From b1e220eb008f5256a3abd3fb0c82147d9d399cf6 Mon Sep 17 00:00:00 2001 From: Andy Whitcroft Date: Wed, 31 Jan 2018 15:38:09 +0000 Subject: [PATCH 019/104] Revert "x86/syscall: Clear unused extra registers on syscall entrance" CVE-2017-5753 (revert embargoed) CVE-2017-5715 (revert embargoed) This reverts commit 7b5ea16f42b5e4860cf9033897bcdfa3e1209033. Signed-off-by: Andy Whitcroft --- arch/x86/entry/calling.h | 9 --------- arch/x86/entry/entry_64.S | 12 ++++-------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h index d537818ad285..015e0a84bb99 100644 --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -155,15 +155,6 @@ For 32-bit we have the following conventions - kernel is built with popq %rbx .endm - .macro CLEAR_EXTRA_REGS - xorq %r15, %r15 - xorq %r14, %r14 - xorq %r13, %r13 - xorq %r12, %r12 - xorq %rbp, %rbp - xorq %rbx, %rbx - .endm - .macro POP_C_REGS popq %r11 popq %r10 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 1118a6256c69..f6ec4ad5b114 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -231,16 +231,10 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) pushq %r9 /* pt_regs->r9 */ pushq %r10 /* pt_regs->r10 */ pushq %r11 /* pt_regs->r11 */ - sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not used */ + sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */ UNWIND_HINT_REGS extra=0 ENABLE_IBRS - /* - * Clear the unused extra regs for code hygiene. - * Will restore the callee saved extra regs at end of syscall. - */ - SAVE_EXTRA_REGS - CLEAR_EXTRA_REGS STUFF_RSB @@ -298,7 +292,7 @@ entry_SYSCALL_64_fastpath: movq RIP(%rsp), %rcx movq EFLAGS(%rsp), %r11 DISABLE_IBRS - POP_EXTRA_REGS + addq $6*8, %rsp /* skip extra regs -- they were preserved */ UNWIND_HINT_EMPTY jmp .Lpop_c_regs_except_rcx_r11_and_sysret @@ -310,12 +304,14 @@ entry_SYSCALL_64_fastpath: */ TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_ANY) + SAVE_EXTRA_REGS movq %rsp, %rdi call syscall_return_slowpath /* returns with IRQs disabled */ jmp return_from_SYSCALL_64 entry_SYSCALL64_slow_path: /* IRQs are off. */ + SAVE_EXTRA_REGS movq %rsp, %rdi call do_syscall_64 /* returns with IRQs disabled */ -- 2.15.1