]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob
projects / thirdparty / kernel / stable-queue.git / blob
? search:


4ebb231dc518d37c2c34ca6b9b73cd731434667f
[thirdparty/kernel/stable-queue.git] /
1 From 3ac6d8c787b835b997eb23e43e09aa0895ef7d58 Mon Sep 17 00:00:00 2001
2 From: Dan Williams <dan.j.williams@intel.com>
3 Date: Mon, 5 Feb 2018 17:18:11 -0800
4 Subject: x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
5
6 From: Dan Williams <dan.j.williams@intel.com>
7
8 commit 3ac6d8c787b835b997eb23e43e09aa0895ef7d58 upstream.
9
10 Clear the 'extra' registers on entering the 64-bit kernel for exceptions
11 and interrupts. The common registers are not cleared since they are
12 likely clobbered well before they can be exploited in a speculative
13 execution attack.
14
15 Originally-From: Andi Kleen <ak@linux.intel.com>
16 Signed-off-by: Dan Williams <dan.j.williams@intel.com>
17 Cc: <stable@vger.kernel.org>
18 Cc: Andy Lutomirski <luto@kernel.org>
19 Cc: Borislav Petkov <bp@alien8.de>
20 Cc: Brian Gerst <brgerst@gmail.com>
21 Cc: Denys Vlasenko <dvlasenk@redhat.com>
22 Cc: H. Peter Anvin <hpa@zytor.com>
23 Cc: Josh Poimboeuf <jpoimboe@redhat.com>
24 Cc: Linus Torvalds <torvalds@linux-foundation.org>
25 Cc: Peter Zijlstra <peterz@infradead.org>
26 Cc: Thomas Gleixner <tglx@linutronix.de>
27 Link: http://lkml.kernel.org/r/151787989146.7847.15749181712358213254.stgit@dwillia2-desk3.amr.corp.intel.com
28 [ Made small improvements to the changelog and the code comments. ]
29 Signed-off-by: Ingo Molnar <mingo@kernel.org>
30 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
31
32 ---
33 arch/x86/entry/calling.h | 19 +++++++++++++++++++
34 arch/x86/entry/entry_64.S | 6 +++++-
35 2 files changed, 24 insertions(+), 1 deletion(-)
36
37 --- a/arch/x86/entry/calling.h
38 +++ b/arch/x86/entry/calling.h
39 @@ -147,6 +147,25 @@ For 32-bit we have the following convent
40 UNWIND_HINT_REGS offset=\offset
41 .endm
42
43 + /*
44 + * Sanitize registers of values that a speculation attack
45 + * might otherwise want to exploit. The lower registers are
46 + * likely clobbered well before they could be put to use in
47 + * a speculative execution gadget:
48 + */
49 + .macro CLEAR_REGS_NOSPEC
50 + xorl %ebp, %ebp
51 + xorl %ebx, %ebx
52 + xorq %r8, %r8
53 + xorq %r9, %r9
54 + xorq %r10, %r10
55 + xorq %r11, %r11
56 + xorq %r12, %r12
57 + xorq %r13, %r13
58 + xorq %r14, %r14
59 + xorq %r15, %r15
60 + .endm
61 +
62 .macro POP_EXTRA_REGS
63 popq %r15
64 popq %r14
65 --- a/arch/x86/entry/entry_64.S
66 +++ b/arch/x86/entry/entry_64.S
67 @@ -575,6 +575,7 @@ END(irq_entries_start)
68 ALLOC_PT_GPREGS_ON_STACK
69 SAVE_C_REGS
70 SAVE_EXTRA_REGS
71 + CLEAR_REGS_NOSPEC
72 ENCODE_FRAME_POINTER
73
74 testb $3, CS(%rsp)
75 @@ -1133,6 +1134,7 @@ ENTRY(xen_failsafe_callback)
76 ALLOC_PT_GPREGS_ON_STACK
77 SAVE_C_REGS
78 SAVE_EXTRA_REGS
79 + CLEAR_REGS_NOSPEC
80 ENCODE_FRAME_POINTER
81 jmp error_exit
82 END(xen_failsafe_callback)
83 @@ -1178,6 +1180,7 @@ ENTRY(paranoid_entry)
84 cld
85 SAVE_C_REGS 8
86 SAVE_EXTRA_REGS 8
87 + CLEAR_REGS_NOSPEC
88 ENCODE_FRAME_POINTER 8
89 movl $1, %ebx
90 movl $MSR_GS_BASE, %ecx
91 @@ -1230,8 +1233,8 @@ ENTRY(error_entry)
92 cld
93 SAVE_C_REGS 8
94 SAVE_EXTRA_REGS 8
95 + CLEAR_REGS_NOSPEC
96 ENCODE_FRAME_POINTER 8
97 - xorl %ebx, %ebx
98 testb $3, CS+8(%rsp)
99 jz .Lerror_kernelspace
100
101 @@ -1428,6 +1431,7 @@ ENTRY(nmi)
102 pushq %r14 /* pt_regs->r14 */
103 pushq %r15 /* pt_regs->r15 */
104 UNWIND_HINT_REGS
105 + CLEAR_REGS_NOSPEC
106 ENCODE_FRAME_POINTER
107
108 /*
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git