan Gupta To: Dave Hansen Cc: Nikolay Borisov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Andy Lutomirski , Jonathan Corbet , Sean Christopherson , Paolo Bonzini , tony.luck@intel.com, ak@linux.intel.com, tim.c.chen@linux.intel.com, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kvm@vger.kernel.org, Alyssa Milburn , Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com Subject: Re: [PATCH v3 2/6] x86/entry_64: Add VERW just before userspace transition Message-ID: <20231026211508.tmd7hfniesiu53ps@desk> References: <20231025-delay-verw-v3-0-52663677ee35@linux.intel.com> <20231025-delay-verw-v3-2-52663677ee35@linux.intel.com> <2cda7e85-aa75-4257-864d-0092b3339e0e@suse.com> <20231026192950.ylzc66f3f5naqvjv@desk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 26 Oct 2023 14:15:33 -0700 (PDT) On Thu, Oct 26, 2023 at 12:40:49PM -0700, Dave Hansen wrote: > On 10/26/23 12:29, Pawan Gupta wrote: > > On Thu, Oct 26, 2023 at 07:25:27PM +0300, Nikolay Borisov wrote: > >> On 25.10.23 г. 23:52 ч., Pawan Gupta wrote: > >>> @@ -1520,6 +1530,7 @@ SYM_CODE_START(ignore_sysret) > >>> UNWIND_HINT_END_OF_STACK > >>> ENDBR > >>> mov $-ENOSYS, %eax > >>> + CLEAR_CPU_BUFFERS > >> nit: Just out of curiosity is it really needed in this case or it's doesn > >> for the sake of uniformity so that all ring3 transitions are indeed > >> covered?? > > Interrupts returning to kernel don't clear the CPU buffers. I believe > > interrupts will be enabled here, and getting an interrupt here could > > leak the data that interrupt touched. > > Specifically NMIs, right? Yes, and VERW can omitted for the same reason as NMI returning to kernel. > X86_EFLAGS_IF should be clear here. I see that SYSCALL has a configuration for IF, but I didn't see it for SYSENTER in the code. But looking at the SDM, it clear IF by default. syscall_init() { ... #else wrmsrl_cstar((unsigned long)ignore_sysret); wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)GDT_ENTRY_INVALID_SEG); wrmsrl_safe(MSR_IA32_SYSENTER_ESP, 0ULL); wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL); #endif /* * Flags to clear on syscall; clear as much as possible * to minimize user space-kernel interference. */ wrmsrl(MSR_SYSCALL_MASK, X86_EFLAGS_CF|X86_EFLAGS_PF|X86_EFLAGS_AF| X86_EFLAGS_ZF|X86_EFLAGS_SF|X86_EFLAGS_TF| X86_EFLAGS_IF|X86_EFLAGS_DF|X86_EFLAGS_OF| X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_RF| X86_EFLAGS_AC|X86_EFLAGS_ID);