Received: by 2002:a05:7412:3b8b:b0:fc:a2b0:25d7 with SMTP id nd11csp1075621rdb; Fri, 9 Feb 2024 09:29:35 -0800 (PST) X-Google-Smtp-Source: AGHT+IELpjAxGdghjQkMgW5WmrarA0w18Jex91XJyxem5d19O2Q6f9MtfctT5/m5Vigbb7lbcxMp X-Received: by 2002:a05:622a:11cd:b0:42a:a4c3:4264 with SMTP id n13-20020a05622a11cd00b0042aa4c34264mr2650611qtk.47.1707499775660; Fri, 09 Feb 2024 09:29:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707499775; cv=pass; d=google.com; s=arc-20160816; b=f6MiYytBmal2D8svpy1rJdXoBK1T8oeiy8/Sc2QuPzDaQfmTJj6wBvRf0xFjcaZ1Cz R6FwgQ5LBXZD2eedTqAyd5fGLS9RqNBxU01Hsr1Gr+mWQmELOEHot43QsySW97S8XuOk CKxIthucI/+4S0Zx7ulOmcFTgmuto4uzhvSyQWJprDq/B7ZQFFAU2uAIj1rAOv15vxJa DRme/OmPSLpAlebVv3LHpx293n4BGT/CMHMrc4p8lg/+CyetX1fwOAmOBMV3b07xTl80 +guea6pl8gb4kKJeNGjFD1k3OUqdqM+1mmlt4w4BoUbfnPgZz5OE6jbISvyE8Na/HgSw HOpA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Nhpf7nFX+VKx5DMtuC+3xgYTTGAyZzaetOFhzVHC8Nc=; fh=sAQljim35eIua0shmwkZKg6SOysg6qrMbdH0T2xN/Gg=; b=kG82H0hq+ee8jEOYqRtWu9IK3ejH10O6MuAjjGOEjm9zm/PjhqE+o2smeBh76wcGWI piqP+7uXh35l7easaRu9n5bbobYdEm6hiU2V0dvmy0k86iHfO8z1+wzquusGKKS0Ju9z ZYer6435a2hzH9/1wfMKJXJmCr6Bke6FxoO6jJ+hjd+FMprJQh3GkZBvnMo3zfQDoeer Hed7mXnXob/i3jS4tx2BV0TcmTnvadzWRKxA6/sYfC8IIirpGCJAPwUgvCknbsAVXk3j qlIGZbFSxhSj2M00xuZpj2pMPXDh2jSE3fBRHQRw8VYw9Csds6Pg1gHb6zZCvzvME4/w SKKQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=UwPkD79u; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-59732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59732-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de X-Forwarded-Encrypted: i=2; AJvYcCXTx95ZLRfUacE1kt7X6MBvYxz2eLwHaIYp42tc4rsN1oTXIRjn4S/I9pd85FfxNUTYjHcGSq9OKdHN76ciV4Z7dQ0AwmP2idwzsb8dyg== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f22-20020a05622a1a1600b0042c5ef2d1b0si1148207qtb.771.2024.02.09.09.29.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Feb 2024 09:29:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-59732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=UwPkD79u; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-59732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-59732-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 30A951C21289 for ; Fri, 9 Feb 2024 17:29:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AC6B47E785; Fri, 9 Feb 2024 17:29:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="UwPkD79u" Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFC5053398; Fri, 9 Feb 2024 17:29:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707499763; cv=none; b=Dc32LrXK2MXeBuWdATpPl1Ja9xXXC+cPw3GJCwqqI8IiTGnYPdLJ6eQn3IGXPcu6gi5R6g0vcIUuwLRZeLxruLB32WY3UXCcTWMML1fYnZ93g+hoQWM/y+C49ZZlEUJ0CMxY3UaRBpjm5VexI6npfVuVC7xq+oFIXNCjpOKI6dg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707499763; c=relaxed/simple; bh=EkSrADbaed32E6a2US7Oxs/9b3BCmWx75oCYAcCz+8Q=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=RhXZgCwZvNyUi8PgcJx8G3x6mJHSSKM4ANVAhTVdUQKc5j+E/4xYyQcwS4iY9TqLCFkWfmnYk8Mf/o6PKxIPzXsYUH1NGWBCV186RPid3UbeeBOK4pCEtSH/gak2mKy8ONGEZQrd4l7+XL2+MOdyfWkTT3AOrEBVV+6Cpw97TtI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=UwPkD79u; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id A4DA040E0192; Fri, 9 Feb 2024 17:29:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=pass (4096-bit key) header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qdR596g8WX8w; Fri, 9 Feb 2024 17:29:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1707499754; bh=Nhpf7nFX+VKx5DMtuC+3xgYTTGAyZzaetOFhzVHC8Nc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UwPkD79uaru0szKr6LQup8rGQC0VLRA/G/HDHxKu11YMBHKC2jaiLhqUpwQoSIO9p DRsQSpe/jxN3Enz/X09DGOQiQBjewfZ1xnKHausobJ+gR0sBoupHZJKm4f5OmoKDgB W38NtSDJZ3BRM607eMJLifVaz6VdVPqtEi1QENlY5FyG2kdYO4T6b81pX4wRb0tTjw TxyiGnC56cVzvu4k9ma31gI+bDKoVKqjpx06jLwV+OvFyzwq/5ddaN5tey4b+HXytM Ip9vi0qekSL4KiF5gPN1b9kbmN47QBqZ83fXMXhfMvphOY4l6KGNHPrstgcOsnrx+s Dc4J1Na4gAe16xnha/Jq8JabC4UE37ci5R/pbA0RMIpN/DMLBnn9apLa5J6sZA69TY 8CDs8yR5SOELuhpnId/yRtbt9PlWYRrdxfQJZFGYNMimcztCfp//t2a16QRss+WbaQ B9KexYWD+UeBtqy5Rd7ehvcddc+KOWn05uogF9HLdRzMbEYblWWuWCW254eaogFM6F 0fTuWLQHK4YVyi8FlmBKWV6vvxuvinjWk95cmCADnGDrpztkVUKXBCJBdQX/eX7J/V fiNSSnwcucFzD/dcwUs1/673SbH+A3dk0TiqvWRGCAEBSONNvp4qgaP089LKnPDVH1 sHNzieMnPfmaQc4voF98lHf4= Received: from zn.tnic (pd953021b.dip0.t-ipconnect.de [217.83.2.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id DE2CA40E00B2; Fri, 9 Feb 2024 17:28:48 +0000 (UTC) Date: Fri, 9 Feb 2024 18:28:43 +0100 From: Borislav Petkov To: Pawan Gupta Cc: Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Andy Lutomirski , Jonathan Corbet , Sean Christopherson , Paolo Bonzini , tony.luck@intel.com, ak@linux.intel.com, tim.c.chen@linux.intel.com, Andrew Cooper , Nikolay Borisov , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kvm@vger.kernel.org, Alyssa Milburn , Daniel Sneddon , antonio.gomez.iglesias@linux.intel.com, Alyssa Milburn , stable@kernel.org Subject: Re: [PATCH v7 1/6] x86/bugs: Add asm helpers for executing VERW Message-ID: <20240209172843.GUZcZgy7EktXgKZQoc@fat_crate.local> References: <20240204-delay-verw-v7-0-59be2d704cb2@linux.intel.com> <20240204-delay-verw-v7-1-59be2d704cb2@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20240204-delay-verw-v7-1-59be2d704cb2@linux.intel.com> On Sun, Feb 04, 2024 at 11:18:59PM -0800, Pawan Gupta wrote: > .popsection > + > +/* > + * Defines the VERW operand that is disguised as entry code so that "Define..." > + * it can be referenced with KPTI enabled. This ensures VERW can be "Ensure..." But committer can fix those. > + * used late in exit-to-user path after page tables are switched. > + */ > +.pushsection .entry.text, "ax" > + > +.align L1_CACHE_BYTES, 0xcc > +SYM_CODE_START_NOALIGN(mds_verw_sel) > + UNWIND_HINT_UNDEFINED > + ANNOTATE_NOENDBR > + .word __KERNEL_DS > +.align L1_CACHE_BYTES, 0xcc > +SYM_CODE_END(mds_verw_sel); > +/* For KVM */ > +EXPORT_SYMBOL_GPL(mds_verw_sel); > + > +.popsection > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index fdf723b6f6d0..2b62cdd8dd12 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -95,7 +95,7 @@ > #define X86_FEATURE_SYSENTER32 ( 3*32+15) /* "" sysenter in IA32 userspace */ > #define X86_FEATURE_REP_GOOD ( 3*32+16) /* REP microcode works well */ > #define X86_FEATURE_AMD_LBR_V2 ( 3*32+17) /* AMD Last Branch Record Extension Version 2 */ > -/* FREE, was #define X86_FEATURE_LFENCE_RDTSC ( 3*32+18) "" LFENCE synchronizes RDTSC */ > +#define X86_FEATURE_CLEAR_CPU_BUF ( 3*32+18) /* "" Clear CPU buffers using VERW */ > #define X86_FEATURE_ACC_POWER ( 3*32+19) /* AMD Accumulated Power Mechanism */ > #define X86_FEATURE_NOPL ( 3*32+20) /* The NOPL (0F 1F) instructions */ > #define X86_FEATURE_ALWAYS ( 3*32+21) /* "" Always-present feature */ > diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h > index 262e65539f83..ec85dfe67123 100644 > --- a/arch/x86/include/asm/nospec-branch.h > +++ b/arch/x86/include/asm/nospec-branch.h > @@ -315,6 +315,21 @@ > #endif > .endm > > +/* > + * Macros to execute VERW instruction that mitigate transient data sampling > + * attacks such as MDS. On affected systems a microcode update overloaded VERW > + * instruction to also clear the CPU buffers. VERW clobbers CFLAGS.ZF. > + * > + * Note: Only the memory operand variant of VERW clears the CPU buffers. > + */ > +.macro EXEC_VERW I think I asked this already: Why isn't this called simply "VERW"? There's no better name as this is basically the insn itself... > + verw _ASM_RIP(mds_verw_sel) > +.endm -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette