From 58fb3c3589820cd81b4964757b1196da070e7743 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Sun, 19 Apr 2020 09:59:03 +0200 Subject: x86/mitigations: Clear CPU buffers on the SYSCALL fast path The fast SYSCALL exit path returns with SYSRET to userspace after verifying that there's no pending work. MDS mitigation mandates that CPU buffers must be cleared on transition from kernel to userspace so do that here too. Signed-off-by: Borislav Petkov Signed-off-by: Greg Kroah-Hartman --- arch/x86/entry/entry_64.S | 2 ++ arch/x86/include/asm/spec-ctrl.h | 2 ++ arch/x86/kernel/cpu/bugs.c | 5 +++++ 3 files changed, 9 insertions(+) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index afb805b0148b..6b505d91cac5 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -218,6 +218,8 @@ entry_SYSCALL_64_fastpath: testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS) jnz int_ret_from_sys_call_irqs_off /* Go to the slow path */ + call mds_user_clear_buffers + movq RIP(%rsp), %rcx movq EFLAGS(%rsp), %r11 RESTORE_C_REGS_EXCEPT_RCX_R11 diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h index 5393babc0598..4a7acb4adc6b 100644 --- a/arch/x86/include/asm/spec-ctrl.h +++ b/arch/x86/include/asm/spec-ctrl.h @@ -85,4 +85,6 @@ static inline void speculative_store_bypass_ht_init(void) { } extern void speculation_ctrl_update(unsigned long tif); extern void speculation_ctrl_update_current(void); +extern void mds_user_clear_buffers(void); + #endif diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index e9aa50ba4f97..950e6bb21955 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -263,6 +263,11 @@ static int __init mds_cmdline(char *str) } early_param("mds", mds_cmdline); +void mds_user_clear_buffers(void) +{ + mds_user_clear_cpu_buffers(); +} + #undef pr_fmt #define pr_fmt(fmt) "TAA: " fmt -- cgit v1.2.3