From: Andy Whitcroft <apw@canonical.com>
Date: Wed, 31 Jan 2018 15:38:09 +0000 (+0000)
Subject: Revert "x86/syscall: Clear unused extra registers on syscall entrance"
X-Git-Tag: Ubuntu-4.13.0-33.36~241
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=333c9492a5229e0b2815eb6ccf85d04711cc3dcf;p=mirror_ubuntu-artful-kernel.git

Revert "x86/syscall: Clear unused extra registers on syscall entrance"

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 7b5ea16f42b5e4860cf9033897bcdfa3e1209033.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---

diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
index d537818ad285..015e0a84bb99 100644
--- a/arch/x86/entry/calling.h
+++ b/arch/x86/entry/calling.h
@@ -155,15 +155,6 @@ For 32-bit we have the following conventions - kernel is built with
 	popq %rbx
 	.endm
 
-	.macro CLEAR_EXTRA_REGS
-	xorq %r15, %r15
-	xorq %r14, %r14
-	xorq %r13, %r13
-	xorq %r12, %r12
-	xorq %rbp, %rbp
-	xorq %rbx, %rbx
-	.endm
-
 	.macro POP_C_REGS
 	popq %r11
 	popq %r10
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 1118a6256c69..f6ec4ad5b114 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -231,16 +231,10 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
 	pushq	%r9				/* pt_regs->r9 */
 	pushq	%r10				/* pt_regs->r10 */
 	pushq	%r11				/* pt_regs->r11 */
-	sub	$(6*8), %rsp			/* pt_regs->bp, bx, r12-15 not used */
+	sub	$(6*8), %rsp			/* pt_regs->bp, bx, r12-15 not saved */
 	UNWIND_HINT_REGS extra=0
 
 	ENABLE_IBRS
-	/*
-	 * Clear the unused extra regs for code hygiene.
-	 * Will restore the callee saved extra regs at end of syscall.
-	 */
-	SAVE_EXTRA_REGS
-	CLEAR_EXTRA_REGS
 
 	STUFF_RSB
 
@@ -298,7 +292,7 @@ entry_SYSCALL_64_fastpath:
 	movq	RIP(%rsp), %rcx
 	movq	EFLAGS(%rsp), %r11
 	DISABLE_IBRS
-	POP_EXTRA_REGS
+	addq	$6*8, %rsp	/* skip extra regs -- they were preserved */
 	UNWIND_HINT_EMPTY
 	jmp	.Lpop_c_regs_except_rcx_r11_and_sysret
 
@@ -310,12 +304,14 @@ entry_SYSCALL_64_fastpath:
 	 */
 	TRACE_IRQS_ON
 	ENABLE_INTERRUPTS(CLBR_ANY)
+	SAVE_EXTRA_REGS
 	movq	%rsp, %rdi
 	call	syscall_return_slowpath	/* returns with IRQs disabled */
 	jmp	return_from_SYSCALL_64
 
 entry_SYSCALL64_slow_path:
 	/* IRQs are off. */
+	SAVE_EXTRA_REGS
 	movq	%rsp, %rdi
 	call	do_syscall_64		/* returns with IRQs disabled */