From: Borislav Petkov <b...@suse.de>
The FSGSBASE macro to swap current GSBASE with the kernel GSBASE
probably had a speculation-stopping MSR write at some point but not
anymore.
Therefore, a fence is needed to stop speculation. Add it.
Fixes: c82965f9e530 ("x86/entry/64: Handle FSGSBASE enabled paranoid
entry/exit")
Signed-off-by: Borislav Petkov <b...@suse.de>
Cc: <sta...@vger.kernel.org>
---
arch/x86/entry/entry_64.S | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 26fc9b42fadc..3931d47cdd83 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -839,11 +839,9 @@ SYM_CODE_START_LOCAL(paranoid_entry)
* Read the current GSBASE and store it in %rbx unconditionally,
* retrieve and set the current CPUs kernel GSBASE. The stored value
* has to be restored in paranoid_exit unconditionally.
- *
- * The MSR write ensures that no subsequent load is based on a
- * mispredicted GSBASE. No extra FENCE required.
*/
SAVE_AND_SET_GSBASE scratch_reg=%rax save_reg=%rbx
+ FENCE_SWAPGS_KERNEL_ENTRY
ret
.Lparanoid_entry_checkgs:
--
2.21.0
