x86/entry_32: Clear CPU buffers after register restore in NMI return

commit 48a2440d0f upstream. CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI. Fixes: a0e2dab44d ("x86/entry_32: Add VERW just before userspace transition") Suggested-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240925-fix-dosemu-vm86-v7-2-1de0daca2d42%40linux.intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-07-07 09:55:19 +02:00 · 2024-09-25 15:25:44 -07:00 · 2024-09-25 15:25:44 -07:00 · 227358e897
commit 227358e897
parent 0c6a7e2c60
1 changed files with 2 additions and 1 deletions
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@ -1149,7 +1149,6 @@ SYM_CODE_START(asm_exc_nmi)
 	/* Not on SYSENTER stack. */
 	call	exc_nmi
 	CLEAR_CPU_BUFFERS
 	jmp	.Lnmi_return
 .Lnmi_from_sysenter_stack:
@ -1170,6 +1169,7 @@ SYM_CODE_START(asm_exc_nmi)
 	CHECK_AND_APPLY_ESPFIX
 	RESTORE_ALL_NMI cr3_reg=%edi pop=4
 	CLEAR_CPU_BUFFERS
 	jmp	.Lirq_return
 #ifdef CONFIG_X86_ESPFIX32
@ -1211,6 +1211,7 @@ SYM_CODE_START(asm_exc_nmi)
 	 *  1 - orig_ax
 	 */
 	lss	(1+5+6)*4(%esp), %esp			# back to espfix stack
 	CLEAR_CPU_BUFFERS
 	jmp	.Lirq_return
 #endif
 SYM_CODE_END(asm_exc_nmi)