projects / pve-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 321d628a FG |
1 | From 958fcb45b64535b87e3cfaef15a5cb41595e4187 Mon Sep 17 00:00:00 2001 |
| 2 | From: Andy Lutomirski <luto@kernel.org> | |
| 3 | Date: Thu, 2 Nov 2017 00:59:01 -0700 | |
| e4cdf2a5 | 4 | Subject: [PATCH 089/241] x86/entry/64: Simplify reg restore code in the |
| 321d628a FG |
5 | standard IRET paths |
| 6 | MIME-Version: 1.0 | |
| 7 | Content-Type: text/plain; charset=UTF-8 | |
| 8 | Content-Transfer-Encoding: 8bit | |
| 9 | ||
| 10 | CVE-2017-5754 | |
| 11 | ||
| 12 | The old code restored all the registers with movq instead of pop. | |
| 13 | ||
| 14 | In theory, this was done because some CPUs have higher movq | |
| 15 | throughput, but any gain there would be tiny and is almost certainly | |
| 16 | outweighed by the higher text size. | |
| 17 | ||
| 18 | This saves 96 bytes of text. | |
| 19 | ||
| 20 | Signed-off-by: Andy Lutomirski <luto@kernel.org> | |
| 21 | Cc: Borislav Petkov <bpetkov@suse.de> | |
| 22 | Cc: Brian Gerst <brgerst@gmail.com> | |
| 23 | Cc: Dave Hansen <dave.hansen@intel.com> | |
| 24 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
| 25 | Cc: Peter Zijlstra <peterz@infradead.org> | |
| 26 | Cc: Thomas Gleixner <tglx@linutronix.de> | |
| 27 | Link: http://lkml.kernel.org/r/ad82520a207ccd851b04ba613f4f752b33ac05f7.1509609304.git.luto@kernel.org | |
| 28 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
| 29 | (cherry picked from commit e872045bfd9c465a8555bab4b8567d56a4d2d3bb) | |
| 30 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
| 31 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
| 32 | (cherry picked from commit f926575cd370de4052e89477582b349af5664a56) | |
| 33 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
| 34 | --- | |
| 35 | arch/x86/entry/calling.h | 21 +++++++++++++++++++++ | |
| 36 | arch/x86/entry/entry_64.S | 12 ++++++------ | |
| 37 | 2 files changed, 27 insertions(+), 6 deletions(-) | |
| 38 | ||
| 39 | diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h | |
| 40 | index 640aafebdc00..0b9dd8123701 100644 | |
| 41 | --- a/arch/x86/entry/calling.h | |
| 42 | +++ b/arch/x86/entry/calling.h | |
| 43 | @@ -151,6 +151,27 @@ For 32-bit we have the following conventions - kernel is built with | |
| 44 | UNWIND_HINT_REGS offset=\offset extra=0 | |
| 45 | .endm | |
| 46 | ||
| 47 | + .macro POP_EXTRA_REGS | |
| 48 | + popq %r15 | |
| 49 | + popq %r14 | |
| 50 | + popq %r13 | |
| 51 | + popq %r12 | |
| 52 | + popq %rbp | |
| 53 | + popq %rbx | |
| 54 | + .endm | |
| 55 | + | |
| 56 | + .macro POP_C_REGS | |
| 57 | + popq %r11 | |
| 58 | + popq %r10 | |
| 59 | + popq %r9 | |
| 60 | + popq %r8 | |
| 61 | + popq %rax | |
| 62 | + popq %rcx | |
| 63 | + popq %rdx | |
| 64 | + popq %rsi | |
| 65 | + popq %rdi | |
| 66 | + .endm | |
| 67 | + | |
| 68 | .macro RESTORE_C_REGS_HELPER rstor_rax=1, rstor_rcx=1, rstor_r11=1, rstor_r8910=1, rstor_rdx=1 | |
| 69 | .if \rstor_r11 | |
| 70 | movq 6*8(%rsp), %r11 | |
| 71 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | |
| 72 | index 7c8258e3ad2d..a1a86e782a0e 100644 | |
| 73 | --- a/arch/x86/entry/entry_64.S | |
| 74 | +++ b/arch/x86/entry/entry_64.S | |
| 75 | @@ -618,9 +618,9 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) | |
| 76 | 1: | |
| 77 | #endif | |
| 78 | SWAPGS | |
| 79 | - RESTORE_EXTRA_REGS | |
| 80 | - RESTORE_C_REGS | |
| 81 | - REMOVE_PT_GPREGS_FROM_STACK 8 | |
| 82 | + POP_EXTRA_REGS | |
| 83 | + POP_C_REGS | |
| 84 | + addq $8, %rsp /* skip regs->orig_ax */ | |
| 85 | INTERRUPT_RETURN | |
| 86 | ||
| 87 | ||
| 88 | @@ -650,9 +650,9 @@ GLOBAL(restore_regs_and_return_to_kernel) | |
| 89 | ud2 | |
| 90 | 1: | |
| 91 | #endif | |
| 92 | - RESTORE_EXTRA_REGS | |
| 93 | - RESTORE_C_REGS | |
| 94 | - REMOVE_PT_GPREGS_FROM_STACK 8 | |
| 95 | + POP_EXTRA_REGS | |
| 96 | + POP_C_REGS | |
| 97 | + addq $8, %rsp /* skip regs->orig_ax */ | |
| 98 | INTERRUPT_RETURN | |
| 99 | ||
| 100 | ENTRY(native_iret) | |
| 101 | -- | |
| 102 | 2.14.2 | |
| 103 |