]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Dave Hansen <dave.hansen@linux.intel.com> |
3 | Date: Mon, 4 Dec 2017 17:25:07 -0800 | |
59d5af67 | 4 | Subject: [PATCH] x86/entry: Rename SYSENTER_stack to |
321d628a FG |
5 | CPU_ENTRY_AREA_entry_stack |
6 | MIME-Version: 1.0 | |
7 | Content-Type: text/plain; charset=UTF-8 | |
8 | Content-Transfer-Encoding: 8bit | |
9 | ||
10 | CVE-2017-5754 | |
11 | ||
12 | If the kernel oopses while on the trampoline stack, it will print | |
13 | "<SYSENTER>" even if SYSENTER is not involved. That is rather confusing. | |
14 | ||
15 | The "SYSENTER" stack is used for a lot more than SYSENTER now. Give it a | |
16 | better string to display in stack dumps, and rename the kernel code to | |
17 | match. | |
18 | ||
19 | Also move the 32-bit code over to the new naming even though it still uses | |
20 | the entry stack only for SYSENTER. | |
21 | ||
22 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
23 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
24 | Cc: Andy Lutomirski <luto@kernel.org> | |
25 | Cc: Borislav Petkov <bp@alien8.de> | |
26 | Cc: Borislav Petkov <bp@suse.de> | |
27 | Cc: Brian Gerst <brgerst@gmail.com> | |
28 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
29 | Cc: H. Peter Anvin <hpa@zytor.com> | |
30 | Cc: Josh Poimboeuf <jpoimboe@redhat.com> | |
31 | Cc: Juergen Gross <jgross@suse.com> | |
32 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
33 | Cc: Peter Zijlstra <peterz@infradead.org> | |
34 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
35 | (cherry picked from commit 4fe2d8b11a370af286287a2661de9d4e6c9a145a) | |
36 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
37 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
38 | (cherry picked from commit e0437c473463f208c2b4952f0826e43ce1335a53) | |
39 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
40 | --- | |
41 | arch/x86/include/asm/fixmap.h | 8 ++++---- | |
42 | arch/x86/include/asm/processor.h | 6 +++--- | |
43 | arch/x86/include/asm/stacktrace.h | 4 ++-- | |
44 | arch/x86/kernel/asm-offsets.c | 4 ++-- | |
45 | arch/x86/kernel/asm-offsets_32.c | 2 +- | |
46 | arch/x86/kernel/cpu/common.c | 14 +++++++------- | |
47 | arch/x86/kernel/dumpstack.c | 10 +++++----- | |
48 | arch/x86/kernel/dumpstack_32.c | 6 +++--- | |
49 | arch/x86/kernel/dumpstack_64.c | 12 +++++++++--- | |
50 | arch/x86/entry/entry_32.S | 12 ++++++------ | |
51 | arch/x86/entry/entry_64.S | 4 ++-- | |
52 | 11 files changed, 44 insertions(+), 38 deletions(-) | |
53 | ||
54 | diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h | |
55 | index 5dc269ff4085..a7fb137ad964 100644 | |
56 | --- a/arch/x86/include/asm/fixmap.h | |
57 | +++ b/arch/x86/include/asm/fixmap.h | |
58 | @@ -56,10 +56,10 @@ struct cpu_entry_area { | |
59 | char gdt[PAGE_SIZE]; | |
60 | ||
61 | /* | |
62 | - * The GDT is just below SYSENTER_stack and thus serves (on x86_64) as | |
63 | + * The GDT is just below entry_stack and thus serves (on x86_64) as | |
64 | * a a read-only guard page. | |
65 | */ | |
66 | - struct SYSENTER_stack_page SYSENTER_stack_page; | |
67 | + struct entry_stack_page entry_stack_page; | |
68 | ||
69 | /* | |
70 | * On x86_64, the TSS is mapped RO. On x86_32, it's mapped RW because | |
71 | @@ -230,9 +230,9 @@ static inline struct cpu_entry_area *get_cpu_entry_area(int cpu) | |
72 | return (struct cpu_entry_area *)__fix_to_virt(__get_cpu_entry_area_page_index(cpu, 0)); | |
73 | } | |
74 | ||
75 | -static inline struct SYSENTER_stack *cpu_SYSENTER_stack(int cpu) | |
76 | +static inline struct entry_stack *cpu_entry_stack(int cpu) | |
77 | { | |
78 | - return &get_cpu_entry_area(cpu)->SYSENTER_stack_page.stack; | |
79 | + return &get_cpu_entry_area(cpu)->entry_stack_page.stack; | |
80 | } | |
81 | ||
82 | #endif /* !__ASSEMBLY__ */ | |
83 | diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h | |
84 | index 59a317f8e0ec..935d68609922 100644 | |
85 | --- a/arch/x86/include/asm/processor.h | |
86 | +++ b/arch/x86/include/asm/processor.h | |
87 | @@ -330,12 +330,12 @@ struct x86_hw_tss { | |
88 | #define IO_BITMAP_OFFSET (offsetof(struct tss_struct, io_bitmap) - offsetof(struct tss_struct, x86_tss)) | |
89 | #define INVALID_IO_BITMAP_OFFSET 0x8000 | |
90 | ||
91 | -struct SYSENTER_stack { | |
92 | +struct entry_stack { | |
93 | unsigned long words[64]; | |
94 | }; | |
95 | ||
96 | -struct SYSENTER_stack_page { | |
97 | - struct SYSENTER_stack stack; | |
98 | +struct entry_stack_page { | |
99 | + struct entry_stack stack; | |
100 | } __aligned(PAGE_SIZE); | |
101 | ||
102 | struct tss_struct { | |
103 | diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h | |
104 | index 95f999576131..3b3cc5ba579a 100644 | |
105 | --- a/arch/x86/include/asm/stacktrace.h | |
106 | +++ b/arch/x86/include/asm/stacktrace.h | |
107 | @@ -15,7 +15,7 @@ enum stack_type { | |
108 | STACK_TYPE_TASK, | |
109 | STACK_TYPE_IRQ, | |
110 | STACK_TYPE_SOFTIRQ, | |
111 | - STACK_TYPE_SYSENTER, | |
112 | + STACK_TYPE_ENTRY, | |
113 | STACK_TYPE_EXCEPTION, | |
114 | STACK_TYPE_EXCEPTION_LAST = STACK_TYPE_EXCEPTION + N_EXCEPTION_STACKS-1, | |
115 | }; | |
116 | @@ -28,7 +28,7 @@ struct stack_info { | |
117 | bool in_task_stack(unsigned long *stack, struct task_struct *task, | |
118 | struct stack_info *info); | |
119 | ||
120 | -bool in_sysenter_stack(unsigned long *stack, struct stack_info *info); | |
121 | +bool in_entry_stack(unsigned long *stack, struct stack_info *info); | |
122 | ||
123 | int get_stack_info(unsigned long *stack, struct task_struct *task, | |
124 | struct stack_info *info, unsigned long *visit_mask); | |
125 | diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c | |
126 | index 40c3fab107ac..25b4832e9c28 100644 | |
127 | --- a/arch/x86/kernel/asm-offsets.c | |
128 | +++ b/arch/x86/kernel/asm-offsets.c | |
129 | @@ -96,6 +96,6 @@ void common(void) { | |
130 | /* Layout info for cpu_entry_area */ | |
131 | OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss); | |
132 | OFFSET(CPU_ENTRY_AREA_entry_trampoline, cpu_entry_area, entry_trampoline); | |
133 | - OFFSET(CPU_ENTRY_AREA_SYSENTER_stack, cpu_entry_area, SYSENTER_stack_page); | |
134 | - DEFINE(SIZEOF_SYSENTER_stack, sizeof(struct SYSENTER_stack)); | |
135 | + OFFSET(CPU_ENTRY_AREA_entry_stack, cpu_entry_area, entry_stack_page); | |
136 | + DEFINE(SIZEOF_entry_stack, sizeof(struct entry_stack)); | |
137 | } | |
138 | diff --git a/arch/x86/kernel/asm-offsets_32.c b/arch/x86/kernel/asm-offsets_32.c | |
139 | index c4f23da7a0f0..4dba34cb777d 100644 | |
140 | --- a/arch/x86/kernel/asm-offsets_32.c | |
141 | +++ b/arch/x86/kernel/asm-offsets_32.c | |
142 | @@ -50,7 +50,7 @@ void foo(void) | |
143 | ||
144 | /* Offset from the sysenter stack to tss.sp0 */ | |
145 | DEFINE(TSS_sysenter_sp0, offsetof(struct cpu_entry_area, tss.x86_tss.sp0) - | |
146 | - offsetofend(struct cpu_entry_area, SYSENTER_stack_page.stack)); | |
147 | + offsetofend(struct cpu_entry_area, entry_stack_page.stack)); | |
148 | ||
149 | #ifdef CONFIG_CC_STACKPROTECTOR | |
150 | BLANK(); | |
151 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
152 | index fcdba90e0890..7a8a5d436566 100644 | |
153 | --- a/arch/x86/kernel/cpu/common.c | |
154 | +++ b/arch/x86/kernel/cpu/common.c | |
155 | @@ -487,8 +487,8 @@ static DEFINE_PER_CPU_PAGE_ALIGNED(char, exception_stacks | |
156 | [(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]); | |
157 | #endif | |
158 | ||
159 | -static DEFINE_PER_CPU_PAGE_ALIGNED(struct SYSENTER_stack_page, | |
160 | - SYSENTER_stack_storage); | |
161 | +static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, | |
162 | + entry_stack_storage); | |
163 | ||
164 | static void __init | |
165 | set_percpu_fixmap_pages(int idx, void *ptr, int pages, pgprot_t prot) | |
166 | @@ -523,8 +523,8 @@ static void __init setup_cpu_entry_area(int cpu) | |
167 | #endif | |
168 | ||
169 | __set_fixmap(get_cpu_entry_area_index(cpu, gdt), get_cpu_gdt_paddr(cpu), gdt_prot); | |
170 | - set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, SYSENTER_stack_page), | |
171 | - per_cpu_ptr(&SYSENTER_stack_storage, cpu), 1, | |
172 | + set_percpu_fixmap_pages(get_cpu_entry_area_index(cpu, entry_stack_page), | |
173 | + per_cpu_ptr(&entry_stack_storage, cpu), 1, | |
174 | PAGE_KERNEL); | |
175 | ||
176 | /* | |
177 | @@ -1315,7 +1315,7 @@ void enable_sep_cpu(void) | |
178 | ||
179 | tss->x86_tss.ss1 = __KERNEL_CS; | |
180 | wrmsr(MSR_IA32_SYSENTER_CS, tss->x86_tss.ss1, 0); | |
181 | - wrmsr(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_SYSENTER_stack(cpu) + 1), 0); | |
182 | + wrmsr(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_entry_stack(cpu) + 1), 0); | |
183 | wrmsr(MSR_IA32_SYSENTER_EIP, (unsigned long)entry_SYSENTER_32, 0); | |
184 | ||
185 | put_cpu(); | |
186 | @@ -1441,7 +1441,7 @@ void syscall_init(void) | |
187 | * AMD doesn't allow SYSENTER in long mode (either 32- or 64-bit). | |
188 | */ | |
189 | wrmsrl_safe(MSR_IA32_SYSENTER_CS, (u64)__KERNEL_CS); | |
190 | - wrmsrl_safe(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_SYSENTER_stack(cpu) + 1)); | |
191 | + wrmsrl_safe(MSR_IA32_SYSENTER_ESP, (unsigned long)(cpu_entry_stack(cpu) + 1)); | |
192 | wrmsrl_safe(MSR_IA32_SYSENTER_EIP, (u64)entry_SYSENTER_compat); | |
193 | #else | |
194 | wrmsrl(MSR_CSTAR, (unsigned long)ignore_sysret); | |
195 | @@ -1655,7 +1655,7 @@ void cpu_init(void) | |
196 | */ | |
197 | set_tss_desc(cpu, &get_cpu_entry_area(cpu)->tss.x86_tss); | |
198 | load_TR_desc(); | |
199 | - load_sp0((unsigned long)(cpu_SYSENTER_stack(cpu) + 1)); | |
200 | + load_sp0((unsigned long)(cpu_entry_stack(cpu) + 1)); | |
201 | ||
202 | load_mm_ldt(&init_mm); | |
203 | ||
204 | diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c | |
205 | index b005e5ef6738..55bf1c3b5319 100644 | |
206 | --- a/arch/x86/kernel/dumpstack.c | |
207 | +++ b/arch/x86/kernel/dumpstack.c | |
208 | @@ -43,9 +43,9 @@ bool in_task_stack(unsigned long *stack, struct task_struct *task, | |
209 | return true; | |
210 | } | |
211 | ||
212 | -bool in_sysenter_stack(unsigned long *stack, struct stack_info *info) | |
213 | +bool in_entry_stack(unsigned long *stack, struct stack_info *info) | |
214 | { | |
215 | - struct SYSENTER_stack *ss = cpu_SYSENTER_stack(smp_processor_id()); | |
216 | + struct entry_stack *ss = cpu_entry_stack(smp_processor_id()); | |
217 | ||
218 | void *begin = ss; | |
219 | void *end = ss + 1; | |
220 | @@ -53,7 +53,7 @@ bool in_sysenter_stack(unsigned long *stack, struct stack_info *info) | |
221 | if ((void *)stack < begin || (void *)stack >= end) | |
222 | return false; | |
223 | ||
224 | - info->type = STACK_TYPE_SYSENTER; | |
225 | + info->type = STACK_TYPE_ENTRY; | |
226 | info->begin = begin; | |
227 | info->end = end; | |
228 | info->next_sp = NULL; | |
229 | @@ -111,13 +111,13 @@ void show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs, | |
230 | * - task stack | |
231 | * - interrupt stack | |
232 | * - HW exception stacks (double fault, nmi, debug, mce) | |
233 | - * - SYSENTER stack | |
234 | + * - entry stack | |
235 | * | |
236 | * x86-32 can have up to four stacks: | |
237 | * - task stack | |
238 | * - softirq stack | |
239 | * - hardirq stack | |
240 | - * - SYSENTER stack | |
241 | + * - entry stack | |
242 | */ | |
243 | for (regs = NULL; stack; stack = PTR_ALIGN(stack_info.next_sp, sizeof(long))) { | |
244 | const char *stack_name; | |
245 | diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c | |
246 | index 3160bf2d100e..4580ba0204f6 100644 | |
247 | --- a/arch/x86/kernel/dumpstack_32.c | |
248 | +++ b/arch/x86/kernel/dumpstack_32.c | |
249 | @@ -25,8 +25,8 @@ const char *stack_type_name(enum stack_type type) | |
250 | if (type == STACK_TYPE_SOFTIRQ) | |
251 | return "SOFTIRQ"; | |
252 | ||
253 | - if (type == STACK_TYPE_SYSENTER) | |
254 | - return "SYSENTER"; | |
255 | + if (type == STACK_TYPE_ENTRY) | |
256 | + return "ENTRY_TRAMPOLINE"; | |
257 | ||
258 | return NULL; | |
259 | } | |
260 | @@ -95,7 +95,7 @@ int get_stack_info(unsigned long *stack, struct task_struct *task, | |
261 | if (task != current) | |
262 | goto unknown; | |
263 | ||
264 | - if (in_sysenter_stack(stack, info)) | |
265 | + if (in_entry_stack(stack, info)) | |
266 | goto recursion_check; | |
267 | ||
268 | if (in_hardirq_stack(stack, info)) | |
269 | diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c | |
270 | index f5107b659f86..7d9c0e06afc2 100644 | |
271 | --- a/arch/x86/kernel/dumpstack_64.c | |
272 | +++ b/arch/x86/kernel/dumpstack_64.c | |
273 | @@ -36,8 +36,14 @@ const char *stack_type_name(enum stack_type type) | |
274 | if (type == STACK_TYPE_IRQ) | |
275 | return "IRQ"; | |
276 | ||
277 | - if (type == STACK_TYPE_SYSENTER) | |
278 | - return "SYSENTER"; | |
279 | + if (type == STACK_TYPE_ENTRY) { | |
280 | + /* | |
281 | + * On 64-bit, we have a generic entry stack that we | |
282 | + * use for all the kernel entry points, including | |
283 | + * SYSENTER. | |
284 | + */ | |
285 | + return "ENTRY_TRAMPOLINE"; | |
286 | + } | |
287 | ||
288 | if (type >= STACK_TYPE_EXCEPTION && type <= STACK_TYPE_EXCEPTION_LAST) | |
289 | return exception_stack_names[type - STACK_TYPE_EXCEPTION]; | |
290 | @@ -117,7 +123,7 @@ int get_stack_info(unsigned long *stack, struct task_struct *task, | |
291 | if (in_irq_stack(stack, info)) | |
292 | goto recursion_check; | |
293 | ||
294 | - if (in_sysenter_stack(stack, info)) | |
295 | + if (in_entry_stack(stack, info)) | |
296 | goto recursion_check; | |
297 | ||
298 | goto unknown; | |
299 | diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S | |
300 | index 3ef7800007f8..634c6a78885c 100644 | |
301 | --- a/arch/x86/entry/entry_32.S | |
302 | +++ b/arch/x86/entry/entry_32.S | |
303 | @@ -949,9 +949,9 @@ ENTRY(debug) | |
304 | ||
305 | /* Are we currently on the SYSENTER stack? */ | |
306 | movl PER_CPU_VAR(cpu_entry_area), %ecx | |
307 | - addl $CPU_ENTRY_AREA_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx | |
308 | - subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */ | |
309 | - cmpl $SIZEOF_SYSENTER_stack, %ecx | |
310 | + addl $CPU_ENTRY_AREA_entry_stack + SIZEOF_entry_stack, %ecx | |
311 | + subl %eax, %ecx /* ecx = (end of entry_stack) - esp */ | |
312 | + cmpl $SIZEOF_entry_stack, %ecx | |
313 | jb .Ldebug_from_sysenter_stack | |
314 | ||
315 | TRACE_IRQS_OFF | |
316 | @@ -993,9 +993,9 @@ ENTRY(nmi) | |
317 | ||
318 | /* Are we currently on the SYSENTER stack? */ | |
319 | movl PER_CPU_VAR(cpu_entry_area), %ecx | |
320 | - addl $CPU_ENTRY_AREA_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx | |
321 | - subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */ | |
322 | - cmpl $SIZEOF_SYSENTER_stack, %ecx | |
323 | + addl $CPU_ENTRY_AREA_entry_stack + SIZEOF_entry_stack, %ecx | |
324 | + subl %eax, %ecx /* ecx = (end of entry_stack) - esp */ | |
325 | + cmpl $SIZEOF_entry_stack, %ecx | |
326 | jb .Lnmi_from_sysenter_stack | |
327 | ||
328 | /* Not on SYSENTER stack. */ | |
329 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | |
330 | index 157860b3569f..03e052f02176 100644 | |
331 | --- a/arch/x86/entry/entry_64.S | |
332 | +++ b/arch/x86/entry/entry_64.S | |
333 | @@ -153,8 +153,8 @@ END(native_usergs_sysret64) | |
334 | _entry_trampoline - CPU_ENTRY_AREA_entry_trampoline(%rip) | |
335 | ||
336 | /* The top word of the SYSENTER stack is hot and is usable as scratch space. */ | |
337 | -#define RSP_SCRATCH CPU_ENTRY_AREA_SYSENTER_stack + \ | |
338 | - SIZEOF_SYSENTER_stack - 8 + CPU_ENTRY_AREA | |
339 | +#define RSP_SCRATCH CPU_ENTRY_AREA_entry_stack + \ | |
340 | + SIZEOF_entry_stack - 8 + CPU_ENTRY_AREA | |
341 | ||
342 | ENTRY(entry_SYSCALL_64_trampoline) | |
343 | UNWIND_HINT_EMPTY | |
344 | -- | |
345 | 2.14.2 | |
346 |