tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

x86/entry: Use the correct fence macro after swapgs in kernel CR3

The commit

c75890700455 ("x86/entry/64: Remove unneeded kernel CR3 switching")

removed a CR3 write in the faulting path of load_gs_index().

But the path's FENCE_SWAPGS_USER_ENTRY has no fence operation if PTI is
enabled, see spectre_v1_select_mitigation().

Rather, it depended on the serializing CR3 write of SWITCH_TO_KERNEL_CR3
and since it got removed, add a FENCE_SWAPGS_KERNEL_ENTRY call to make
sure speculation is blocked.

[ bp: Massage commit message and comment. ]

Fixes: c75890700455 ("x86/entry/64: Remove unneeded kernel CR3 switching")
Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20211126101209.8613-3-jiangshanlai@gmail.com

authored by

Lai Jiangshan and committed by
Borislav Petkov 1367afaa c07e4555

+8 -7
unified split
+8 -7
arch/x86/entry/entry_64.S
··· 987 987 pushq %r12 988 988 ret 989 989 990 - .Lerror_entry_done_lfence: 991 - FENCE_SWAPGS_KERNEL_ENTRY 992 - .Lerror_entry_done: 993 - ret 994 - 995 990 /* 996 991 * There are two places in the kernel that can potentially fault with 997 992 * usergs. Handle them here. B stepping K8s sometimes report a ··· 1009 1014 * .Lgs_change's error handler with kernel gsbase. 1010 1015 */ 1011 1016 SWAPGS 1012 - FENCE_SWAPGS_USER_ENTRY 1013 - jmp .Lerror_entry_done 1017 + 1018 + /* 1019 + * Issue an LFENCE to prevent GS speculation, regardless of whether it is a 1020 + * kernel or user gsbase. 1021 + */ 1022 + .Lerror_entry_done_lfence: 1023 + FENCE_SWAPGS_KERNEL_ENTRY 1024 + ret 1014 1025 1015 1026 .Lbstep_iret: 1016 1027 /* Fix truncated RIP */