x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL

We missed them in the first round of backporting.

Also move the DISABLE_IBRS _after_ the trace_hardirqs_on_caller
call.

Orabug: 27344012
CVE:CVE-2017-5715

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
v2: Move the DISABLE_IBRS after the TRACE_HARDIRQ macro
    Move the ENABLE_IBRS up

Signed-off-by: Brian Maly <brian.maly@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 9d7a93bd8bb1c4e35a5f17788bd594346f9d32f0..36d3ec7e4cdc7913dc6828932ba3a03ce7f50025 100644 (file)
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -373,6 +373,10 @@ ENTRY(ia32_cstar_target)
        movl    %esp,%r8d
        CFI_REGISTER    rsp,r8
        movq    PER_CPU_VAR(cpu_current_top_of_stack),%rsp
+
+       ENABLE_IBRS
+       STUFF_RSB
+
        ENABLE_INTERRUPTS(CLBR_NONE)
 
        /* Zero-extending 32-bit regs, do not remove */
@@ -435,6 +439,7 @@ sysretl_from_sys_call:
        xorq    %r9,%r9
        xorq    %r8,%r8
        TRACE_IRQS_ON
+       DISABLE_IBRS
        SWITCH_USER_CR3
        movl RSP(%rsp),%esp
        CFI_RESTORE rsp