]> www.infradead.org Git - users/jedix/linux-maple.git/commitdiff
projects / users / jedix / linux-maple.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2115747)
x86/entry_64: TRACE_IRQS_OFF before re-enabling.
authorJamie Iles <jamie.iles@oracle.com>
Tue, 9 Jan 2018 12:16:43 +0000 (12:16 +0000)
committerKirtikar Kashyap <kirtikar.kashyap@oracle.com>
Fri, 12 Jan 2018 18:25:30 +0000 (10:25 -0800)
Our TRACE_IRQS_OFF call introduced in d572bdfdeb7a (x86/entry: Stuff RSB
for entry to kernel for non-SMEP platform) is after we have already
called ENABLE_INTERRUPTS, resulting in:

WARNING: CPU: 1 PID: 1 at kernel/locking/lockdep.c:2639 trace_hardirqs_off_caller+0xb9/0x130()
DEBUG_LOCKS_WARN_ON(!irqs_disabled())
Modules linked in:
CPU: 1 PID: 1 Comm: init Not tainted 4.1.12+ #91
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
 0000000000000009 ffff88011955fdd8 ffffffff815e4336 ffff88011955fe58
 ffff880119550000 ffff88011955fe28 ffffffff810b556a ffff88011955fe28
 ffffffff8112cd59 0000000000000000 ffffed00232abfc7 ffffffff81ab5f31
Call Trace:
 [<ffffffff815e4336>] dump_stack+0x86/0xc0
 [<ffffffff810b556a>] warn_slowpath_common+0xca/0xf0
 [<ffffffff8112cd59>] ? trace_hardirqs_off_caller+0xb9/0x130
 [<ffffffff81ab5f31>] ? system_call_after_swapgs+0x17b/0x18c
 [<ffffffff810b5620>] warn_slowpath_fmt+0x90/0xb0
 [<ffffffff810b5590>] ? warn_slowpath_common+0xf0/0xf0
 [<ffffffff8112b663>] ? up_read+0x23/0x40
 [<ffffffff81133142>] ? mark_held_locks+0x22/0xd0
 [<ffffffff810a0150>] ? __do_page_fault+0x440/0x540
 [<ffffffff8112cd59>] trace_hardirqs_off_caller+0xb9/0x130
 [<ffffffff815fbbc1>] trace_hardirqs_off_thunk+0x17/0x19
 [<ffffffff81ab5f31>] ? system_call_after_swapgs+0x17b/0x18c

Move TRACE_IRQS_OFF to before interrupts have been re-enabled.

Orabug: 27344012
CVE:CVE-2017-5715

Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
arch/x86/kernel/entry_64.S patch | blob | history

diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index ed037398a2ad468403ecbc01dee082494b112a8f..752823b875439eccd941c06548f186bfaa8b7c33 100644 (file)
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -224,6 +224,8 @@ GLOBAL(system_call_after_swapgs)
 
        ENABLE_IBRS
 
+       TRACE_IRQS_OFF
+
        /* Construct struct pt_regs on stack */
        pushq_cfi $__USER_DS                    /* pt_regs->ss */
        pushq_cfi PER_CPU_VAR(rsp_scratch)      /* pt_regs->sp */
@@ -261,8 +263,6 @@ GLOBAL(system_call_after_swapgs)
 
        STUFF_RSB
 
-       TRACE_IRQS_OFF
-
        testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
        jnz tracesys
 system_call_fastpath:
Unnamed repository; edit this file 'description' to name the repository.