]> git.proxmox.com Git - pve-kernel.git/blob - patches/kernel/0276-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch
projects / pve-kernel.git / blob
? search:


68f96e718b6a2909be0f22b712511a30667a5488
[pve-kernel.git] / patches / kernel / 0276-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Tim Chen <tim.c.chen@linux.intel.com>
3 Date: Fri, 13 Oct 2017 14:25:00 -0700
4 Subject: [PATCH] x86/enter: Use IBRS on syscall and interrupts
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 CVE-2017-5753
10 CVE-2017-5715
11
12 Set IBRS upon kernel entrance via syscall and interrupts. Clear it upon exit.
13
14 Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
15 Signed-off-by: Andy Whitcroft <apw@canonical.com>
16 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
17 (cherry picked from commit d7eb5f9ed26dbdc39df793491bdcc9f80d41325e)
18 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
19 ---
20 arch/x86/entry/entry_64.S | 18 +++++++++++++++++-
21 arch/x86/entry/entry_64_compat.S | 7 +++++++
22 2 files changed, 24 insertions(+), 1 deletion(-)
23
24 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
25 index b48f2c78a9bf..5f898c3c1dad 100644
26 --- a/arch/x86/entry/entry_64.S
27 +++ b/arch/x86/entry/entry_64.S
28 @@ -36,6 +36,7 @@
29 #include <asm/pgtable_types.h>
30 #include <asm/export.h>
31 #include <asm/frame.h>
32 +#include <asm/spec_ctrl.h>
33 #include <linux/err.h>
34
35 #include "calling.h"
36 @@ -235,6 +236,8 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
37 sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */
38 UNWIND_HINT_REGS extra=0
39
40 + ENABLE_IBRS
41 +
42 /*
43 * If we need to do entry work or if we guess we'll need to do
44 * exit work, go straight to the slow path.
45 @@ -286,6 +289,7 @@ entry_SYSCALL_64_fastpath:
46 TRACE_IRQS_ON /* user mode is traced as IRQs on */
47 movq RIP(%rsp), %rcx
48 movq EFLAGS(%rsp), %r11
49 + DISABLE_IBRS
50 addq $6*8, %rsp /* skip extra regs -- they were preserved */
51 UNWIND_HINT_EMPTY
52 jmp .Lpop_c_regs_except_rcx_r11_and_sysret
53 @@ -379,6 +383,8 @@ return_from_SYSCALL_64:
54 * perf profiles. Nothing jumps here.
55 */
56 syscall_return_via_sysret:
57 + DISABLE_IBRS
58 +
59 /* rcx and r11 are already restored (see code above) */
60 UNWIND_HINT_EMPTY
61 POP_EXTRA_REGS
62 @@ -660,6 +666,10 @@ END(irq_entries_start)
63 /*
64 * IRQ from user mode.
65 *
66 + */
67 + ENABLE_IBRS
68 +
69 + /*
70 * We need to tell lockdep that IRQs are off. We can't do this until
71 * we fix gsbase, and we should do it before enter_from_user_mode
72 * (which can take locks). Since TRACE_IRQS_OFF idempotent,
73 @@ -743,7 +753,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode)
74 * We are on the trampoline stack. All regs except RDI are live.
75 * We can do future final exit work right here.
76 */
77 -
78 + DISABLE_IBRS
79 SWITCH_TO_USER_CR3_STACK scratch_reg=%rdi
80
81 /* Restore RDI. */
82 @@ -1277,6 +1287,7 @@ ENTRY(paranoid_entry)
83
84 1:
85 SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14
86 + ENABLE_IBRS_CLOBBER
87
88 ret
89 END(paranoid_entry)
90 @@ -1331,6 +1342,8 @@ ENTRY(error_entry)
91 /* We have user CR3. Change to kernel CR3. */
92 SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
93
94 + ENABLE_IBRS
95 +
96 .Lerror_entry_from_usermode_after_swapgs:
97 /* Put us onto the real thread stack. */
98 popq %r12 /* save return addr in %12 */
99 @@ -1377,6 +1390,7 @@ ENTRY(error_entry)
100 */
101 SWAPGS
102 SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
103 + ENABLE_IBRS_CLOBBER
104 jmp .Lerror_entry_done
105
106 .Lbstep_iret:
107 @@ -1391,6 +1405,7 @@ ENTRY(error_entry)
108 */
109 SWAPGS
110 SWITCH_TO_KERNEL_CR3 scratch_reg=%rax
111 + ENABLE_IBRS_CLOBBER
112
113 /*
114 * Pretend that the exception came from user mode: set up pt_regs
115 @@ -1518,6 +1533,7 @@ ENTRY(nmi)
116 UNWIND_HINT_REGS
117 ENCODE_FRAME_POINTER
118
119 + ENABLE_IBRS
120 /*
121 * At this point we no longer need to worry about stack damage
122 * due to nesting -- we're on the normal thread stack and we're
123 diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
124 index 2b5e7685823c..ee4f3edb3c50 100644
125 --- a/arch/x86/entry/entry_64_compat.S
126 +++ b/arch/x86/entry/entry_64_compat.S
127 @@ -13,6 +13,7 @@
128 #include <asm/irqflags.h>
129 #include <asm/asm.h>
130 #include <asm/smap.h>
131 +#include <asm/spec_ctrl.h>
132 #include <linux/linkage.h>
133 #include <linux/err.h>
134
135 @@ -95,6 +96,8 @@ ENTRY(entry_SYSENTER_compat)
136 pushq $0 /* pt_regs->r15 = 0 */
137 cld
138
139 + ENABLE_IBRS
140 +
141 /*
142 * SYSENTER doesn't filter flags, so we need to clear NT and AC
143 * ourselves. To save a few cycles, we can check whether
144 @@ -194,6 +197,7 @@ ENTRY(entry_SYSCALL_compat)
145
146 /* Use %rsp as scratch reg. User ESP is stashed in r8 */
147 SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp
148 + ENABLE_IBRS
149
150 /* Switch to the kernel stack */
151 movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
152 @@ -249,6 +253,7 @@ sysret32_from_system_call:
153 popq %rsi /* pt_regs->si */
154 popq %rdi /* pt_regs->di */
155
156 + DISABLE_IBRS
157 /*
158 * USERGS_SYSRET32 does:
159 * GSBASE = user's GS base
160 @@ -348,6 +353,8 @@ ENTRY(entry_INT80_compat)
161 pushq %r15 /* pt_regs->r15 */
162 cld
163
164 + ENABLE_IBRS
165 +
166 /*
167 * User mode is traced as though IRQs are on, and the interrupt
168 * gate turned them off.
169 --
170 2.14.2
171
Linux Kernel for Proxmox projects