xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Sat, 27 Jan 2024 18:20:56 +0000 (18:20 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 12 Mar 2024 15:50:04 +0000 (15:50 +0000)
commit	0a666cf2cd99df6faf3eebc81a1fc286e4eca4c7
tree	795c7515c664bfcd5646d3bd578c2787b1849035	tree
parent	475fa20b7384464210f42bad7195f87bd6f1c63f	commit \| diff

x86/spec-ctrl: Perform VERW flushing later in exit paths

On parts vulnerable to RFDS, VERW's side effects are extended to scrub all
non-architectural entries in various Physical Register Files. To remove all
of Xen's values, the VERW must be after popping the GPRs.

Rework SPEC_CTRL_COND_VERW to default to an CPUINFO_error_code %rsp position,
but with overrides for other contexts. Identify that it clobbers eflags; this
is particularly relevant for the SYSRET path.

For the IST exit return to Xen, have the main SPEC_CTRL_EXIT_TO_XEN put a
shadow copy of spec_ctrl_flags, as GPRs can't be used at the point we want to
issue the VERW.

This is part of XSA-452 / CVE-2023-28746.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/include/asm/spec_ctrl_asm.h		diff \| blob \| blame \| history
xen/arch/x86/x86_64/asm-offsets.c		diff \| blob \| blame \| history
xen/arch/x86/x86_64/compat/entry.S		diff \| blob \| blame \| history
xen/arch/x86/x86_64/entry.S		diff \| blob \| blame \| history