Print this page 
11787 Kernel needs to be built with retpolines
11788 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>


  25  * is true about the state of the system:
  26  *
  27  *  o All register state is precious, we must not change register state upon
  28  *    entry or return from these functions.
  29  *
  30  *  o %ds is valid.
  31  *
  32  *  o %gs is arbitrary, it may be kernel or user. You cannot rely on it.
  33  *
  34  *  o Interrupts should be disabled by the caller.
  35  *
  36  *  o %cr3 is on the kernel-side and therefore we still have access to kernel
  37  *    text. In other words, we haven't switched back to the user page table.
  38  *
  39  *  o It is up to the caller to insure that a sufficient serializing instruction
  40  *    has been executed after this to make sure any pending speculations are
  41  *    captured. In general, this should be handled by the fact that callers of
  42  *    this are either going to change privilege levels or halt, which makes
  43  *    these operations safer.
  44  */
  45         ENTRY_NP(x86_md_clear_noop)
  46         ret
  47         SET_SIZE(x86_md_clear_noop)
  48 
  49         /*
  50          * This uses the microcode based means of flushing state. VERW will
  51          * clobber flags.




  52          */
  53         ENTRY_NP(x86_md_clear_verw)

  54         pushfq
  55         subq    $8, %rsp
  56         mov     %ds, (%rsp)
  57         verw    (%rsp)
  58         addq    $8, %rsp
  59         popfq
  60         ret
  61         SET_SIZE(x86_md_clear_verw)



  25  * is true about the state of the system:
  26  *
  27  *  o All register state is precious, we must not change register state upon
  28  *    entry or return from these functions.
  29  *
  30  *  o %ds is valid.
  31  *
  32  *  o %gs is arbitrary, it may be kernel or user. You cannot rely on it.
  33  *
  34  *  o Interrupts should be disabled by the caller.
  35  *
  36  *  o %cr3 is on the kernel-side and therefore we still have access to kernel
  37  *    text. In other words, we haven't switched back to the user page table.
  38  *
  39  *  o It is up to the caller to insure that a sufficient serializing instruction
  40  *    has been executed after this to make sure any pending speculations are
  41  *    captured. In general, this should be handled by the fact that callers of
  42  *    this are either going to change privilege levels or halt, which makes
  43  *    these operations safer.
  44  */



  45 
  46         /*
  47          * By default, x86_md_clear is disabled until the system determines that
  48          * it both needs MDS related mitigations and we have microcode that
  49          * provides the needed functionality.
  50          *
  51          * The VERW instruction clobbers flags which is why it's important that
  52          * we save and restore them here.
  53          */
  54         ENTRY_NP(x86_md_clear)
  55         ret
  56         pushfq
  57         subq    $8, %rsp
  58         mov     %ds, (%rsp)
  59         verw    (%rsp)
  60         addq    $8, %rsp
  61         popfq
  62         ret
  63         SET_SIZE(x86_md_clear)