[PATCH] x86/speculation/mds: Flush store buffer after wake up from sleep

[PATCH] x86/speculation/mds: Flush store buffer after wake up from sleep

[Zhenzhong Duan]

Intel document says: "When a thread wakes from a sleep state, the store
buffer is repartitioned again. This causes the store buffer to transfer
store buffer entries from the thread that was already active to the one
which just woke up."

To avoid data leak from sibling thread to the woken thread, flush store
buffer right after wake up.

Move mds_idle_clear_cpu_buffers() after trace_hardirqs_on() to ensure
all store buffer entries are flushed before sleep.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
---
 arch/x86/include/asm/irqflags.h | 2 ++
 arch/x86/include/asm/mwait.h    | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
index 8a0e56e..641c4d8 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -58,12 +58,14 @@ static inline __cpuidle void native_safe_halt(void)
 {
 	mds_idle_clear_cpu_buffers();
 	asm volatile("sti; hlt": : :"memory");
+	mds_idle_clear_cpu_buffers();
 }
 
 static inline __cpuidle void native_halt(void)
 {
 	mds_idle_clear_cpu_buffers();
 	asm volatile("hlt": : :"memory");
+	mds_idle_clear_cpu_buffers();
 }
 
 #endif
diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h
index eb0f80c..1d145d9 100644
--- a/arch/x86/include/asm/mwait.h
+++ b/arch/x86/include/asm/mwait.h
@@ -46,6 +46,7 @@ static inline void __mwait(unsigned long eax, unsigned long ecx)
 	/* "mwait %eax, %ecx;" */
 	asm volatile(".byte 0x0f, 0x01, 0xc9;"
 		     :: "a" (eax), "c" (ecx));
+	mds_idle_clear_cpu_buffers();
 }
 
 /*
@@ -86,12 +87,13 @@ static inline void __mwaitx(unsigned long eax, unsigned long ebx,
 
 static inline void __sti_mwait(unsigned long eax, unsigned long ecx)
 {
-	mds_idle_clear_cpu_buffers();
-
 	trace_hardirqs_on();
+
+	mds_idle_clear_cpu_buffers();
 	/* "mwait %eax, %ecx;" */
 	asm volatile("sti; .byte 0x0f, 0x01, 0xc9;"
 		     :: "a" (eax), "c" (ecx));
+	mds_idle_clear_cpu_buffers();
 }
 
 /*
-- 
1.8.3.1

Re: [PATCH] x86/speculation/mds: Flush store buffer after wake up from sleep

[Thomas Gleixner]

On Wed, 19 Jun 2019, Zhenzhong Duan wrote:

> Intel document says: "When a thread wakes from a sleep state, the store
> buffer is repartitioned again. This causes the store buffer to transfer
> store buffer entries from the thread that was already active to the one
> which just woke up."
> 
> To avoid data leak from sibling thread to the woken thread, flush store
> buffer right after wake up.

That's a pointless exercise. The buffers are flushed again when returning
to user space. Inside the kernel the potential leak is completely
uninteresting unless you consider the kernel as a malicious entity.
 
> Move mds_idle_clear_cpu_buffers() after trace_hardirqs_on() to ensure
> all store buffer entries are flushed before sleep.

I'm fine with that change, albeit trace_hardirqs_on() is hardly leaking
somethimg interesting.

Thanks,

	tglx