]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Juergen Gross <jgross@suse.com> |
3 | Date: Wed, 16 Aug 2017 19:31:56 +0200 | |
59d5af67 | 4 | Subject: [PATCH] x86/paravirt/xen: Remove xen_patch() |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | Xen's paravirt patch function xen_patch() does some special casing for | |
12 | irq_ops functions to apply relocations when those functions can be | |
13 | patched inline instead of calls. | |
14 | ||
15 | Unfortunately none of the special case function replacements is small | |
16 | enough to be patched inline, so the special case never applies. | |
17 | ||
18 | As xen_patch() will call paravirt_patch_default() in all cases it can | |
19 | be just dropped. xen-asm.h doesn't seem necessary without xen_patch() | |
20 | as the only thing left in it would be the definition of XEN_EFLAGS_NMI | |
21 | used only once. So move that definition and remove xen-asm.h. | |
22 | ||
23 | Signed-off-by: Juergen Gross <jgross@suse.com> | |
24 | Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> | |
25 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
26 | Cc: Peter Zijlstra <peterz@infradead.org> | |
27 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
28 | Cc: boris.ostrovsky@oracle.com | |
29 | Cc: lguest@lists.ozlabs.org | |
30 | Cc: rusty@rustcorp.com.au | |
31 | Cc: xen-devel@lists.xenproject.org | |
32 | Link: http://lkml.kernel.org/r/20170816173157.8633-2-jgross@suse.com | |
33 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
34 | (cherry picked from commit edcb5cf84f05e5d2e2af25422a72ccde359fcca9) | |
35 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
36 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
37 | (cherry picked from commit c96c9c712136a9e24a7aaf0aac4c149eee01bd8e) | |
38 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
39 | --- | |
40 | arch/x86/xen/xen-asm.h | 12 --------- | |
41 | arch/x86/xen/xen-ops.h | 15 +++--------- | |
42 | arch/x86/xen/enlighten_pv.c | 59 +-------------------------------------------- | |
43 | arch/x86/xen/xen-asm.S | 26 +++++--------------- | |
44 | arch/x86/xen/xen-asm_32.S | 27 ++++----------------- | |
45 | arch/x86/xen/xen-asm_64.S | 20 ++++----------- | |
46 | 6 files changed, 21 insertions(+), 138 deletions(-) | |
47 | delete mode 100644 arch/x86/xen/xen-asm.h | |
48 | ||
49 | diff --git a/arch/x86/xen/xen-asm.h b/arch/x86/xen/xen-asm.h | |
50 | deleted file mode 100644 | |
51 | index 465276467a47..000000000000 | |
52 | --- a/arch/x86/xen/xen-asm.h | |
53 | +++ /dev/null | |
54 | @@ -1,12 +0,0 @@ | |
55 | -#ifndef _XEN_XEN_ASM_H | |
56 | -#define _XEN_XEN_ASM_H | |
57 | - | |
58 | -#include <linux/linkage.h> | |
59 | - | |
60 | -#define RELOC(x, v) .globl x##_reloc; x##_reloc=v | |
61 | -#define ENDPATCH(x) .globl x##_end; x##_end=. | |
62 | - | |
63 | -/* Pseudo-flag used for virtual NMI, which we don't implement yet */ | |
64 | -#define XEN_EFLAGS_NMI 0x80000000 | |
65 | - | |
66 | -#endif | |
67 | diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h | |
68 | index 0d5004477db6..70301ac0d414 100644 | |
69 | --- a/arch/x86/xen/xen-ops.h | |
70 | +++ b/arch/x86/xen/xen-ops.h | |
71 | @@ -129,17 +129,10 @@ static inline void __init xen_efi_init(void) | |
72 | } | |
73 | #endif | |
74 | ||
75 | -/* Declare an asm function, along with symbols needed to make it | |
76 | - inlineable */ | |
77 | -#define DECL_ASM(ret, name, ...) \ | |
78 | - __visible ret name(__VA_ARGS__); \ | |
79 | - extern char name##_end[] __visible; \ | |
80 | - extern char name##_reloc[] __visible | |
81 | - | |
82 | -DECL_ASM(void, xen_irq_enable_direct, void); | |
83 | -DECL_ASM(void, xen_irq_disable_direct, void); | |
84 | -DECL_ASM(unsigned long, xen_save_fl_direct, void); | |
85 | -DECL_ASM(void, xen_restore_fl_direct, unsigned long); | |
86 | +__visible void xen_irq_enable_direct(void); | |
87 | +__visible void xen_irq_disable_direct(void); | |
88 | +__visible unsigned long xen_save_fl_direct(void); | |
89 | +__visible void xen_restore_fl_direct(unsigned long); | |
90 | ||
91 | /* These are not functions, and cannot be called normally */ | |
92 | __visible void xen_iret(void); | |
93 | diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c | |
94 | index df1921751aa5..6c279c8f0a0e 100644 | |
95 | --- a/arch/x86/xen/enlighten_pv.c | |
96 | +++ b/arch/x86/xen/enlighten_pv.c | |
97 | @@ -988,59 +988,6 @@ void __ref xen_setup_vcpu_info_placement(void) | |
98 | } | |
99 | } | |
100 | ||
101 | -static unsigned xen_patch(u8 type, u16 clobbers, void *insnbuf, | |
102 | - unsigned long addr, unsigned len) | |
103 | -{ | |
104 | - char *start, *end, *reloc; | |
105 | - unsigned ret; | |
106 | - | |
107 | - start = end = reloc = NULL; | |
108 | - | |
109 | -#define SITE(op, x) \ | |
110 | - case PARAVIRT_PATCH(op.x): \ | |
111 | - if (xen_have_vcpu_info_placement) { \ | |
112 | - start = (char *)xen_##x##_direct; \ | |
113 | - end = xen_##x##_direct_end; \ | |
114 | - reloc = xen_##x##_direct_reloc; \ | |
115 | - } \ | |
116 | - goto patch_site | |
117 | - | |
118 | - switch (type) { | |
119 | - SITE(pv_irq_ops, irq_enable); | |
120 | - SITE(pv_irq_ops, irq_disable); | |
121 | - SITE(pv_irq_ops, save_fl); | |
122 | - SITE(pv_irq_ops, restore_fl); | |
123 | -#undef SITE | |
124 | - | |
125 | - patch_site: | |
126 | - if (start == NULL || (end-start) > len) | |
127 | - goto default_patch; | |
128 | - | |
129 | - ret = paravirt_patch_insns(insnbuf, len, start, end); | |
130 | - | |
131 | - /* Note: because reloc is assigned from something that | |
132 | - appears to be an array, gcc assumes it's non-null, | |
133 | - but doesn't know its relationship with start and | |
134 | - end. */ | |
135 | - if (reloc > start && reloc < end) { | |
136 | - int reloc_off = reloc - start; | |
137 | - long *relocp = (long *)(insnbuf + reloc_off); | |
138 | - long delta = start - (char *)addr; | |
139 | - | |
140 | - *relocp += delta; | |
141 | - } | |
142 | - break; | |
143 | - | |
144 | - default_patch: | |
145 | - default: | |
146 | - ret = paravirt_patch_default(type, clobbers, insnbuf, | |
147 | - addr, len); | |
148 | - break; | |
149 | - } | |
150 | - | |
151 | - return ret; | |
152 | -} | |
153 | - | |
154 | static const struct pv_info xen_info __initconst = { | |
155 | .shared_kernel_pmd = 0, | |
156 | ||
157 | @@ -1050,10 +997,6 @@ static const struct pv_info xen_info __initconst = { | |
158 | .name = "Xen", | |
159 | }; | |
160 | ||
161 | -static const struct pv_init_ops xen_init_ops __initconst = { | |
162 | - .patch = xen_patch, | |
163 | -}; | |
164 | - | |
165 | static const struct pv_cpu_ops xen_cpu_ops __initconst = { | |
166 | .cpuid = xen_cpuid, | |
167 | ||
168 | @@ -1251,7 +1194,7 @@ asmlinkage __visible void __init xen_start_kernel(void) | |
169 | ||
170 | /* Install Xen paravirt ops */ | |
171 | pv_info = xen_info; | |
172 | - pv_init_ops = xen_init_ops; | |
173 | + pv_init_ops.patch = paravirt_patch_default; | |
174 | pv_cpu_ops = xen_cpu_ops; | |
175 | ||
176 | x86_platform.get_nmi_reason = xen_get_nmi_reason; | |
177 | diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S | |
178 | index eff224df813f..dcd31fa39b5d 100644 | |
179 | --- a/arch/x86/xen/xen-asm.S | |
180 | +++ b/arch/x86/xen/xen-asm.S | |
181 | @@ -1,14 +1,8 @@ | |
182 | /* | |
183 | - * Asm versions of Xen pv-ops, suitable for either direct use or | |
184 | - * inlining. The inline versions are the same as the direct-use | |
185 | - * versions, with the pre- and post-amble chopped off. | |
186 | - * | |
187 | - * This code is encoded for size rather than absolute efficiency, with | |
188 | - * a view to being able to inline as much as possible. | |
189 | + * Asm versions of Xen pv-ops, suitable for direct use. | |
190 | * | |
191 | * We only bother with direct forms (ie, vcpu in percpu data) of the | |
192 | - * operations here; the indirect forms are better handled in C, since | |
193 | - * they're generally too large to inline anyway. | |
194 | + * operations here; the indirect forms are better handled in C. | |
195 | */ | |
196 | ||
197 | #include <asm/asm-offsets.h> | |
198 | @@ -16,7 +10,7 @@ | |
199 | #include <asm/processor-flags.h> | |
200 | #include <asm/frame.h> | |
201 | ||
202 | -#include "xen-asm.h" | |
203 | +#include <linux/linkage.h> | |
204 | ||
205 | /* | |
206 | * Enable events. This clears the event mask and tests the pending | |
207 | @@ -38,13 +32,11 @@ ENTRY(xen_irq_enable_direct) | |
208 | testb $0xff, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_pending | |
209 | jz 1f | |
210 | ||
211 | -2: call check_events | |
212 | + call check_events | |
213 | 1: | |
214 | -ENDPATCH(xen_irq_enable_direct) | |
215 | FRAME_END | |
216 | ret | |
217 | ENDPROC(xen_irq_enable_direct) | |
218 | - RELOC(xen_irq_enable_direct, 2b+1) | |
219 | ||
220 | ||
221 | /* | |
222 | @@ -53,10 +45,8 @@ ENDPATCH(xen_irq_enable_direct) | |
223 | */ | |
224 | ENTRY(xen_irq_disable_direct) | |
225 | movb $1, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_mask | |
226 | -ENDPATCH(xen_irq_disable_direct) | |
227 | ret | |
228 | - ENDPROC(xen_irq_disable_direct) | |
229 | - RELOC(xen_irq_disable_direct, 0) | |
230 | +ENDPROC(xen_irq_disable_direct) | |
231 | ||
232 | /* | |
233 | * (xen_)save_fl is used to get the current interrupt enable status. | |
234 | @@ -71,10 +61,8 @@ ENTRY(xen_save_fl_direct) | |
235 | testb $0xff, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_mask | |
236 | setz %ah | |
237 | addb %ah, %ah | |
238 | -ENDPATCH(xen_save_fl_direct) | |
239 | ret | |
240 | ENDPROC(xen_save_fl_direct) | |
241 | - RELOC(xen_save_fl_direct, 0) | |
242 | ||
243 | ||
244 | /* | |
245 | @@ -101,13 +89,11 @@ ENTRY(xen_restore_fl_direct) | |
246 | /* check for unmasked and pending */ | |
247 | cmpw $0x0001, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_pending | |
248 | jnz 1f | |
249 | -2: call check_events | |
250 | + call check_events | |
251 | 1: | |
252 | -ENDPATCH(xen_restore_fl_direct) | |
253 | FRAME_END | |
254 | ret | |
255 | ENDPROC(xen_restore_fl_direct) | |
256 | - RELOC(xen_restore_fl_direct, 2b+1) | |
257 | ||
258 | ||
259 | /* | |
260 | diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S | |
261 | index feb6d40a0860..1200e262a116 100644 | |
262 | --- a/arch/x86/xen/xen-asm_32.S | |
263 | +++ b/arch/x86/xen/xen-asm_32.S | |
264 | @@ -1,14 +1,8 @@ | |
265 | /* | |
266 | - * Asm versions of Xen pv-ops, suitable for either direct use or | |
267 | - * inlining. The inline versions are the same as the direct-use | |
268 | - * versions, with the pre- and post-amble chopped off. | |
269 | - * | |
270 | - * This code is encoded for size rather than absolute efficiency, with | |
271 | - * a view to being able to inline as much as possible. | |
272 | + * Asm versions of Xen pv-ops, suitable for direct use. | |
273 | * | |
274 | * We only bother with direct forms (ie, vcpu in pda) of the | |
275 | - * operations here; the indirect forms are better handled in C, since | |
276 | - * they're generally too large to inline anyway. | |
277 | + * operations here; the indirect forms are better handled in C. | |
278 | */ | |
279 | ||
280 | #include <asm/thread_info.h> | |
281 | @@ -18,21 +12,10 @@ | |
282 | ||
283 | #include <xen/interface/xen.h> | |
284 | ||
285 | -#include "xen-asm.h" | |
286 | +#include <linux/linkage.h> | |
287 | ||
288 | -/* | |
289 | - * Force an event check by making a hypercall, but preserve regs | |
290 | - * before making the call. | |
291 | - */ | |
292 | -check_events: | |
293 | - push %eax | |
294 | - push %ecx | |
295 | - push %edx | |
296 | - call xen_force_evtchn_callback | |
297 | - pop %edx | |
298 | - pop %ecx | |
299 | - pop %eax | |
300 | - ret | |
301 | +/* Pseudo-flag used for virtual NMI, which we don't implement yet */ | |
302 | +#define XEN_EFLAGS_NMI 0x80000000 | |
303 | ||
304 | /* | |
305 | * This is run where a normal iret would be run, with the same stack setup: | |
306 | diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S | |
307 | index c5fee2680abc..3a3b6a211584 100644 | |
308 | --- a/arch/x86/xen/xen-asm_64.S | |
309 | +++ b/arch/x86/xen/xen-asm_64.S | |
310 | @@ -1,14 +1,8 @@ | |
311 | /* | |
312 | - * Asm versions of Xen pv-ops, suitable for either direct use or | |
313 | - * inlining. The inline versions are the same as the direct-use | |
314 | - * versions, with the pre- and post-amble chopped off. | |
315 | - * | |
316 | - * This code is encoded for size rather than absolute efficiency, with | |
317 | - * a view to being able to inline as much as possible. | |
318 | + * Asm versions of Xen pv-ops, suitable for direct use. | |
319 | * | |
320 | * We only bother with direct forms (ie, vcpu in pda) of the | |
321 | - * operations here; the indirect forms are better handled in C, since | |
322 | - * they're generally too large to inline anyway. | |
323 | + * operations here; the indirect forms are better handled in C. | |
324 | */ | |
325 | ||
326 | #include <asm/errno.h> | |
327 | @@ -20,7 +14,7 @@ | |
328 | ||
329 | #include <xen/interface/xen.h> | |
330 | ||
331 | -#include "xen-asm.h" | |
332 | +#include <linux/linkage.h> | |
333 | ||
334 | ENTRY(xen_adjust_exception_frame) | |
335 | mov 8+0(%rsp), %rcx | |
336 | @@ -46,9 +40,7 @@ hypercall_iret = hypercall_page + __HYPERVISOR_iret * 32 | |
337 | */ | |
338 | ENTRY(xen_iret) | |
339 | pushq $0 | |
340 | -1: jmp hypercall_iret | |
341 | -ENDPATCH(xen_iret) | |
342 | -RELOC(xen_iret, 1b+1) | |
343 | + jmp hypercall_iret | |
344 | ||
345 | ENTRY(xen_sysret64) | |
346 | /* | |
347 | @@ -65,9 +57,7 @@ ENTRY(xen_sysret64) | |
348 | pushq %rcx | |
349 | ||
350 | pushq $VGCF_in_syscall | |
351 | -1: jmp hypercall_iret | |
352 | -ENDPATCH(xen_sysret64) | |
353 | -RELOC(xen_sysret64, 1b+1) | |
354 | + jmp hypercall_iret | |
355 | ||
356 | /* | |
357 | * Xen handles syscall callbacks much like ordinary exceptions, which | |
358 | -- | |
359 | 2.14.2 | |
360 |