From: Jamie Iles <jamie.iles@oracle.com>
Date: Tue, 9 Jan 2018 12:16:43 +0000 (+0000)
Subject: x86/entry_64: TRACE_IRQS_OFF before re-enabling.
X-Git-Tag: v4.1.12-124.31.3~1279
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=4c7c436d65ce884feeb126edfd7b1b1824c3fdfd;p=users%2Fjedix%2Flinux-maple.git

x86/entry_64: TRACE_IRQS_OFF before re-enabling.

Our TRACE_IRQS_OFF call introduced in d572bdfdeb7a (x86/entry: Stuff RSB
for entry to kernel for non-SMEP platform) is after we have already
called ENABLE_INTERRUPTS, resulting in:

WARNING: CPU: 1 PID: 1 at kernel/locking/lockdep.c:2639 trace_hardirqs_off_caller+0xb9/0x130()
DEBUG_LOCKS_WARN_ON(!irqs_disabled())
Modules linked in:
CPU: 1 PID: 1 Comm: init Not tainted 4.1.12+ #91
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
 0000000000000009 ffff88011955fdd8 ffffffff815e4336 ffff88011955fe58
 ffff880119550000 ffff88011955fe28 ffffffff810b556a ffff88011955fe28
 ffffffff8112cd59 0000000000000000 ffffed00232abfc7 ffffffff81ab5f31
Call Trace:
 [<ffffffff815e4336>] dump_stack+0x86/0xc0
 [<ffffffff810b556a>] warn_slowpath_common+0xca/0xf0
 [<ffffffff8112cd59>] ? trace_hardirqs_off_caller+0xb9/0x130
 [<ffffffff81ab5f31>] ? system_call_after_swapgs+0x17b/0x18c
 [<ffffffff810b5620>] warn_slowpath_fmt+0x90/0xb0
 [<ffffffff810b5590>] ? warn_slowpath_common+0xf0/0xf0
 [<ffffffff8112b663>] ? up_read+0x23/0x40
 [<ffffffff81133142>] ? mark_held_locks+0x22/0xd0
 [<ffffffff810a0150>] ? __do_page_fault+0x440/0x540
 [<ffffffff8112cd59>] trace_hardirqs_off_caller+0xb9/0x130
 [<ffffffff815fbbc1>] trace_hardirqs_off_thunk+0x17/0x19
 [<ffffffff81ab5f31>] ? system_call_after_swapgs+0x17b/0x18c

Move TRACE_IRQS_OFF to before interrupts have been re-enabled.

Orabug: 27344012
CVE:CVE-2017-5715

Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
---

diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index ed037398a2ad..752823b87543 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -224,6 +224,8 @@ GLOBAL(system_call_after_swapgs)
 
 	ENABLE_IBRS
 
+	TRACE_IRQS_OFF
+
 	/* Construct struct pt_regs on stack */
 	pushq_cfi $__USER_DS			/* pt_regs->ss */
 	pushq_cfi PER_CPU_VAR(rsp_scratch)	/* pt_regs->sp */
@@ -261,8 +263,6 @@ GLOBAL(system_call_after_swapgs)
 
 	STUFF_RSB
 
-	TRACE_IRQS_OFF
-
 	testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
 	jnz tracesys
 system_call_fastpath: