From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755250AbbJGQSZ (ORCPT ); Wed, 7 Oct 2015 12:18:25 -0400 Received: from terminus.zytor.com ([198.137.202.10]:57395 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754036AbbJGQSU (ORCPT ); Wed, 7 Oct 2015 12:18:20 -0400 Date: Wed, 7 Oct 2015 09:17:23 -0700 From: tip-bot for Andy Lutomirski Message-ID: Cc: mingo@kernel.org, hpa@zytor.com, luto@amacapital.net, tglx@linutronix.de, dvlasenk@redhat.com, torvalds@linux-foundation.org, bp@alien8.de, luto@kernel.org, linux-kernel@vger.kernel.org, peterz@infradead.org, brgerst@gmail.com Reply-To: brgerst@gmail.com, peterz@infradead.org, linux-kernel@vger.kernel.org, luto@kernel.org, bp@alien8.de, torvalds@linux-foundation.org, dvlasenk@redhat.com, tglx@linutronix.de, hpa@zytor.com, luto@amacapital.net, mingo@kernel.org In-Reply-To: <19eb235828b2d2a52c53459e09f2974e15e65a35.1444091584.git.luto@kernel.org> References: <19eb235828b2d2a52c53459e09f2974e15e65a35.1444091584.git.luto@kernel.org> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/asm] x86/entry/64/compat: Fix SYSENTER' s NT flag before user memory access Git-Commit-ID: dd27f998f0ed3c797032a82033fa191be7c61e4c X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: dd27f998f0ed3c797032a82033fa191be7c61e4c Gitweb: http://git.kernel.org/tip/dd27f998f0ed3c797032a82033fa191be7c61e4c Author: Andy Lutomirski AuthorDate: Mon, 5 Oct 2015 17:47:53 -0700 Committer: Ingo Molnar CommitDate: Wed, 7 Oct 2015 11:34:07 +0200 x86/entry/64/compat: Fix SYSENTER's NT flag before user memory access Clearing NT is part of the prologue, whereas loading up arg6 makes more sense to think about as part of syscall processing. Reorder them. Signed-off-by: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Link: http://lkml.kernel.org/r/19eb235828b2d2a52c53459e09f2974e15e65a35.1444091584.git.luto@kernel.org Signed-off-by: Ingo Molnar --- arch/x86/entry/entry_64_compat.S | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S index a9360d4..e2cca89 100644 --- a/arch/x86/entry/entry_64_compat.S +++ b/arch/x86/entry/entry_64_compat.S @@ -89,15 +89,6 @@ ENTRY(entry_SYSENTER_compat) sub $(10*8), %rsp /* pt_regs->r8-11, bp, bx, r12-15 not saved */ /* - * no need to do an access_ok check here because rbp has been - * 32-bit zero extended - */ - ASM_STAC -1: movl (%rbp), %ebp - _ASM_EXTABLE(1b, ia32_badarg) - ASM_CLAC - - /* * Sysenter doesn't filter flags, so we need to clear NT * ourselves. To save a few cycles, we can check whether * NT was set instead of doing an unconditional popfq. @@ -106,6 +97,15 @@ ENTRY(entry_SYSENTER_compat) jnz sysenter_fix_flags sysenter_flags_fixed: + /* + * No need to do an access_ok() check here because RBP has been + * 32-bit zero extended: + */ + ASM_STAC +1: movl (%rbp), %ebp + _ASM_EXTABLE(1b, ia32_badarg) + ASM_CLAC + orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS) testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS) jnz sysenter_tracesys