On 20/02/2019 15:07, speck for Thomas Gleixner wrote: > --- a/arch/x86/include/asm/nospec-branch.h > +++ b/arch/x86/include/asm/nospec-branch.h > @@ -318,6 +318,26 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_ > DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); > DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); > > +#include > + > +/** > + * mds_clear_cpu_buffers - Mitigation for MDS vulnerability > + * > + * This uses the otherwise unused and obsolete VERW instruction in > + * combination with microcode which triggers a CPU buffer flush when the > + * instruction is executed. > + */ > +static inline void mds_clear_cpu_buffers(void) > +{ > + static const u16 ds = __KERNEL_DS; In Xen, I've added a note justifying the choice of selector, in the expectation that people probably won't remember exactly why in 6 months time. For least latency (allegedly to avoid a static prediction stall in microcode), it should be a writeable data segment which is hot in the cache, and being adjacent to __KERNEL_CS is a pretty good bet. > + > + /* > + * Has to be memory form, don't modify to use a register. VERW > + * modifies ZF. I don't understand why everyone is so concerned about VERW modifying ZF.  Its not as if this fact is relevant anywhere that the mitigation is liable to be used. > + */ > + asm volatile("verw %[ds]" : : "i" (0), [ds] "m" (ds) : "cc"); The "i" (0) isn't referenced in the assembly, and can be dropped. On a tangent, have GCC or Clang made any indication that they're going to stop assuming that all asm() statements clobber flags, and start making the "cc" clobber necessary on x86 targets? ~Andrew