From: "tip-bot for H. Peter Anvin" <hpa@linux.intel.com>
To: linux-tip-commits@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, hpa@zytor.com, mingo@kernel.org,
tglx@linutronix.de, hpa@linux.intel.com
Subject: [tip:x86/smap] x86-32, smap: Add STAC/ CLAC instructions to 32-bit kernel entry
Date: Fri, 21 Sep 2012 17:16:26 -0700 [thread overview]
Message-ID: <tip-e59d1b0a24199db01978e6c1e89859eda93ce683@git.kernel.org> (raw)
In-Reply-To: <1348256595-29119-9-git-send-email-hpa@linux.intel.com>
Commit-ID: e59d1b0a24199db01978e6c1e89859eda93ce683
Gitweb: http://git.kernel.org/tip/e59d1b0a24199db01978e6c1e89859eda93ce683
Author: H. Peter Anvin <hpa@linux.intel.com>
AuthorDate: Fri, 21 Sep 2012 13:58:10 -0700
Committer: H. Peter Anvin <hpa@linux.intel.com>
CommitDate: Fri, 21 Sep 2012 14:04:27 -0700
x86-32, smap: Add STAC/CLAC instructions to 32-bit kernel entry
The changes to entry_32.S got missed in checkin:
63bcff2a x86, smap: Add STAC and CLAC instructions to control user space access
The resulting kernel was largely functional but SMAP protection could
have been bypassed.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/1348256595-29119-9-git-send-email-hpa@linux.intel.com
---
arch/x86/kernel/entry_32.S | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 623f288..9ebbeca 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -57,6 +57,7 @@
#include <asm/cpufeature.h>
#include <asm/alternative-asm.h>
#include <asm/asm.h>
+#include <asm/smap.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
@@ -407,7 +408,9 @@ sysenter_past_esp:
*/
cmpl $__PAGE_OFFSET-3,%ebp
jae syscall_fault
+ ASM_STAC
1: movl (%ebp),%ebp
+ ASM_CLAC
movl %ebp,PT_EBP(%esp)
_ASM_EXTABLE(1b,syscall_fault)
@@ -488,6 +491,7 @@ ENDPROC(ia32_sysenter_target)
# system call handler stub
ENTRY(system_call)
RING0_INT_FRAME # can't unwind into user space anyway
+ ASM_CLAC
pushl_cfi %eax # save orig_eax
SAVE_ALL
GET_THREAD_INFO(%ebp)
@@ -670,6 +674,7 @@ END(syscall_exit_work)
RING0_INT_FRAME # can't unwind into user space anyway
syscall_fault:
+ ASM_CLAC
GET_THREAD_INFO(%ebp)
movl $-EFAULT,PT_EAX(%esp)
jmp resume_userspace
@@ -825,6 +830,7 @@ END(interrupt)
*/
.p2align CONFIG_X86_L1_CACHE_SHIFT
common_interrupt:
+ ASM_CLAC
addl $-0x80,(%esp) /* Adjust vector into the [-256,-1] range */
SAVE_ALL
TRACE_IRQS_OFF
@@ -841,6 +847,7 @@ ENDPROC(common_interrupt)
#define BUILD_INTERRUPT3(name, nr, fn) \
ENTRY(name) \
RING0_INT_FRAME; \
+ ASM_CLAC; \
pushl_cfi $~(nr); \
SAVE_ALL; \
TRACE_IRQS_OFF \
@@ -857,6 +864,7 @@ ENDPROC(name)
ENTRY(coprocessor_error)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_coprocessor_error
jmp error_code
@@ -865,6 +873,7 @@ END(coprocessor_error)
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
#ifdef CONFIG_X86_INVD_BUG
/* AMD 486 bug: invd from userspace calls exception 19 instead of #GP */
@@ -886,6 +895,7 @@ END(simd_coprocessor_error)
ENTRY(device_not_available)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $-1 # mark this as an int
pushl_cfi $do_device_not_available
jmp error_code
@@ -906,6 +916,7 @@ END(native_irq_enable_sysexit)
ENTRY(overflow)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_overflow
jmp error_code
@@ -914,6 +925,7 @@ END(overflow)
ENTRY(bounds)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_bounds
jmp error_code
@@ -922,6 +934,7 @@ END(bounds)
ENTRY(invalid_op)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_invalid_op
jmp error_code
@@ -930,6 +943,7 @@ END(invalid_op)
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
@@ -938,6 +952,7 @@ END(coprocessor_segment_overrun)
ENTRY(invalid_TSS)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -945,6 +960,7 @@ END(invalid_TSS)
ENTRY(segment_not_present)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -952,6 +968,7 @@ END(segment_not_present)
ENTRY(stack_segment)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -959,6 +976,7 @@ END(stack_segment)
ENTRY(alignment_check)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -966,6 +984,7 @@ END(alignment_check)
ENTRY(divide_error)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0 # no error code
pushl_cfi $do_divide_error
jmp error_code
@@ -975,6 +994,7 @@ END(divide_error)
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi machine_check_vector
jmp error_code
@@ -984,6 +1004,7 @@ END(machine_check)
ENTRY(spurious_interrupt_bug)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $0
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
@@ -1207,6 +1228,7 @@ return_to_handler:
ENTRY(page_fault)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_page_fault
ALIGN
error_code:
@@ -1279,6 +1301,7 @@ END(page_fault)
ENTRY(debug)
RING0_INT_FRAME
+ ASM_CLAC
cmpl $ia32_sysenter_target,(%esp)
jne debug_stack_correct
FIX_STACK 12, debug_stack_correct, debug_esp_fix_insn
@@ -1303,6 +1326,7 @@ END(debug)
*/
ENTRY(nmi)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi %eax
movl %ss, %eax
cmpw $__ESPFIX_SS, %ax
@@ -1373,6 +1397,7 @@ END(nmi)
ENTRY(int3)
RING0_INT_FRAME
+ ASM_CLAC
pushl_cfi $-1 # mark this as an int
SAVE_ALL
TRACE_IRQS_OFF
@@ -1393,6 +1418,7 @@ END(general_protection)
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
RING0_EC_FRAME
+ ASM_CLAC
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
next prev parent reply other threads:[~2012-09-22 0:16 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-21 19:43 [PATCH 00/11] x86: Supervisor Mode Access Prevention H. Peter Anvin
2012-09-21 19:43 ` [PATCH 01/11] x86, cpufeature: Add feature bit for SMAP H. Peter Anvin
2012-09-21 19:43 ` [PATCH 02/11] x86-32, mm: The WP test should be done on a kernel page H. Peter Anvin
2012-09-21 19:58 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 03/11] x86, smap: Add CR4 bit for SMAP H. Peter Anvin
2012-09-21 19:59 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 04/11] x86, alternative: Use .pushsection/.popsection H. Peter Anvin
2012-09-21 20:00 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 05/11] x86, alternative: Add header guards to <asm/alternative-asm.h> H. Peter Anvin
2012-09-21 20:01 ` [tip:x86/smap] x86, alternative: Add header guards to <asm/ alternative-asm.h> tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 06/11] x86, smap: Add a header file with macros for STAC/CLAC H. Peter Anvin
2012-09-21 20:02 ` [tip:x86/smap] x86, smap: Add a header file with macros for STAC/ CLAC tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 07/11] x86, uaccess: Merge prototypes for clear_user/__clear_user H. Peter Anvin
2012-09-21 20:03 ` [tip:x86/smap] x86, uaccess: Merge prototypes for clear_user/ __clear_user tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 08/11] x86, smap: Add STAC and CLAC instructions to control user space access H. Peter Anvin
2012-09-21 20:04 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-22 0:16 ` tip-bot for H. Peter Anvin [this message]
2012-09-21 19:43 ` [PATCH 09/11] x86, smap: Turn on Supervisor Mode Access Prevention H. Peter Anvin
2012-09-21 20:05 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 10/11] x86, smap: A page fault due to SMAP is an oops H. Peter Anvin
2012-09-21 20:06 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:43 ` [PATCH 11/11] x86, smap: Reduce the SMAP overhead for signal handling H. Peter Anvin
2012-09-21 20:07 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-09-21 19:54 ` [PATCH 00/11] x86: Supervisor Mode Access Prevention Linus Torvalds
2012-09-21 19:57 ` H. Peter Anvin
2012-09-21 20:08 ` Ingo Molnar
2012-09-21 21:03 ` H. Peter Anvin
2012-09-21 21:09 ` Linus Torvalds
2012-09-21 21:12 ` H. Peter Anvin
2012-09-21 22:07 ` Eric W. Biederman
2012-09-21 22:12 ` H. Peter Anvin
2012-09-22 0:41 ` Eric W. Biederman
2012-09-24 23:27 ` [RFC PATCH] x86-32: Start out eflags and cr4 clean H. Peter Anvin
2012-09-25 13:27 ` Konrad Rzeszutek Wilk
2012-09-25 13:48 ` Ian Campbell
2012-09-26 11:29 ` Konrad Rzeszutek Wilk
2012-09-27 6:11 ` [tip:x86/smap] " tip-bot for H. Peter Anvin
2012-11-24 3:49 ` Yuhong Bao
2012-11-24 5:06 ` H. Peter Anvin
2012-09-27 6:11 ` [tip:x86/smap] x86, suspend: On wakeup always initialize cr4 and EFER tip-bot for H. Peter Anvin
2012-10-01 22:04 ` [tip:x86/urgent] x86, suspend: Correct the restore of CR4, EFER; skip computing EFLAGS.ID tip-bot for H. Peter Anvin
2012-10-02 6:52 ` tip-bot for H. Peter Anvin
2012-10-10 19:59 ` [RFC PATCH] x86-32: Start out eflags and cr4 clean Andres Salomon
2013-01-19 0:40 ` Andres Salomon
2013-01-19 0:42 ` H. Peter Anvin
2013-01-19 1:05 ` [Techteam] " Mitch Bradley
2013-01-19 2:35 ` H. Peter Anvin
2013-01-19 7:44 ` Mitch Bradley
2013-01-19 12:34 ` Daniel Drake
2013-01-19 19:15 ` [tip:x86/urgent] x86-32: Start out cr0 clean, disable paging before modifying cr3/4 tip-bot for H. Peter Anvin
2012-09-21 22:08 ` [PATCH 00/11] x86: Supervisor Mode Access Prevention Dave Jones
2012-09-21 22:10 ` H. Peter Anvin
2012-09-22 11:32 ` Ingo Molnar
2012-09-24 20:31 ` H. Peter Anvin
2012-09-24 20:43 ` Kees Cook
2012-09-24 20:51 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-e59d1b0a24199db01978e6c1e89859eda93ce683@git.kernel.org \
--to=hpa@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox