1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Tim Chen <tim.c.chen@linux.intel.com>
3 Date: Tue, 14 Nov 2017 17:16:30 -0800
4 Subject: [PATCH] x86/entry: Stuff RSB for entry to kernel for non-SMEP
7 Content-Type: text/plain; charset=UTF-8
8 Content-Transfer-Encoding: 8bit
13 Stuff RSB to prevent RSB underflow on non-SMEP platform.
15 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
16 Signed-off-by: Andy Whitcroft <apw@canonical.com>
17 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
18 (cherry picked from commit b82785ac1d33ce219c77d72b7bd80a21e1441ac8)
19 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
21 arch/x86/include/asm/spec_ctrl.h | 71 ++++++++++++++++++++++++++++++++++++++++
22 arch/x86/entry/entry_64.S | 18 ++++++++--
23 arch/x86/entry/entry_64_compat.S | 4 +++
24 3 files changed, 91 insertions(+), 2 deletions(-)
26 diff --git a/arch/x86/include/asm/spec_ctrl.h b/arch/x86/include/asm/spec_ctrl.h
27 index 7f8bb09b6acb..55ee1f36bda2 100644
28 --- a/arch/x86/include/asm/spec_ctrl.h
29 +++ b/arch/x86/include/asm/spec_ctrl.h
34 +#define __ASM_STUFF_RSB \
103 ALTERNATIVE "", __stringify(__ASM_ENABLE_IBRS), X86_FEATURE_SPEC_CTRL
104 @@ -48,5 +115,9 @@ ALTERNATIVE "", __stringify(__ASM_ENABLE_IBRS_CLOBBER), X86_FEATURE_SPEC_CTRL
105 ALTERNATIVE "", __stringify(__ASM_DISABLE_IBRS), X86_FEATURE_SPEC_CTRL
109 +ALTERNATIVE __stringify(__ASM_STUFF_RSB), "", X86_FEATURE_SMEP
112 #endif /* __ASSEMBLY__ */
113 #endif /* _ASM_X86_SPEC_CTRL_H */
114 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
115 index 5f898c3c1dad..f6ec4ad5b114 100644
116 --- a/arch/x86/entry/entry_64.S
117 +++ b/arch/x86/entry/entry_64.S
118 @@ -214,8 +214,6 @@ ENTRY(entry_SYSCALL_64)
119 movq %rsp, PER_CPU_VAR(rsp_scratch)
120 movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
124 /* Construct struct pt_regs on stack */
125 pushq $__USER_DS /* pt_regs->ss */
126 pushq PER_CPU_VAR(rsp_scratch) /* pt_regs->sp */
127 @@ -238,6 +236,10 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
136 * If we need to do entry work or if we guess we'll need to do
137 * exit work, go straight to the slow path.
138 @@ -658,6 +660,13 @@ END(irq_entries_start)
139 ALLOC_PT_GPREGS_ON_STACK
144 + * Have to do stuffing before encoding frame pointer.
145 + * Could add some unnecessary RSB clearing if coming
146 + * from kernel for non-SMEP platform.
152 @@ -1276,6 +1285,10 @@ ENTRY(paranoid_entry)
157 + * Do the stuffing unconditionally from user/kernel to be safe
160 ENCODE_FRAME_POINTER 8
162 movl $MSR_GS_BASE, %ecx
163 @@ -1329,6 +1342,7 @@ ENTRY(error_entry)
168 ENCODE_FRAME_POINTER 8
171 diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
172 index ee4f3edb3c50..1480222bae02 100644
173 --- a/arch/x86/entry/entry_64_compat.S
174 +++ b/arch/x86/entry/entry_64_compat.S
175 @@ -97,6 +97,7 @@ ENTRY(entry_SYSENTER_compat)
182 * SYSENTER doesn't filter flags, so we need to clear NT and AC
183 @@ -227,6 +228,8 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
184 pushq $0 /* pt_regs->r14 = 0 */
185 pushq $0 /* pt_regs->r15 = 0 */
190 * User mode is traced as though IRQs are on, and SYSENTER
192 @@ -354,6 +357,7 @@ ENTRY(entry_INT80_compat)
199 * User mode is traced as though IRQs are on, and the interrupt