From: Konrad Rzeszutek Wilk Date: Sat, 13 Jan 2018 03:32:23 +0000 (-0500) Subject: x86: Move STUFF_RSB in to the idt macro X-Git-Tag: v4.1.12-124.31.3~1234 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=fd29a0e89b099bb2d7bb17a271c6382a8a4b62c5;p=users%2Fjedix%2Flinux-maple.git x86: Move STUFF_RSB in to the idt macro instead of it sitting in paranoid_entry or error_entry. The idea behind the STUFF_RSB is to be done _before_ any calls are done. Which means we really want this in the idt macro that is handled for exceptions - such as device not available, which currently looks as so: [Ignore the callq *0x40.. that gets converted to an 'cld'] : nop nop nop callq *0x40d0b7(%rip) # ffffffff81b55330 <= patched to cld pushq $0xffffffffffffffff sub $0x78,%rsp callq ffffffff81748ea0 <=== call! mov %rsp,%rdi xor %esi,%esi callq ffffffff81018830 test %rax,%rax jne ffffffff81747f10 jmpq ffffffff817490a0 nopl 0x0(%rax) By stuffing the RSB before the call to error_entry (or paranoid_entry) we remove the chance of this becoming an attack vector. While at it, remove the useless comment - we don't encode any frames in UEK4. OraBug: 27417150 Reviewed-by: Kris Van Hees Signed-off-by: Konrad Rzeszutek Wilk --- diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S index 993cba9ca08b..fef48172a35c 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -1022,6 +1022,7 @@ ENTRY(\sym) .endif ASM_CLAC + STUFF_RSB PARAVIRT_ADJUST_EXCEPTION_FRAME .ifeq \has_error_code @@ -1475,13 +1476,6 @@ ENTRY(paranoid_entry) SAVE_C_REGS 8 SAVE_EXTRA_REGS 8 - /* - * Have to do stuffing before encoding frame pointer. - * Could add some unnecessary RSB clearing if coming - * from kernel for non-SMEP platform. - */ - STUFF_RSB - movl $1,%ebx movl $MSR_GS_BASE,%ecx rdmsr @@ -1560,7 +1554,6 @@ ENTRY(error_entry) cld SAVE_C_REGS 8 SAVE_EXTRA_REGS 8 - STUFF_RSB /* * error_entry() always returns with a kernel gsbase and * CR3. We must also have a kernel CR3/gsbase before