patches/kernel/0059-x86-head-Add-unwind-hint-annotations.patch

   1 From 6ef121f444bab6ac294e1eda62eb727ee639c6d7 Mon Sep 17 00:00:00 2001
   2 From: Josh Poimboeuf <jpoimboe@redhat.com>
   3 Date: Mon, 18 Sep 2017 21:43:37 -0500
   4 Subject: [PATCH 059/233] x86/head: Add unwind hint annotations
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 Jiri Slaby reported an ORC issue when unwinding from an idle task.  The
  12 stack was:
  13
  14     ffffffff811083c2 do_idle+0x142/0x1e0
  15     ffffffff8110861d cpu_startup_entry+0x5d/0x60
  16     ffffffff82715f58 start_kernel+0x3ff/0x407
  17     ffffffff827153e8 x86_64_start_kernel+0x14e/0x15d
  18     ffffffff810001bf secondary_startup_64+0x9f/0xa0
  19
  20 The ORC unwinder errored out at secondary_startup_64 because the head
  21 code isn't annotated yet so there wasn't a corresponding ORC entry.
  22
  23 Fix that and any other head-related unwinding issues by adding unwind
  24 hints to the head code.
  25
  26 Reported-by: Jiri Slaby <jslaby@suse.cz>
  27 Tested-by: Jiri Slaby <jslaby@suse.cz>
  28 Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
  29 Cc: Andy Lutomirski <luto@kernel.org>
  30 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
  31 Cc: Juergen Gross <jgross@suse.com>
  32 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  33 Cc: Peter Zijlstra <peterz@infradead.org>
  34 Cc: Thomas Gleixner <tglx@linutronix.de>
  35 Link: http://lkml.kernel.org/r/78ef000a2f68f545d6eef44ee912edceaad82ccf.1505764066.git.jpoimboe@redhat.com
  36 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  37 (cherry picked from commit 2704fbb672d0d9a19414907fda7949283dcef6a1)
  38 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  39 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  40 (cherry picked from commit b63a868e404e64172afefea553c6a40963a151db)
  41 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  42 ---
  43  arch/x86/kernel/Makefile  |  1 -
  44  arch/x86/kernel/head_64.S | 14 ++++++++++++--
  45  2 files changed, 12 insertions(+), 3 deletions(-)
  46
  47 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
  48 index 287eac7d207f..e2315aecc441 100644
  49 --- a/arch/x86/kernel/Makefile
  50 +++ b/arch/x86/kernel/Makefile
  51 @@ -26,7 +26,6 @@ KASAN_SANITIZE_dumpstack.o                            := n
  52  KASAN_SANITIZE_dumpstack_$(BITS).o                     := n
  53  KASAN_SANITIZE_stacktrace.o := n
  54
  55 -OBJECT_FILES_NON_STANDARD_head_$(BITS).o               := y
  56  OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o    := y
  57  OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o             := y
  58  OBJECT_FILES_NON_STANDARD_test_nx.o                    := y
  59 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
  60 index 45b18b1a6417..d081bc7a027d 100644
  61 --- a/arch/x86/kernel/head_64.S
  62 +++ b/arch/x86/kernel/head_64.S
  63 @@ -49,6 +49,7 @@ L3_START_KERNEL = pud_index(__START_KERNEL_map)
  64         .code64
  65         .globl startup_64
  66  startup_64:
  67 +       UNWIND_HINT_EMPTY
  68         /*
  69          * At this point the CPU runs in 64bit mode CS.L = 1 CS.D = 0,
  70          * and someone has loaded an identity mapped page table
  71 @@ -81,6 +82,7 @@ startup_64:
  72         movq    $(early_top_pgt - __START_KERNEL_map), %rax
  73         jmp 1f
  74  ENTRY(secondary_startup_64)
  75 +       UNWIND_HINT_EMPTY
  76         /*
  77          * At this point the CPU runs in 64bit mode CS.L = 1 CS.D = 0,
  78          * and someone has loaded a mapped page table.
  79 @@ -116,6 +118,7 @@ ENTRY(secondary_startup_64)
  80         movq    $1f, %rax
  81         jmp     *%rax
  82  1:
  83 +       UNWIND_HINT_EMPTY
  84
  85         /* Check if nx is implemented */
  86         movl    $0x80000001, %eax
  87 @@ -230,6 +233,7 @@ END(secondary_startup_64)
  88   */
  89  ENTRY(start_cpu0)
  90         movq    initial_stack(%rip), %rsp
  91 +       UNWIND_HINT_EMPTY
  92         jmp     .Ljump_to_C_code
  93  ENDPROC(start_cpu0)
  94  #endif
  95 @@ -254,13 +258,18 @@ ENTRY(early_idt_handler_array)
  96         i = 0
  97         .rept NUM_EXCEPTION_VECTORS
  98         .ifeq (EXCEPTION_ERRCODE_MASK >> i) & 1
  99 -       pushq $0                # Dummy error code, to make stack frame uniform
 100 +               UNWIND_HINT_IRET_REGS
 101 +               pushq $0        # Dummy error code, to make stack frame uniform
 102 +       .else
 103 +               UNWIND_HINT_IRET_REGS offset=8
 104         .endif
 105         pushq $i                # 72(%rsp) Vector number
 106         jmp early_idt_handler_common
 107 +       UNWIND_HINT_IRET_REGS
 108         i = i + 1
 109         .fill early_idt_handler_array + i*EARLY_IDT_HANDLER_SIZE - ., 1, 0xcc
 110         .endr
 111 +       UNWIND_HINT_IRET_REGS offset=16
 112  END(early_idt_handler_array)
 113
 114  early_idt_handler_common:
 115 @@ -289,6 +298,7 @@ early_idt_handler_common:
 116         pushq %r13                              /* pt_regs->r13 */
 117         pushq %r14                              /* pt_regs->r14 */
 118         pushq %r15                              /* pt_regs->r15 */
 119 +       UNWIND_HINT_REGS
 120
 121         cmpq $14,%rsi           /* Page fault? */
 122         jnz 10f
 123 @@ -411,7 +421,7 @@ ENTRY(phys_base)
 124  EXPORT_SYMBOL(phys_base)
 125
 126  #include "../../x86/xen/xen-head.S"
 127 -
 128 +
 129         __PAGE_ALIGNED_BSS
 130  NEXT_PAGE(empty_zero_page)
 131         .skip PAGE_SIZE
 132 --
 133 2.14.2
 134