Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp206940lqo; Thu, 9 May 2024 18:22:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW1huBAoyxm6lqfZP/wbtZfbi4IFymFN3/cTDV6I+eQYPll3bA6bb9QHze0cmW4rFjUBN7jzyPgUKumSM2q9r+l+tR9P5rrPMnJMvvyZg== X-Google-Smtp-Source: AGHT+IFTZh+0N9etsF8lpssuJeZULlcv9rLLUSxcFVgieC6Z6Ww0XWbgKesufQ1YrMEYv2x6JfLG X-Received: by 2002:a17:906:ae8b:b0:a59:cb09:41d6 with SMTP id a640c23a62f3a-a5a2d65f294mr58148166b.49.1715304175611; Thu, 09 May 2024 18:22:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715304175; cv=pass; d=google.com; s=arc-20160816; b=JsLDPuO0ZHEyyERrOMQwqsXBVRnf8wXWZEaogBGEmHiJnsMwNAUmOWQQAzdsU1pGeB L3a1utJLuBfpixkVFuBJu647rhDPu0Ewm/3fOIWLz3y7PVH34LF2NT63P6bRqEi/jwU1 fENHn8STbnChCtjMblpIeO+OC6eOTsQFpa9q35NSj7cpSW0LYD4CGKWFm585dV8j3OQU u+M8WrS3tBJXl1SOwT4d17SO5wLPeCCyJU5op/HYv9KtpONdJ0/xh3DMGb+46B8QJwA/ Q8Y3Dpm1ci4H6lJ4mY77av5corliSBRTRV8Gcq3xcFkD9PbXj62vdYd7YkVujlE1rQsZ SQzg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=i5uGSvoEdXjWvi0v9yJfNSB/0CrdFZGWJzhI973mvxk=; fh=sKJsJGZfV4joKI38L3BMfGJ/LOIH08f+ZqVpU0c02Bk=; b=EdeRRS79eZssa3bzP0mBfYtDNBPqh5EuiqEHG9Ypd4VfUeFSCXe/BfJsMXwrf5gKJe FYVop/lzVb0ZVUxWFGvFOY+47eB+ir4iJPriVYhl4INYaw+LZNBnchmBSj3kQelTphY8 7yy3pZrb5o3pBDxQ2oaymyvQ+NzqGrLhVmZQjJM3DUbGa2H53vbbSOTlBTeJql6q8JMi 8pVI8eiDJN9Vdi97ICaKIu3DVTDMO9dsjlOhp8OUiPMaCOzOk6LzSo1qmu0APLNkNFMi UNGVdyYRmvfaZhTW6cPfzqytA1Qq5h4MOan7clB7ipzCieCyVSoa4jSmErfbesTYPTfp Ehmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ndR4Y8oH; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-175190-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175190-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a17ba57a0si127652066b.654.2024.05.09.18.22.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 May 2024 18:22:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-175190-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ndR4Y8oH; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-175190-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175190-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 522971F2236F for ; Fri, 10 May 2024 01:22:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8339E13B78A; Fri, 10 May 2024 01:22:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ndR4Y8oH" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE37C13AA3E for ; Fri, 10 May 2024 01:22:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715304168; cv=none; b=R8G+v+hgxeRHskLe/dwU0A4D0bUahe80IDtlJjyO07g/zigLcPunGeu4IBpx6NjTWk9ISjRTOpCzihOWnQa9l5gvpXtiFetcLqMmKbaM3my9gkALoSzIMzq+LJTSKn3Tz2LJmZopdFFeD3K8HTBAaYaS++A7PcagcGnQRiOSwZ4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715304168; c=relaxed/simple; bh=aq2lp97F1ayHVMqqbVlMnI8OwtOdPjAYe4uEiTNQBmE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=tMq0sdxY0Wayqh0lPya9HkPv2kZ2+ZXfHOQZ2TOTqoKInIsNI1S0JBBS9iGHA3G1P24KtdJJa9N0vGs263ifOCAxMR3hrs7YCjy5Uzw8Ro0CMERYSlU/utR1Ml9WInvQumnF6kfCwdTIXFFnkZqqbzhbITazhqZYCh3WCMg7DtA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ndR4Y8oH; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715304167; x=1746840167; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=aq2lp97F1ayHVMqqbVlMnI8OwtOdPjAYe4uEiTNQBmE=; b=ndR4Y8oH+yN5Topt18Z8/CAJsq10RCpzsCUVvU0QTiupj2DbbPgBmh2G OK1d9IeCl+pHB1w+btbVCukPpOgzztrpM1EHNxVGXCELShAE5j8gZlogM qbLS6ho/4JfV50L2VtGFzIZ/6eRTdtbTIYYQPf26g9ksjAMHn7GffvjJ/ iCbFgD+oP4ufjF1Fbn+UVdKjr7qkcIn/ego2H2QV2mordKTrckMHL2Qfm //VS7wrWTzjsqFhWbXTOiYPWkntur9kNumdfQRJsJ+bH2LglsZujwx84X PXsA7CBpvSeZB9gxqP40jyQM6IB+bZwbLckgq662RyVA7sbwQHuPIl0ZV w==; X-CSE-ConnectionGUID: z0A43o6TQZuJdELRhM16ng== X-CSE-MsgGUID: vmCZHimnR6GZMBXzSPU79g== X-IronPort-AV: E=McAfee;i="6600,9927,11068"; a="11393876" X-IronPort-AV: E=Sophos;i="6.08,149,1712646000"; d="scan'208";a="11393876" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2024 18:22:46 -0700 X-CSE-ConnectionGUID: guWGgvPjS1Ov0/pklTG8Kg== X-CSE-MsgGUID: T2cYd80IR/CK81quUEUrXA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,149,1712646000"; d="scan'208";a="29538872" Received: from vuongchr-mobl.amr.corp.intel.com (HELO desk) ([10.209.114.189]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2024 18:22:47 -0700 Date: Thu, 9 May 2024 18:22:38 -0700 From: Pawan Gupta To: Dave Hansen Cc: Borislav Petkov , Dave Hansen , linux-kernel@vger.kernel.org, x86@kernel.org, Robert Gill , "Linux regression tracking (Thorsten Leemhuis)" , antonio.gomez.iglesias@linux.intel.com, daniel.sneddon@linux.intel.com Subject: Re: [PATCH] x86/entry_32: Move CLEAR_CPU_BUFFERS before CR3 switch Message-ID: <20240510012149.5mdrr4x6suspaasd@desk> References: <20240426-fix-dosemu-vm86-v1-1-88c826a3f378@linux.intel.com> <5b9a2cef-7b4f-41c3-9f64-4fea4d007cdf@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5b9a2cef-7b4f-41c3-9f64-4fea4d007cdf@intel.com> On Thu, May 09, 2024 at 05:20:31PM -0700, Dave Hansen wrote: > On 4/26/24 16:48, Pawan Gupta wrote: > > Move the VERW before the CR3 switch for 32-bit kernels as a workaround. > > I look at the 32-bit code so rarely, I seem to forget have to re-learn > this gunk every time I look at it. Take a look at RESTORE_INT_REGS. On > 32-bit, we actually restore %ds: > > popl %ds > > So even doing this: > > > + CLEAR_CPU_BUFFERS > > /* Restore user state */ > > RESTORE_REGS pop=4 # skip orig_eax/error_code > > - CLEAR_CPU_BUFFERS > > .Lirq_return: > > fixes the issue. Moving it above the CR3 switch also works of course, > but I don't think this has anything to do with CR3. It's just that > userspace sets a funky %ds value and CLEAR_CPU_BUFFERS uses ds:. I will test it out, but I think you are right. VERW documentation says: #GP(0) If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. > I don't think any of the segment registers can have secrets in them, can > they? I mean, it's possible, but in practice I can't imagine. I don't think so they are secrets. AFAICT, their values are build-time constants, and can be easily deduced. > So why not just do the CLEAR_CPU_BUFFERS in RESTORE_REGS but after > RESTORE_INT_REGS? You might be able to do it universally, or you could > pass in a macro argument to do it conditionally. Sounds good. I will try that, possibly tomorrow. > P.S. Can we remove 32-bit support yet? Please? :) +1 ... or atleast the mitigations for 32-bit :)