• Thomas Gleixner's avatar
    x86/speculation/mds: Add mds_clear_cpu_buffers() · 5048b39b
    Thomas Gleixner authored
    commit 6a9e5292 upstream
    
    The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
    clearing the affected CPU buffers. The mechanism for clearing the buffers
    uses the unused and obsolete VERW instruction in combination with a
    microcode update which triggers a CPU buffer clear when VERW is executed.
    
    Provide a inline function with the assembly magic. The argument of the VERW
    instruction must be a memory operand as documented:
    
      "MD_CLEAR enumerates that the memory-operand variant of VERW (for
       example, VERW m16) has been extended to also overwrite buffers affected
       by MDS. This buffer overwriting functionality is not guaranteed for the
       register operand variant of VERW."
    
    Documentation also recommends to use a writable data segment selector:
    
      "The buffer overwriting occurs regardless of the result of the VERW
       permission check, as well as when the selector is null or causes a
       descriptor load segment violation. However, for lowest latency we
       recommend using a selector that indicates a valid writable data
       segment."
    
    Add x86 specific documentation about MDS and the internal workings of the
    mitigation.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Reviewed-by: default avatarFrederic Weisbecker <frederic@kernel.org>
    Reviewed-by: default avatarJon Masters <jcm@redhat.com>
    Tested-by: default avatarJon Masters <jcm@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    5048b39b
index.rst 3.05 KB