From: Frederic Weisbecker <frederic@kernel.org>
To: speck@linutronix.de
Subject: [MODERATED] Re: [patch V6 07/14] MDS basics 7
Date: Wed, 6 Mar 2019 16:49:23 +0100 [thread overview]
Message-ID: <20190306154922.GA18392@lenoir> (raw)
In-Reply-To: <alpine.DEB.2.21.1903051627020.1646@nanos.tec.linutronix.de>
On Tue, Mar 05, 2019 at 04:30:38PM +0100, speck for Thomas Gleixner wrote:
> On Sat, 2 Mar 2019, speck for Frederic Weisbecker wrote:
>
> > On Fri, Mar 01, 2019 at 10:47:45PM +0100, speck for Thomas Gleixner wrote:
> > > +
> > > + - Debug Exception (#DB):
> > > +
> > > + This takes the paranoid exit path only when the INT1 breakpoint is in
> > > + kernel space. #DB on a user space address takes the regular exit path,
> > > + so no extra mitigation required.
> >
> > I can't find that part in this patch, maybe it's further in the series?
>
> There is no patch. #DB is not interesting as explained above.
Oh right, my brainfart...
>
> > > --- a/arch/x86/kernel/nmi.c
> > > +++ b/arch/x86/kernel/nmi.c
> > > @@ -34,6 +34,7 @@
> > > #include <asm/x86_init.h>
> > > #include <asm/reboot.h>
> > > #include <asm/cache.h>
> > > +#include <asm/nospec-branch.h>
> > >
> > > #define CREATE_TRACE_POINTS
> > > #include <trace/events/nmi.h>
> > > @@ -533,6 +534,9 @@ do_nmi(struct pt_regs *regs, long error_
> > > write_cr2(this_cpu_read(nmi_cr2));
> > > if (this_cpu_dec_return(nmi_state))
> > > goto nmi_restart;
> > > +
> > > + if (user_mode(regs))
> > > + mds_user_clear_cpu_buffers();
> >
> > What if the NMI fires after a call to prepare_exit_to_usermode()
> > but before the actual return to usermode, would that be a problem?
>
> Yes, it's a hole in the protection, but you would need to be able to
> orchestrate that as user which I doubt you can. So the thought was that we
> rather avoid the penalty for perf when it hits kernel space, which requires
> root ....
Fair enough.
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
next prev parent reply other threads:[~2019-03-06 15:49 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-01 21:47 [patch V6 00/14] MDS basics 0 Thomas Gleixner
2019-03-01 21:47 ` [patch V6 01/14] MDS basics 1 Thomas Gleixner
2019-03-02 0:06 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 02/14] MDS basics 2 Thomas Gleixner
2019-03-02 0:34 ` [MODERATED] " Frederic Weisbecker
2019-03-02 8:34 ` Greg KH
2019-03-05 17:54 ` Borislav Petkov
2019-03-01 21:47 ` [patch V6 03/14] MDS basics 3 Thomas Gleixner
2019-03-02 1:12 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 04/14] MDS basics 4 Thomas Gleixner
2019-03-02 1:28 ` [MODERATED] " Frederic Weisbecker
2019-03-05 14:52 ` Thomas Gleixner
2019-03-06 20:00 ` [MODERATED] " Andrew Cooper
2019-03-06 20:32 ` Thomas Gleixner
2019-03-07 23:56 ` [MODERATED] " Andi Kleen
2019-03-08 0:36 ` Linus Torvalds
2019-03-01 21:47 ` [patch V6 05/14] MDS basics 5 Thomas Gleixner
2019-03-02 1:37 ` [MODERATED] " Frederic Weisbecker
2019-03-07 23:59 ` Andi Kleen
2019-03-08 6:37 ` Thomas Gleixner
2019-03-01 21:47 ` [patch V6 06/14] MDS basics 6 Thomas Gleixner
2019-03-04 6:28 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 14:55 ` Thomas Gleixner
2019-03-01 21:47 ` [patch V6 07/14] MDS basics 7 Thomas Gleixner
2019-03-02 2:22 ` [MODERATED] " Frederic Weisbecker
2019-03-05 15:30 ` Thomas Gleixner
2019-03-06 15:49 ` Frederic Weisbecker [this message]
2019-03-06 5:21 ` [MODERATED] " Borislav Petkov
2019-03-01 21:47 ` [patch V6 08/14] MDS basics 8 Thomas Gleixner
2019-03-03 2:54 ` [MODERATED] " Frederic Weisbecker
2019-03-04 6:57 ` [MODERATED] Encrypted Message Jon Masters
2019-03-04 7:06 ` Jon Masters
2019-03-04 8:12 ` Jon Masters
2019-03-05 15:34 ` Thomas Gleixner
2019-03-06 16:21 ` [MODERATED] " Jon Masters
2019-03-06 14:11 ` [MODERATED] Re: [patch V6 08/14] MDS basics 8 Borislav Petkov
2019-03-01 21:47 ` [patch V6 09/14] MDS basics 9 Thomas Gleixner
2019-03-06 16:14 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 10/14] MDS basics 10 Thomas Gleixner
2019-03-04 6:45 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 18:42 ` [MODERATED] Re: [patch V6 10/14] MDS basics 10 Andrea Arcangeli
2019-03-06 19:15 ` Thomas Gleixner
2019-03-06 14:31 ` [MODERATED] " Borislav Petkov
2019-03-06 15:30 ` Thomas Gleixner
2019-03-06 18:35 ` Thomas Gleixner
2019-03-06 19:34 ` [MODERATED] Re: " Borislav Petkov
2019-03-01 21:47 ` [patch V6 11/14] MDS basics 11 Thomas Gleixner
2019-03-01 21:47 ` [patch V6 12/14] MDS basics 12 Thomas Gleixner
2019-03-04 5:47 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 16:04 ` Thomas Gleixner
2019-03-05 16:40 ` [MODERATED] Re: [patch V6 12/14] MDS basics 12 mark gross
2019-03-06 14:42 ` Borislav Petkov
2019-03-01 21:47 ` [patch V6 13/14] MDS basics 13 Thomas Gleixner
2019-03-03 4:01 ` [MODERATED] " Josh Poimboeuf
2019-03-05 16:04 ` Thomas Gleixner
2019-03-05 16:43 ` [MODERATED] " mark gross
2019-03-01 21:47 ` [patch V6 14/14] MDS basics 14 Thomas Gleixner
2019-03-01 23:48 ` [patch V6 00/14] MDS basics 0 Thomas Gleixner
2019-03-04 5:30 ` [MODERATED] Encrypted Message Jon Masters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190306154922.GA18392@lenoir \
--to=frederic@kernel.org \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).