From 1d24283257e6b87791afac0ed8c1eef5ac0ea573 Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@canonical.com>
Date: Fri, 26 Jan 2018 12:36:58 +0000
Subject: [PATCH 17/89] Revert "x86/syscall: Clear unused extra registers on
 32-bit compatible syscall entrance"

CVE-2017-5753 (revert embargoed)
CVE-2017-5715 (revert embargoed)

This reverts commit 725ad2ef81ccceb3e31a7263faae2059d05e2c48.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 arch/x86/entry/calling.h         | 11 -----------
 arch/x86/entry/entry_64_compat.S | 18 ++++--------------
 2 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
index 0e34002bc801..d537818ad285 100644
--- a/arch/x86/entry/calling.h
+++ b/arch/x86/entry/calling.h
@@ -155,17 +155,6 @@ For 32-bit we have the following conventions - kernel is built with
 	popq %rbx
 	.endm
 
-	.macro CLEAR_R8_TO_R15
-	xorq %r15, %r15
-	xorq %r14, %r14
-	xorq %r13, %r13
-	xorq %r12, %r12
-	xorq %r11, %r11
-	xorq %r10, %r10
-	xorq %r9, %r9
-	xorq %r8, %r8
-	.endm
-
 	.macro CLEAR_EXTRA_REGS
 	xorq %r15, %r15
 	xorq %r14, %r14
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index 8d7ae9657375..1480222bae02 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -99,8 +99,6 @@ ENTRY(entry_SYSENTER_compat)
 	ENABLE_IBRS
 	STUFF_RSB
 
-	CLEAR_R8_TO_R15
-
 	/*
 	 * SYSENTER doesn't filter flags, so we need to clear NT and AC
 	 * ourselves.  To save a few cycles, we can check whether
@@ -225,12 +223,10 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
 	pushq   $0			/* pt_regs->r11 = 0 */
 	pushq   %rbx                    /* pt_regs->rbx */
 	pushq   %rbp                    /* pt_regs->rbp (will be overwritten) */
-	pushq   %r12                    /* pt_regs->r12 */
-	pushq   %r13                    /* pt_regs->r13 */
-	pushq   %r14                    /* pt_regs->r14 */
-	pushq   %r15                    /* pt_regs->r15 */
-
-	CLEAR_R8_TO_R15
+	pushq   $0			/* pt_regs->r12 = 0 */
+	pushq   $0			/* pt_regs->r13 = 0 */
+	pushq   $0			/* pt_regs->r14 = 0 */
+	pushq   $0			/* pt_regs->r15 = 0 */
 
 	STUFF_RSB
 
@@ -249,10 +245,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
 	/* Opportunistic SYSRET */
 sysret32_from_system_call:
 	TRACE_IRQS_ON			/* User mode traces as IRQs on. */
-	movq    R15(%rsp), %r15         /* pt_regs->r15 */
-	movq    R14(%rsp), %r14         /* pt_regs->r14 */
-	movq    R13(%rsp), %r13         /* pt_regs->r13 */
-	movq    R12(%rsp), %r12         /* pt_regs->r12 */
 	movq	RBX(%rsp), %rbx		/* pt_regs->rbx */
 	movq	RBP(%rsp), %rbp		/* pt_regs->rbp */
 	movq	EFLAGS(%rsp), %r11	/* pt_regs->flags (in r11) */
@@ -367,8 +359,6 @@ ENTRY(entry_INT80_compat)
 	ENABLE_IBRS
 	STUFF_RSB
 
-	CLEAR_R8_TO_R15
-
 	/*
 	 * User mode is traced as though IRQs are on, and the interrupt
 	 * gate turned them off.
-- 
2.15.1