Commit 8c42819b authored by Peter Zijlstra's avatar Peter Zijlstra Committed by Borislav Petkov
Browse files

x86/entry: Use PUSH_AND_CLEAR_REGS for compat 



Since the upper regs don't exist for ia32 code, preserving them
doesn't hurt and it simplifies the code.

This doesn't add any attack surface that would not already be
available through INT80.

Notably:

 - 32bit SYSENTER: didn't clear si, dx, cx.

 - 32bit SYSCALL, INT80: *do* clear si since the C functions don't
   take a second argument.

 - 64bit: didn't clear si since the C functions take a second
   argument; except the error_entry path might have only one argument,
   so clearing si was missing here.

32b SYSENTER should be clearing all those 3 registers, nothing uses them
and selftests pass.

Unconditionally clear rsi since it simplifies code.

Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220506121631.293889636@infradead.org
parent d205222e

arch/x86/entry/calling.h

+1 −0
Original line number Diff line number Diff line
@@ -99,6 +99,7 @@ For 32-bit we have the following conventions - kernel is built with 
	 * well before they could be put to use in a speculative execution

	 * gadget.

	 */

	xorl	%esi,  %esi	/* nospec si  */

	xorl	%edx,  %edx	/* nospec dx  */

	xorl	%ecx,  %ecx	/* nospec cx  */

	xorl	%r8d,  %r8d	/* nospec r8  */

arch/x86/entry/entry_64_compat.S

+3 −84
Original line number Diff line number Diff line
@@ -83,32 +83,7 @@ SYM_INNER_LABEL(entry_SYSENTER_compat_after_hwframe, SYM_L_GLOBAL) 
	movl	%eax, %eax



	pushq	%rax			/* pt_regs->orig_ax */

	pushq	%rdi			/* pt_regs->di */

	pushq	%rsi			/* pt_regs->si */

	pushq	%rdx			/* pt_regs->dx */

	pushq	%rcx			/* pt_regs->cx */

	pushq	$-ENOSYS		/* pt_regs->ax */

	pushq   $0			/* pt_regs->r8  = 0 */

	xorl	%r8d, %r8d		/* nospec   r8 */

	pushq   $0			/* pt_regs->r9  = 0 */

	xorl	%r9d, %r9d		/* nospec   r9 */

	pushq   $0			/* pt_regs->r10 = 0 */

	xorl	%r10d, %r10d		/* nospec   r10 */

	pushq   $0			/* pt_regs->r11 = 0 */

	xorl	%r11d, %r11d		/* nospec   r11 */

	pushq   %rbx                    /* pt_regs->rbx */

	xorl	%ebx, %ebx		/* nospec   rbx */

	pushq   %rbp                    /* pt_regs->rbp (will be overwritten) */

	xorl	%ebp, %ebp		/* nospec   rbp */

	pushq   $0			/* pt_regs->r12 = 0 */

	xorl	%r12d, %r12d		/* nospec   r12 */

	pushq   $0			/* pt_regs->r13 = 0 */

	xorl	%r13d, %r13d		/* nospec   r13 */

	pushq   $0			/* pt_regs->r14 = 0 */

	xorl	%r14d, %r14d		/* nospec   r14 */

	pushq   $0			/* pt_regs->r15 = 0 */

	xorl	%r15d, %r15d		/* nospec   r15 */



	PUSH_AND_CLEAR_REGS rax=$-ENOSYS

	UNWIND_HINT_REGS



	cld
@@ -225,35 +200,7 @@ SYM_INNER_LABEL(entry_SYSCALL_compat_safe_stack, SYM_L_GLOBAL) 
SYM_INNER_LABEL(entry_SYSCALL_compat_after_hwframe, SYM_L_GLOBAL)

	movl	%eax, %eax		/* discard orig_ax high bits */

	pushq	%rax			/* pt_regs->orig_ax */

	pushq	%rdi			/* pt_regs->di */

	pushq	%rsi			/* pt_regs->si */

	xorl	%esi, %esi		/* nospec   si */

	pushq	%rdx			/* pt_regs->dx */

	xorl	%edx, %edx		/* nospec   dx */

	pushq	%rbp			/* pt_regs->cx (stashed in bp) */

	xorl	%ecx, %ecx		/* nospec   cx */

	pushq	$-ENOSYS		/* pt_regs->ax */

	pushq   $0			/* pt_regs->r8  = 0 */

	xorl	%r8d, %r8d		/* nospec   r8 */

	pushq   $0			/* pt_regs->r9  = 0 */

	xorl	%r9d, %r9d		/* nospec   r9 */

	pushq   $0			/* pt_regs->r10 = 0 */

	xorl	%r10d, %r10d		/* nospec   r10 */

	pushq   $0			/* pt_regs->r11 = 0 */

	xorl	%r11d, %r11d		/* nospec   r11 */

	pushq   %rbx                    /* pt_regs->rbx */

	xorl	%ebx, %ebx		/* nospec   rbx */

	pushq   %rbp                    /* pt_regs->rbp (will be overwritten) */

	xorl	%ebp, %ebp		/* nospec   rbp */

	pushq   $0			/* pt_regs->r12 = 0 */

	xorl	%r12d, %r12d		/* nospec   r12 */

	pushq   $0			/* pt_regs->r13 = 0 */

	xorl	%r13d, %r13d		/* nospec   r13 */

	pushq   $0			/* pt_regs->r14 = 0 */

	xorl	%r14d, %r14d		/* nospec   r14 */

	pushq   $0			/* pt_regs->r15 = 0 */

	xorl	%r15d, %r15d		/* nospec   r15 */



	PUSH_AND_CLEAR_REGS rax=$-ENOSYS

	UNWIND_HINT_REGS



	movq	%rsp, %rdi
@@ -380,35 +327,7 @@ SYM_CODE_START(entry_INT80_compat) 
	pushq	0*8(%rax)		/* regs->orig_ax */

.Lint80_keep_stack:



	pushq	%rdi			/* pt_regs->di */

	pushq	%rsi			/* pt_regs->si */

	xorl	%esi, %esi		/* nospec   si */

	pushq	%rdx			/* pt_regs->dx */

	xorl	%edx, %edx		/* nospec   dx */

	pushq	%rcx			/* pt_regs->cx */

	xorl	%ecx, %ecx		/* nospec   cx */

	pushq	$-ENOSYS		/* pt_regs->ax */

	pushq   %r8			/* pt_regs->r8 */

	xorl	%r8d, %r8d		/* nospec   r8 */

	pushq   %r9			/* pt_regs->r9 */

	xorl	%r9d, %r9d		/* nospec   r9 */

	pushq   %r10			/* pt_regs->r10*/

	xorl	%r10d, %r10d		/* nospec   r10 */

	pushq   %r11			/* pt_regs->r11 */

	xorl	%r11d, %r11d		/* nospec   r11 */

	pushq   %rbx                    /* pt_regs->rbx */

	xorl	%ebx, %ebx		/* nospec   rbx */

	pushq   %rbp                    /* pt_regs->rbp */

	xorl	%ebp, %ebp		/* nospec   rbp */

	pushq   %r12                    /* pt_regs->r12 */

	xorl	%r12d, %r12d		/* nospec   r12 */

	pushq   %r13                    /* pt_regs->r13 */

	xorl	%r13d, %r13d		/* nospec   r13 */

	pushq   %r14                    /* pt_regs->r14 */

	xorl	%r14d, %r14d		/* nospec   r14 */

	pushq   %r15                    /* pt_regs->r15 */

	xorl	%r15d, %r15d		/* nospec   r15 */



	PUSH_AND_CLEAR_REGS rax=$-ENOSYS

	UNWIND_HINT_REGS



	cld