[PATCH] x86/entry/compat: Add missing CLAC to entry_INT80_32

[PATCH] x86/entry/compat: Add missing CLAC to entry_INT80_32

[Andy Lutomirski]

This doesn't seem to fix a regression -- I don't think the CLAC was
ever there.

I double-checked in a debugger: entries through the int80 gate do
not automatically clear AC.

Stable maintainers: I can provide a backport to 4.3 and earlier if
needed.  This needs to be backported all the way to 3.10.

Reported-by: Brian Gerst <brgerst@gmail.com>
Cc: stable@vger.kernel.org
Fixes: 63bcff2a307b ("x86, smap: Add STAC and CLAC instructions to control user space access")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 arch/x86/entry/entry_64_compat.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index 5e887ee35662..41fbb3389a2f 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -261,6 +261,7 @@ ENTRY(entry_INT80_compat)
 	 * Interrupts are off on entry.
 	 */
 	PARAVIRT_ADJUST_EXCEPTION_FRAME
+	ASM_CLAC			/* Do this early to minimize exposure */
 	SWAPGS
 
 	/*
-- 
2.5.0

[3.xx-stable backport] x86/entry/compat: Add missing CLAC to entry_INT80_32

[Kamal Mostafa]

From: Andy Lutomirski <luto@kernel.org>

commit 3d44d51bd339766f0178f0cf2e8d048b4a4872aa upstream.

This doesn't seem to fix a regression -- I don't think the CLAC was
ever there.

I double-checked in a debugger: entries through the int80 gate do
not automatically clear AC.

Stable maintainers: I can provide a backport to 4.3 and earlier if
needed.  This needs to be backported all the way to 3.10.

Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org> # v3.10 and later
Fixes: 63bcff2a307b ("x86, smap: Add STAC and CLAC instructions to control user space access")
Link: http://lkml.kernel.org/r/b02b7e71ae54074be01fc171cbd4b72517055c0e.1456345086.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
[ kamal: backport to 3.10 through 3.19-stable: file rename; context ]
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 arch/x86/ia32/ia32entry.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 82e8a1d..164f541 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -422,6 +422,7 @@ ENTRY(ia32_syscall)
 	/*CFI_REL_OFFSET	cs,CS-RIP*/
 	CFI_REL_OFFSET	rip,RIP-RIP
 	PARAVIRT_ADJUST_EXCEPTION_FRAME
+	ASM_CLAC			/* Do this early to minimize exposure */
 	SWAPGS
 	/*
 	 * No need to follow this irqs on/off section: the syscall
-- 
2.7.0

Re: [3.xx-stable backport] x86/entry/compat: Add missing CLAC to entry_INT80_32

[Andy Lutomirski]

On Fri, Mar 4, 2016 at 10:46 AM, Kamal Mostafa <kamal@canonical.com> wrote:
> From: Andy Lutomirski <luto@kernel.org>
>
> commit 3d44d51bd339766f0178f0cf2e8d048b4a4872aa upstream.
>

This backport looks good to me.  Greg, can you use it for your trees?

--Andy

Re: [3.xx-stable backport] x86/entry/compat: Add missing CLAC to entry_INT80_32

[Greg Kroah-Hartman]

On Fri, Mar 04, 2016 at 02:21:27PM -0800, Andy Lutomirski wrote:
> On Fri, Mar 4, 2016 at 10:46 AM, Kamal Mostafa <kamal@canonical.com> wrote:
> > From: Andy Lutomirski <luto@kernel.org>
> >
> > commit 3d44d51bd339766f0178f0cf2e8d048b4a4872aa upstream.
> >
> 
> This backport looks good to me.  Greg, can you use it for your trees?

Now applied, thanks.

greg k-h

Re: [3.xx-stable backport] x86/entry/compat: Add missing CLAC to entry_INT80_32

[Luis Henriques]

On Fri, Mar 04, 2016 at 10:46:22AM -0800, Kamal Mostafa wrote:
> From: Andy Lutomirski <luto@kernel.org>
> 
> commit 3d44d51bd339766f0178f0cf2e8d048b4a4872aa upstream.
> 
> This doesn't seem to fix a regression -- I don't think the CLAC was
> ever there.
> 
> I double-checked in a debugger: entries through the int80 gate do
> not automatically clear AC.
> 
> Stable maintainers: I can provide a backport to 4.3 and earlier if
> needed.  This needs to be backported all the way to 3.10.
> 
> Reported-by: Brian Gerst <brgerst@gmail.com>
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> Cc: Andy Lutomirski <luto@amacapital.net>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Denys Vlasenko <dvlasenk@redhat.com>
> Cc: H. Peter Anvin <hpa@zytor.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: <stable@vger.kernel.org> # v3.10 and later
> Fixes: 63bcff2a307b ("x86, smap: Add STAC and CLAC instructions to control user space access")
> Link: http://lkml.kernel.org/r/b02b7e71ae54074be01fc171cbd4b72517055c0e.1456345086.git.luto@kernel.org
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> [ kamal: backport to 3.10 through 3.19-stable: file rename; context ]

Thanks Kamal, I'll queue it for the 3.16 kernel.

Cheers,
--
Lu�s

> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> ---
>  arch/x86/ia32/ia32entry.S | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
> index 82e8a1d..164f541 100644
> --- a/arch/x86/ia32/ia32entry.S
> +++ b/arch/x86/ia32/ia32entry.S
> @@ -422,6 +422,7 @@ ENTRY(ia32_syscall)
>  	/*CFI_REL_OFFSET	cs,CS-RIP*/
>  	CFI_REL_OFFSET	rip,RIP-RIP
>  	PARAVIRT_ADJUST_EXCEPTION_FRAME
> +	ASM_CLAC			/* Do this early to minimize exposure */
>  	SWAPGS
>  	/*
>  	 * No need to follow this irqs on/off section: the syscall
> -- 
> 2.7.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html