[pve-kernel.git] / patches / kernel / 0031-x86-entry-Fix-idtentry-unwind-hint.patch

From b368fed558634ffc92dba0d7d9e4e631d26cd92f Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Fri, 20 Oct 2017 11:21:33 -0500
Subject: [PATCH 031/241] x86/entry: Fix idtentry unwind hint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

This fixes the following ORC warning in the 'int3' entry code:

  WARNING: can't dereference iret registers at ffff8801c5f17fe0 for ip ffffffff95f0d94b

The ORC metadata had the wrong stack offset for the iret registers.

Their location on the stack is dependent on whether the exception has an
error code.

Reported-and-tested-by: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 8c1f75587a18 ("x86/entry/64: Add unwind hint annotations")
Link: http://lkml.kernel.org/r/931d57f0551ed7979d5e7e05370d445c8e5137f8.1508516398.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 98990a33b77dda9babf91cb235654f6729e5702e)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 266be2a5053230f6d0b6f27d3e8e9f28df40dd7e)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/entry/entry_64.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c12260ef3e4b..2e4fc6425f47 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -821,7 +821,7 @@ apicinterrupt IRQ_WORK_VECTOR			irq_work_interrupt		smp_irq_work_interrupt
 
 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
 ENTRY(\sym)
-	UNWIND_HINT_IRET_REGS offset=8
+	UNWIND_HINT_IRET_REGS offset=\has_error_code*8
 
 	/* Sanity check */
 	.if \shift_ist != -1 && \paranoid == 0
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From b368fed558634ffc92dba0d7d9e4e631d26cd92f Mon Sep 17 00:00:00 2001
	2	From: Josh Poimboeuf <jpoimboe@redhat.com>
	3	Date: Fri, 20 Oct 2017 11:21:33 -0500
e4cdf2a5	4	Subject: [PATCH 031/241] x86/entry: Fix idtentry unwind hint
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	This fixes the following ORC warning in the 'int3' entry code:
	12
	13	WARNING: can't dereference iret registers at ffff8801c5f17fe0 for ip ffffffff95f0d94b
	14
	15	The ORC metadata had the wrong stack offset for the iret registers.
	16
	17	Their location on the stack is dependent on whether the exception has an
	18	error code.
	19
	20	Reported-and-tested-by: Andrei Vagin <avagin@virtuozzo.com>
	21	Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
	22	Cc: Andy Lutomirski <luto@kernel.org>
	23	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	24	Cc: Peter Zijlstra <peterz@infradead.org>
	25	Cc: Thomas Gleixner <tglx@linutronix.de>
	26	Fixes: 8c1f75587a18 ("x86/entry/64: Add unwind hint annotations")
	27	Link: http://lkml.kernel.org/r/931d57f0551ed7979d5e7e05370d445c8e5137f8.1508516398.git.jpoimboe@redhat.com
	28	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	29	(cherry picked from commit 98990a33b77dda9babf91cb235654f6729e5702e)
	30	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	31	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	32	(cherry picked from commit 266be2a5053230f6d0b6f27d3e8e9f28df40dd7e)
	33	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	34	---
	35	arch/x86/entry/entry_64.S \| 2 +-
	36	1 file changed, 1 insertion(+), 1 deletion(-)
	37
	38	diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
	39	index c12260ef3e4b..2e4fc6425f47 100644
	40	--- a/arch/x86/entry/entry_64.S
	41	+++ b/arch/x86/entry/entry_64.S
	42	@@ -821,7 +821,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
	43
	44	.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
	45	ENTRY(\sym)
	46	- UNWIND_HINT_IRET_REGS offset=8
	47	+ UNWIND_HINT_IRET_REGS offset=\has_error_code*8
	48
	49	/* Sanity check */
	50	.if \shift_ist != -1 && \paranoid == 0
	51	--
	52	2.14.2
	53