From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 21 Jan 2019 19:56:04 -0000 Received: from mga06.intel.com ([134.134.136.31]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gkerJ-0003N6-Th for speck@linutronix.de; Sat, 19 Jan 2019 01:51:38 +0100 From: Andi Kleen Subject: [MODERATED] [PATCH v5 05/27] MDSv5 21 Date: Fri, 18 Jan 2019 16:50:20 -0800 Message-Id: In-Reply-To: References: In-Reply-To: References: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de Cc: Andi Kleen List-ID: NMIs don't go through the normal exit code when exiting to user space. Normally we consider NMIs not sensitive anyways, but they need special handling with mds=full. So add an explicit check to do_nmi to clear the CPU with mds=full Suggested-by: Josh Poimboeuf Signed-off-by: Andi Kleen --- arch/x86/kernel/nmi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index 18bc9b51ac9b..eb6e39238d1d 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c @@ -494,7 +494,7 @@ do_nmi(struct pt_regs *regs, long error_code) { if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { this_cpu_write(nmi_state, NMI_LATCHED); - return; + goto out; } this_cpu_write(nmi_state, NMI_EXECUTING); this_cpu_write(nmi_cr2, read_cr2()); @@ -533,6 +533,10 @@ do_nmi(struct pt_regs *regs, long error_code) write_cr2(this_cpu_read(nmi_cr2)); if (this_cpu_dec_return(nmi_state)) goto nmi_restart; + +out: + if (static_key_enabled(&force_cpu_clear)) + clear_cpu(); } NOKPROBE_SYMBOL(do_nmi); -- 2.17.2