x86/ia32: save and clear registers on syscall.

This is a followup to 111ba91464f2 (x86/syscall: Clear unused extra
registers on syscall entrance) and a1aa2e658e0af (Re-introduce clearing
of r12-15, rbp, rbx), making sure that we also save and clear registers
on the compat syscalls.  Otherwise we see segfaults when running an
32-bit binary on a 64-bit kernel.

Orabug: 27365431
CVE: CVE-2017-5754

Cc: Kris Van Hees <kris.van.hees@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 0604c0b5cfc0e3922612ed2cc2b05d8a0cc6f1a2..eebb13d11c097691ff0bb7c5d42aaf24145d37ca 100644 (file)
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -151,6 +151,8 @@ ENTRY(ia32_sysenter_target)
        sub     $(10*8),%rsp /* pt_regs->r8-11,bp,bx,r12-15 not saved */
        CFI_ADJUST_CFA_OFFSET 10*8
 
+       SAVE_EXTRA_REGS
+       CLEAR_R8_TO_R15
        ENABLE_IBRS
        STUFF_RSB
 
@@ -543,6 +545,8 @@ ENTRY(ia32_syscall)
        sub     $(10*8),%rsp /* pt_regs->r8-11,bp,bx,r12-15 not saved */
        CFI_ADJUST_CFA_OFFSET 10*8
 
+       SAVE_EXTRA_REGS
+       CLEAR_R8_TO_R15
        ENABLE_IBRS
        STUFF_RSB
 

diff --git a/arch/x86/include/asm/calling.h b/arch/x86/include/asm/calling.h
index d2a3483d4008263273f6b54fcc4ccdee254acd39..017514ab84cf118c495b8483c7a5c5d695458890 100644 (file)
--- a/arch/x86/include/asm/calling.h
+++ b/arch/x86/include/asm/calling.h
@@ -160,6 +160,17 @@ For 32-bit we have the following conventions - kernel is built with
        xorq    %rbx, %rbx
        .endm
 
+       .macro CLEAR_R8_TO_R15
+       xorq %r15, %r15
+       xorq %r14, %r14
+       xorq %r13, %r13
+       xorq %r12, %r12
+       xorq %r11, %r11
+       xorq %r10, %r10
+       xorq %r9, %r9
+       xorq %r8, %r8
+       .endm
+
        .macro RESTORE_C_REGS_HELPER rstor_rax=1, rstor_rcx=1, rstor_r11=1, rstor_r8910=1, rstor_rdx=1
        .if \rstor_r11
        movq_cfi_restore 6*8, r11