]> git.proxmox.com Git - pve-kernel.git/blame - patches/kernel/0157-x86-entry-64-Remove-the-SYSENTER-stack-canary.patch
projects / pve-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
KPTI: add follow-up fixes
[pve-kernel.git] / patches / kernel / 0157-x86-entry-64-Remove-the-SYSENTER-stack-canary.patch
CommitLineData
321d628a
FG		 1From b153f8e687bf0739b113445d3cfe029593e9484a Mon Sep 17 00:00:00 2001
2From: Andy Lutomirski <luto@kernel.org>
3Date: Mon, 4 Dec 2017 15:07:27 +0100
e4cdf2a5 4Subject: [PATCH 157/241] x86/entry/64: Remove the SYSENTER stack canary
321d628a
FG		 5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9CVE-2017-5754
10
11Now that the SYSENTER stack has a guard page, there's no need for a canary
12to detect overflow after the fact.
13
14Signed-off-by: Andy Lutomirski <luto@kernel.org>
15Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
16Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
17Reviewed-by: Borislav Petkov <bp@suse.de>
18Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
19Cc: Borislav Petkov <bp@alien8.de>
20Cc: Borislav Petkov <bpetkov@suse.de>
21Cc: Brian Gerst <brgerst@gmail.com>
22Cc: Dave Hansen <dave.hansen@intel.com>
23Cc: Dave Hansen <dave.hansen@linux.intel.com>
24Cc: David Laight <David.Laight@aculab.com>
25Cc: Denys Vlasenko <dvlasenk@redhat.com>
26Cc: Eduardo Valentin <eduval@amazon.com>
27Cc: Greg KH <gregkh@linuxfoundation.org>
28Cc: H. Peter Anvin <hpa@zytor.com>
29Cc: Josh Poimboeuf <jpoimboe@redhat.com>
30Cc: Juergen Gross <jgross@suse.com>
31Cc: Linus Torvalds <torvalds@linux-foundation.org>
32Cc: Peter Zijlstra <peterz@infradead.org>
33Cc: Rik van Riel <riel@redhat.com>
34Cc: Will Deacon <will.deacon@arm.com>
35Cc: aliguori@amazon.com
36Cc: daniel.gruss@iaik.tugraz.at
37Cc: hughd@google.com
38Cc: keescook@google.com
39Link: https://lkml.kernel.org/r/20171204150606.572577316@linutronix.de
40Signed-off-by: Ingo Molnar <mingo@kernel.org>
41(cherry picked from commit 7fbbd5cbebf118a9e09f5453f686656a167c3d1c)
42Signed-off-by: Andy Whitcroft <apw@canonical.com>
43Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
44(cherry picked from commit 8158adf795cb48be67891feacacc36d7a247afdf)
45Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
46---
47 arch/x86/include/asm/processor.h | 1 -
48 arch/x86/kernel/dumpstack.c | 3 +--
49 arch/x86/kernel/process.c | 1 -
50 arch/x86/kernel/traps.c | 7 -------
51 4 files changed, 1 insertion(+), 11 deletions(-)
52
53diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
54index 1bfe4bad797a..4737d378d7b5 100644
55--- a/arch/x86/include/asm/processor.h
56+++ b/arch/x86/include/asm/processor.h
57@@ -335,7 +335,6 @@ struct tss_struct {
58 * Space for the temporary SYSENTER stack, used for SYSENTER
59 * and the entry trampoline as well.
60 */
61- unsigned long SYSENTER_stack_canary;
62 unsigned long SYSENTER_stack[64];
63
64 /*
65diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
66index c1f503673f1e..c32c6cce9dcc 100644
67--- a/arch/x86/kernel/dumpstack.c
68+++ b/arch/x86/kernel/dumpstack.c
69@@ -48,8 +48,7 @@ bool in_sysenter_stack(unsigned long *stack, struct stack_info *info)
70 int cpu = smp_processor_id();
71 struct tss_struct *tss = &get_cpu_entry_area(cpu)->tss;
72
73- /* Treat the canary as part of the stack for unwinding purposes. */
74- void *begin = &tss->SYSENTER_stack_canary;
75+ void *begin = &tss->SYSENTER_stack;
76 void *end = (void *)&tss->SYSENTER_stack + sizeof(tss->SYSENTER_stack);
77
78 if ((void *)stack < begin || (void *)stack >= end)
79diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
80index 407fc37a8718..ec758390d24e 100644
81--- a/arch/x86/kernel/process.c
82+++ b/arch/x86/kernel/process.c
83@@ -80,7 +80,6 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
84 */
85 .io_bitmap = { [0 ... IO_BITMAP_LONGS] = ~0 },
86 #endif
87- .SYSENTER_stack_canary = STACK_END_MAGIC,
88 };
89 EXPORT_PER_CPU_SYMBOL(cpu_tss);
90
91diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
92index fd4d47e8672e..2818c83892b3 100644
93--- a/arch/x86/kernel/traps.c
94+++ b/arch/x86/kernel/traps.c
95@@ -826,13 +826,6 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code)
96 debug_stack_usage_dec();
97
98 exit:
99- /*
100- * This is the most likely code path that involves non-trivial use
101- * of the SYSENTER stack. Check that we haven't overrun it.
102- */
103- WARN(this_cpu_read(cpu_tss.SYSENTER_stack_canary) != STACK_END_MAGIC,
104- "Overran or corrupted SYSENTER stack\n");
105-
106 ist_exit(regs);
107 }
108 NOKPROBE_SYMBOL(do_debug);
109--
1102.14.2
111
Linux Kernel for Proxmox projects