Commit 0dce41ec authored Sep 25, 2024 by Pawan Gupta Committed by Wen Zhiwei Nov 11, 2024

x86/entry_32: Clear CPU buffers after register restore in NMI return

stable inclusion
from stable-v6.6.58
commit 227358e89703c344008119be7e8ffa3fdb5b92de
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB3BSC

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=227358e89703c344008119be7e8ffa3fdb5b92de



--------------------------------

commit 48a2440d0f20c826b884e04377ccc1e4696c84e9 upstream.

CPU buffers are currently cleared after call to exc_nmi, but before
register state is restored. This may be okay for MDS mitigation but not for
RDFS. Because RDFS mitigation requires CPU buffers to be cleared when
registers don't have any sensitive data.

Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.

Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition")
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc:stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240925-fix-dosemu-vm86-v7-2-1de0daca2d42%40linux.intel.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Wen Zhiwei <wenzhiwei@kylinos.cn>

parent ebfef674

arch/x86/entry/entry_32.S

+2 −1

Original line number	Diff line number	Diff line
		@@ -1149,7 +1149,6 @@ SYM_CODE_START(asm_exc_nmi)

		/* Not on SYSENTER stack. */
		call exc_nmi
		CLEAR_CPU_BUFFERS
		jmp .Lnmi_return

		.Lnmi_from_sysenter_stack:
		@@ -1170,6 +1169,7 @@ SYM_CODE_START(asm_exc_nmi)

		CHECK_AND_APPLY_ESPFIX
		RESTORE_ALL_NMI cr3_reg=%edi pop=4
		CLEAR_CPU_BUFFERS
		jmp .Lirq_return

		#ifdef CONFIG_X86_ESPFIX32
		@@ -1211,6 +1211,7 @@ SYM_CODE_START(asm_exc_nmi)
		* 1 - orig_ax
		*/
		lss (1+5+6)*4(%esp), %esp # back to espfix stack
		CLEAR_CPU_BUFFERS
		jmp .Lirq_return
		#endif
		SYM_CODE_END(asm_exc_nmi)