27 Feb
2024
27 Feb
'24
8:40 a.m.
On Tue, Feb 27, 2024 at 09:19:13AM +0100, Jiri Slaby wrote:
On 27. 02. 24, 9:00, Pawan Gupta wrote:
commit baf8361e54550a48a7087b603313ad013cc13386 upstream.
...
--- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -194,6 +194,17 @@ #endif .endm +/*
- Macro to execute VERW instruction that mitigate transient data sampling
- attacks such as MDS. On affected systems a microcode update overloaded VERW
- instruction to also clear the CPU buffers. VERW clobbers CFLAGS.ZF.
- Note: Only the memory operand variant of VERW clears the CPU buffers.
- */
+.macro CLEAR_CPU_BUFFERS
- ALTERNATIVE "", __stringify(verw mds_verw_sel), X86_FEATURE_CLEAR_CPU_BUF
The same here. Except 6.1 (I didn't check stable-6.1) does not have: commit 270a69c4485d7d07516d058bcc0473c90ee22185 Author: Peter Zijlstra peterz@infradead.org Date: Wed Feb 8 18:10:52 2023 +0100
x86/alternative: Support relocations in alternativesyet. You likely need to backport that too.
I will backport this patch too if rip-relative turns out to be a must. At this point, I am not sure if VERW buffer clearing behavior will be impacted by fixed addressing.