]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Boris Ostrovsky <boris.ostrovsky@oracle.com> |
3 | Date: Mon, 4 Dec 2017 15:07:07 +0100 | |
59d5af67 FG |
4 | Subject: [PATCH] x86/entry/64/paravirt: Use paravirt-safe macro to access |
5 | eflags | |
321d628a FG |
6 | MIME-Version: 1.0 |
7 | Content-Type: text/plain; charset=UTF-8 | |
8 | Content-Transfer-Encoding: 8bit | |
9 | ||
10 | CVE-2017-5754 | |
11 | ||
12 | Commit 1d3e53e8624a ("x86/entry/64: Refactor IRQ stacks and make them | |
13 | NMI-safe") added DEBUG_ENTRY_ASSERT_IRQS_OFF macro that acceses eflags | |
14 | using 'pushfq' instruction when testing for IF bit. On PV Xen guests | |
15 | looking at IF flag directly will always see it set, resulting in 'ud2'. | |
16 | ||
17 | Introduce SAVE_FLAGS() macro that will use appropriate save_fl pv op when | |
18 | running paravirt. | |
19 | ||
20 | Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
21 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
22 | Reviewed-by: Juergen Gross <jgross@suse.com> | |
23 | Cc: Andy Lutomirski <luto@kernel.org> | |
24 | Cc: Borislav Petkov <bp@alien8.de> | |
25 | Cc: Borislav Petkov <bpetkov@suse.de> | |
26 | Cc: Brian Gerst <brgerst@gmail.com> | |
27 | Cc: Dave Hansen <dave.hansen@intel.com> | |
28 | Cc: Dave Hansen <dave.hansen@linux.intel.com> | |
29 | Cc: David Laight <David.Laight@aculab.com> | |
30 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
31 | Cc: Eduardo Valentin <eduval@amazon.com> | |
32 | Cc: Greg KH <gregkh@linuxfoundation.org> | |
33 | Cc: H. Peter Anvin <hpa@zytor.com> | |
34 | Cc: Josh Poimboeuf <jpoimboe@redhat.com> | |
35 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
36 | Cc: Peter Zijlstra <peterz@infradead.org> | |
37 | Cc: Rik van Riel <riel@redhat.com> | |
38 | Cc: Will Deacon <will.deacon@arm.com> | |
39 | Cc: aliguori@amazon.com | |
40 | Cc: daniel.gruss@iaik.tugraz.at | |
41 | Cc: hughd@google.com | |
42 | Cc: keescook@google.com | |
43 | Cc: xen-devel@lists.xenproject.org | |
44 | Link: https://lkml.kernel.org/r/20171204150604.899457242@linutronix.de | |
45 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
46 | (cherry picked from commit e17f8234538d1ff708673f287a42457c4dee720d) | |
47 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
48 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
49 | (cherry picked from commit 9f4a274842938ce8d55565ced4f45e7ad4a5da90) | |
50 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
51 | --- | |
52 | arch/x86/include/asm/irqflags.h | 3 +++ | |
53 | arch/x86/include/asm/paravirt.h | 9 +++++++++ | |
54 | arch/x86/kernel/asm-offsets_64.c | 3 +++ | |
55 | arch/x86/entry/entry_64.S | 7 ++++--- | |
56 | 4 files changed, 19 insertions(+), 3 deletions(-) | |
57 | ||
58 | diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h | |
59 | index ac7692dcfa2e..d937781e1047 100644 | |
60 | --- a/arch/x86/include/asm/irqflags.h | |
61 | +++ b/arch/x86/include/asm/irqflags.h | |
62 | @@ -141,6 +141,9 @@ static inline notrace unsigned long arch_local_irq_save(void) | |
63 | swapgs; \ | |
64 | sysretl | |
65 | ||
66 | +#ifdef CONFIG_DEBUG_ENTRY | |
67 | +#define SAVE_FLAGS(x) pushfq; popq %rax | |
68 | +#endif | |
69 | #else | |
70 | #define INTERRUPT_RETURN iret | |
71 | #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit | |
72 | diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h | |
73 | index 43d4f90edebc..52dcd2361a78 100644 | |
74 | --- a/arch/x86/include/asm/paravirt.h | |
75 | +++ b/arch/x86/include/asm/paravirt.h | |
76 | @@ -926,6 +926,15 @@ extern void default_banner(void); | |
77 | PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \ | |
78 | CLBR_NONE, \ | |
79 | jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64)) | |
80 | + | |
81 | +#ifdef CONFIG_DEBUG_ENTRY | |
82 | +#define SAVE_FLAGS(clobbers) \ | |
83 | + PARA_SITE(PARA_PATCH(pv_irq_ops, PV_IRQ_save_fl), clobbers, \ | |
84 | + PV_SAVE_REGS(clobbers | CLBR_CALLEE_SAVE); \ | |
85 | + call PARA_INDIRECT(pv_irq_ops+PV_IRQ_save_fl); \ | |
86 | + PV_RESTORE_REGS(clobbers | CLBR_CALLEE_SAVE);) | |
87 | +#endif | |
88 | + | |
89 | #endif /* CONFIG_X86_32 */ | |
90 | ||
91 | #endif /* __ASSEMBLY__ */ | |
92 | diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c | |
93 | index cf42206926af..c21a5315b38e 100644 | |
94 | --- a/arch/x86/kernel/asm-offsets_64.c | |
95 | +++ b/arch/x86/kernel/asm-offsets_64.c | |
96 | @@ -22,6 +22,9 @@ int main(void) | |
97 | #ifdef CONFIG_PARAVIRT | |
98 | OFFSET(PV_CPU_usergs_sysret64, pv_cpu_ops, usergs_sysret64); | |
99 | OFFSET(PV_CPU_swapgs, pv_cpu_ops, swapgs); | |
100 | +#ifdef CONFIG_DEBUG_ENTRY | |
101 | + OFFSET(PV_IRQ_save_fl, pv_irq_ops, save_fl); | |
102 | +#endif | |
103 | BLANK(); | |
104 | #endif | |
105 | ||
106 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | |
107 | index 2491b3b25b9a..6c73e96daf78 100644 | |
108 | --- a/arch/x86/entry/entry_64.S | |
109 | +++ b/arch/x86/entry/entry_64.S | |
110 | @@ -461,12 +461,13 @@ END(irq_entries_start) | |
111 | ||
112 | .macro DEBUG_ENTRY_ASSERT_IRQS_OFF | |
113 | #ifdef CONFIG_DEBUG_ENTRY | |
114 | - pushfq | |
115 | - testl $X86_EFLAGS_IF, (%rsp) | |
116 | + pushq %rax | |
117 | + SAVE_FLAGS(CLBR_RAX) | |
118 | + testl $X86_EFLAGS_IF, %eax | |
119 | jz .Lokay_\@ | |
120 | ud2 | |
121 | .Lokay_\@: | |
122 | - addq $8, %rsp | |
123 | + popq %rax | |
124 | #endif | |
125 | .endm | |
126 | ||
127 | -- | |
128 | 2.14.2 | |
129 |