v2: - This includes the backport of recently upstreamed mitigation of a CPU vulnerability Register File Data Sampling (RFDS) (CVE-2023-28746). This is because RFDS has a dependency on "Delay VERW" series, and it is convenient to merge them together. - rebased to v5.10.212
v1: https://lore.kernel.org/r/20240305-delay-verw-backport-5-10-y-v1-0-50bf452e9...
This is the backport of recently upstreamed series that moves VERW execution to a later point in exit-to-user path. This is needed because in some cases it may be possible for data accessed after VERW executions may end into MDS affected CPU buffers. Moving VERW closer to ring transition reduces the attack surface.
- The series includes a dependency commit f87bc8dc7a7c ("x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix").
- Patch 2 includes a change that adds runtime patching for jmp (instead of verw in original series) due to lack of rip-relative relocation support in kernels <v6.5.
- Fixed warning: arch/x86/entry/entry.o: warning: objtool: mds_verw_sel+0x0: unreachable instruction.
- Resolved merge conflicts in: syscall_return_via_sysret in entry_64.S swapgs_restore_regs_and_return_to_usermode in entry_64.S. __vmx_vcpu_run in vmenter.S. vmx_update_fb_clear_dis in vmx.c.
- Boot tested with KASLR and KPTI enabled.
- Verified VERW being executed with mitigation ON.
To: stable@vger.kernel.org
Signed-off-by: Pawan Gupta pawan.kumar.gupta@linux.intel.com --- H. Peter Anvin (Intel) (1): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
Pawan Gupta (9): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
Sean Christopherson (1): KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 21 ++++ Documentation/x86/mds.rst | 38 +++++--- arch/x86/Kconfig | 11 +++ arch/x86/entry/entry.S | 23 +++++ arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 10 ++ arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/irqflags.h | 1 + arch/x86/include/asm/msr-index.h | 8 ++ arch/x86/include/asm/nospec-branch.h | 27 +++--- arch/x86/kernel/cpu/bugs.c | 107 ++++++++++++++++++--- arch/x86/kernel/cpu/common.c | 38 +++++++- arch/x86/kernel/nmi.c | 3 - arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 ++- arch/x86/kvm/x86.c | 5 +- drivers/base/cpu.c | 8 ++ include/linux/cpu.h | 2 + 25 files changed, 394 insertions(+), 54 deletions(-) --- base-commit: 7cfcd0ed929b28ff6942c2bee15816d08d6f7266 change-id: 20240304-delay-verw-backport-5-10-y-00aad69432f4
Best regards,