[pve-kernel.git] / patches / kernel / 0095-xen-x86-entry-64-Add-xen-NMI-trap-entry.patch

From 47b64e9de8bba4e6ccd0976bce6cf99446daf82e Mon Sep 17 00:00:00 2001
From: Juergen Gross <jgross@suse.com>
Date: Thu, 2 Nov 2017 00:59:07 -0700
Subject: [PATCH 095/241] xen, x86/entry/64: Add xen NMI trap entry
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

Instead of trying to execute any NMI via the bare metal's NMI trap
handler use a Xen specific one for PV domains, like we do for e.g.
debug traps. As in a PV domain the NMI is handled via the normal
kernel stack this is the correct thing to do.

This will enable us to get rid of the very fragile and questionable
dependencies between the bare metal NMI handler and Xen assumptions
believed to be broken anyway.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bpetkov@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/5baf5c0528d58402441550c5770b98e7961e7680.1509609304.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 43e4111086a70c78bedb6ad990bee97f17b27a6e)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 20c970e03b42141abf6c45938ce6d4fdc3555921)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/include/asm/traps.h | 2 +-
 arch/x86/xen/enlighten_pv.c  | 2 +-
 arch/x86/entry/entry_64.S    | 2 +-
 arch/x86/xen/xen-asm_64.S    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
index 8e5bf86f87e5..b052a7621ca1 100644
--- a/arch/x86/include/asm/traps.h
+++ b/arch/x86/include/asm/traps.h
@@ -55,9 +55,9 @@ asmlinkage void simd_coprocessor_error(void);
 
 #if defined(CONFIG_X86_64) && defined(CONFIG_XEN_PV)
 asmlinkage void xen_divide_error(void);
+asmlinkage void xen_xennmi(void);
 asmlinkage void xen_xendebug(void);
 asmlinkage void xen_xenint3(void);
-asmlinkage void xen_nmi(void);
 asmlinkage void xen_overflow(void);
 asmlinkage void xen_bounds(void);
 asmlinkage void xen_invalid_op(void);
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
index 69b9deff7e5c..8da4eff19c2a 100644
--- a/arch/x86/xen/enlighten_pv.c
+++ b/arch/x86/xen/enlighten_pv.c
@@ -600,7 +600,7 @@ static struct trap_array_entry trap_array[] = {
 #ifdef CONFIG_X86_MCE
 	{ machine_check,               xen_machine_check,               true },
 #endif
-	{ nmi,                         xen_nmi,                         true },
+	{ nmi,                         xen_xennmi,                      true },
 	{ overflow,                    xen_overflow,                    false },
 #ifdef CONFIG_IA32_EMULATION
 	{ entry_INT80_compat,          xen_entry_INT80_compat,          false },
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index 4eff3aca54ed..5a6aba7cf3bd 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -1091,6 +1091,7 @@ idtentry int3			do_int3			has_error_code=0	paranoid=1 shift_ist=DEBUG_STACK
 idtentry stack_segment		do_stack_segment	has_error_code=1
 
 #ifdef CONFIG_XEN
+idtentry xennmi			do_nmi			has_error_code=0
 idtentry xendebug		do_debug		has_error_code=0
 idtentry xenint3		do_int3			has_error_code=0
 #endif
@@ -1253,7 +1254,6 @@ ENTRY(error_exit)
 END(error_exit)
 
 /* Runs on exception stack */
-/* XXX: broken on Xen PV */
 ENTRY(nmi)
 	UNWIND_HINT_IRET_REGS
 	/*
diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S
index dae2cc33afb5..286ecc198562 100644
--- a/arch/x86/xen/xen-asm_64.S
+++ b/arch/x86/xen/xen-asm_64.S
@@ -29,7 +29,7 @@ xen_pv_trap debug
 xen_pv_trap xendebug
 xen_pv_trap int3
 xen_pv_trap xenint3
-xen_pv_trap nmi
+xen_pv_trap xennmi
 xen_pv_trap overflow
 xen_pv_trap bounds
 xen_pv_trap invalid_op
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From 47b64e9de8bba4e6ccd0976bce6cf99446daf82e Mon Sep 17 00:00:00 2001
	2	From: Juergen Gross <jgross@suse.com>
	3	Date: Thu, 2 Nov 2017 00:59:07 -0700
e4cdf2a5	4	Subject: [PATCH 095/241] xen, x86/entry/64: Add xen NMI trap entry
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	Instead of trying to execute any NMI via the bare metal's NMI trap
	12	handler use a Xen specific one for PV domains, like we do for e.g.
	13	debug traps. As in a PV domain the NMI is handled via the normal
	14	kernel stack this is the correct thing to do.
	15
	16	This will enable us to get rid of the very fragile and questionable
	17	dependencies between the bare metal NMI handler and Xen assumptions
	18	believed to be broken anyway.
	19
	20	Signed-off-by: Juergen Gross <jgross@suse.com>
	21	Signed-off-by: Andy Lutomirski <luto@kernel.org>
	22	Cc: Borislav Petkov <bpetkov@suse.de>
	23	Cc: Brian Gerst <brgerst@gmail.com>
	24	Cc: Dave Hansen <dave.hansen@intel.com>
	25	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	26	Cc: Peter Zijlstra <peterz@infradead.org>
	27	Cc: Thomas Gleixner <tglx@linutronix.de>
	28	Link: http://lkml.kernel.org/r/5baf5c0528d58402441550c5770b98e7961e7680.1509609304.git.luto@kernel.org
	29	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	30	(cherry picked from commit 43e4111086a70c78bedb6ad990bee97f17b27a6e)
	31	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	32	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	33	(cherry picked from commit 20c970e03b42141abf6c45938ce6d4fdc3555921)
	34	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	35	---
	36	arch/x86/include/asm/traps.h \| 2 +-
	37	arch/x86/xen/enlighten_pv.c \| 2 +-
	38	arch/x86/entry/entry_64.S \| 2 +-
	39	arch/x86/xen/xen-asm_64.S \| 2 +-
	40	4 files changed, 4 insertions(+), 4 deletions(-)
	41
	42	diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
	43	index 8e5bf86f87e5..b052a7621ca1 100644
	44	--- a/arch/x86/include/asm/traps.h
	45	+++ b/arch/x86/include/asm/traps.h
	46	@@ -55,9 +55,9 @@ asmlinkage void simd_coprocessor_error(void);
	47
	48	#if defined(CONFIG_X86_64) && defined(CONFIG_XEN_PV)
	49	asmlinkage void xen_divide_error(void);
	50	+asmlinkage void xen_xennmi(void);
	51	asmlinkage void xen_xendebug(void);
	52	asmlinkage void xen_xenint3(void);
	53	-asmlinkage void xen_nmi(void);
	54	asmlinkage void xen_overflow(void);
	55	asmlinkage void xen_bounds(void);
	56	asmlinkage void xen_invalid_op(void);
	57	diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
	58	index 69b9deff7e5c..8da4eff19c2a 100644
	59	--- a/arch/x86/xen/enlighten_pv.c
	60	+++ b/arch/x86/xen/enlighten_pv.c
	61	@@ -600,7 +600,7 @@ static struct trap_array_entry trap_array[] = {
	62	#ifdef CONFIG_X86_MCE
	63	{ machine_check, xen_machine_check, true },
	64	#endif
	65	- { nmi, xen_nmi, true },
	66	+ { nmi, xen_xennmi, true },
	67	{ overflow, xen_overflow, false },
	68	#ifdef CONFIG_IA32_EMULATION
69	{ entry_INT80_compat, xen_entry_INT80_compat, false },
70	diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
71	index 4eff3aca54ed..5a6aba7cf3bd 100644
72	--- a/arch/x86/entry/entry_64.S
73	+++ b/arch/x86/entry/entry_64.S
74	@@ -1091,6 +1091,7 @@ idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
75	idtentry stack_segment do_stack_segment has_error_code=1
76
77	#ifdef CONFIG_XEN
78	+idtentry xennmi do_nmi has_error_code=0
79	idtentry xendebug do_debug has_error_code=0
80	idtentry xenint3 do_int3 has_error_code=0
81	#endif
82	@@ -1253,7 +1254,6 @@ ENTRY(error_exit)
83	END(error_exit)
84
85	/* Runs on exception stack */
86	-/* XXX: broken on Xen PV */
87	ENTRY(nmi)
88	UNWIND_HINT_IRET_REGS
89	/*
90	diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S
91	index dae2cc33afb5..286ecc198562 100644
92	--- a/arch/x86/xen/xen-asm_64.S
93	+++ b/arch/x86/xen/xen-asm_64.S
94	@@ -29,7 +29,7 @@ xen_pv_trap debug
95	xen_pv_trap xendebug
96	xen_pv_trap int3
97	xen_pv_trap xenint3
98	-xen_pv_trap nmi
99	+xen_pv_trap xennmi
100	xen_pv_trap overflow
101	xen_pv_trap bounds
102	xen_pv_trap invalid_op
103	--
104	2.14.2
105