Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip (d396360a) · Commits · 戴 / test

Documentation/x86/mds.rst

+6 −38

Original line number	Diff line number	Diff line
		@@ -142,45 +142,13 @@ Mitigation points
		mds_user_clear.

		The mitigation is invoked in prepare_exit_to_usermode() which covers
		most of the kernel to user space transitions. There are a few exceptions
		which are not invoking prepare_exit_to_usermode() on return to user
		space. These exceptions use the paranoid exit code.
		all but one of the kernel to user space transitions. The exception
		is when we return from a Non Maskable Interrupt (NMI), which is
		handled directly in do_nmi().

		- Non Maskable Interrupt (NMI):

		Access to sensible data like keys, credentials in the NMI context is
		mostly theoretical: The CPU can do prefetching or execute a
		misspeculated code path and thereby fetching data which might end up
		leaking through a buffer.

		But for mounting other attacks the kernel stack address of the task is
		already valuable information. So in full mitigation mode, the NMI is
		mitigated on the return from do_nmi() to provide almost complete
		coverage.

		- Double fault (#DF):

		A double fault is usually fatal, but the ESPFIX workaround, which can
		be triggered from user space through modify_ldt(2) is a recoverable
		double fault. #DF uses the paranoid exit path, so explicit mitigation
		in the double fault handler is required.

		- Machine Check Exception (#MC):

		Another corner case is a #MC which hits between the CPU buffer clear
		invocation and the actual return to user. As this still is in kernel
		space it takes the paranoid exit path which does not clear the CPU
		buffers. So the #MC handler repopulates the buffers to some
		extent. Machine checks are not reliably controllable and the window is
		extremly small so mitigation would just tick a checkbox that this
		theoretical corner case is covered. To keep the amount of special
		cases small, ignore #MC.

		- Debug Exception (#DB):

		This takes the paranoid exit path only when the INT1 breakpoint is in
		kernel space. #DB on a user space address takes the regular exit path,
		so no extra mitigation required.
		(The reason that NMI is special is that prepare_exit_to_usermode() can
		enable IRQs. In NMI context, NMIs are blocked, and we don't want to
		enable IRQs with NMIs blocked.)


		2. C-State transition

arch/x86/Kconfig

+0 −3

Original line number	Diff line number	Diff line
		@@ -270,9 +270,6 @@ config GENERIC_BUG
		config GENERIC_BUG_RELATIVE_POINTERS
		bool

		config GENERIC_HWEIGHT
		def_bool y

		config ARCH_MAY_HAVE_PC_FDC
		def_bool y
		depends on ISA_DMA_API

arch/x86/entry/vdso/vdso2c.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -73,14 +73,12 @@ const char *outfilename;
		enum {
		sym_vvar_start,
		sym_vvar_page,
		sym_hpet_page,
		sym_pvclock_page,
		sym_hvclock_page,
		};

		const int special_pages[] = {
		sym_vvar_page,
		sym_hpet_page,
		sym_pvclock_page,
		sym_hvclock_page,
		};
		@@ -93,7 +91,6 @@ struct vdso_sym {
		struct vdso_sym required_syms[] = {
		[sym_vvar_start] = {"vvar_start", true},
		[sym_vvar_page] = {"vvar_page", true},
		[sym_hpet_page] = {"hpet_page", true},
		[sym_pvclock_page] = {"pvclock_page", true},
		[sym_hvclock_page] = {"hvclock_page", true},
		{"VDSO32_NOTE_MASK", true},

arch/x86/include/asm/arch_hweight.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -12,8 +12,6 @@
		#define REG_OUT "a"
		#endif

		#define __HAVE_ARCH_SW_HWEIGHT

		static __always_inline unsigned int __arch_hweight32(unsigned int w)
		{
		unsigned int res;

arch/x86/include/asm/vdso.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -19,7 +19,6 @@ struct vdso_image {
		long sym_vvar_start; /* Negative offset to the vvar area */

		long sym_vvar_page;
		long sym_hpet_page;
		long sym_pvclock_page;
		long sym_hvclock_page;
		long sym_VDSO32_NOTE_MASK;

Admin message