Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 04f3b8beca
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0157-x86-entry-64-Remove-the-SYSENTER-stack-canary.patch

0157-x86-entry-64-Remove-the-SYSENTER-stack-canary.patch 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. From b153f8e687bf0739b113445d3cfe029593e9484a Mon Sep 17 00:00:00 2001
    2. 

  2. From: Andy Lutomirski <[email protected]>
    3. 

  3. Date: Mon, 4 Dec 2017 15:07:27 +0100
    4. 

  4. Subject: [PATCH 157/241] x86/entry/64: Remove the SYSENTER stack canary
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. Now that the SYSENTER stack has a guard page, there's no need for a canary
    12. 

  12. to detect overflow after the fact.
    13. 

  13. 

  14. Signed-off-by: Andy Lutomirski <[email protected]>
    15. 

  15. Signed-off-by: Thomas Gleixner <[email protected]>
    16. 

  16. Reviewed-by: Thomas Gleixner <[email protected]>
    17. 

  17. Reviewed-by: Borislav Petkov <[email protected]>
    18. 

  18. Cc: Boris Ostrovsky <[email protected]>
    19. 

  19. Cc: Borislav Petkov <[email protected]>
    20. 

  20. Cc: Borislav Petkov <[email protected]>
    21. 

  21. Cc: Brian Gerst <[email protected]>
    22. 

  22. Cc: Dave Hansen <[email protected]>
    23. 

  23. Cc: Dave Hansen <[email protected]>
    24. 

  24. Cc: David Laight <[email protected]>
    25. 

  25. Cc: Denys Vlasenko <[email protected]>
    26. 

  26. Cc: Eduardo Valentin <[email protected]>
    27. 

  27. Cc: Greg KH <[email protected]>
    28. 

  28. Cc: H. Peter Anvin <[email protected]>
    29. 

  29. Cc: Josh Poimboeuf <[email protected]>
    30. 

  30. Cc: Juergen Gross <[email protected]>
    31. 

  31. Cc: Linus Torvalds <[email protected]>
    32. 

  32. Cc: Peter Zijlstra <[email protected]>
    33. 

  33. Cc: Rik van Riel <[email protected]>
    34. 

  34. Cc: Will Deacon <[email protected]>
    35. 

  35. Cc: [email protected]
    36. 

  36. Cc: [email protected]
    37. 

  37. Cc: [email protected]
    38. 

  38. Cc: [email protected]
    39. 

  39. Link: https://lkml.kernel.org/r/[email protected]
    40. 

  40. Signed-off-by: Ingo Molnar <[email protected]>
    41. 

  41. (cherry picked from commit 7fbbd5cbebf118a9e09f5453f686656a167c3d1c)
    42. 

  42. Signed-off-by: Andy Whitcroft <[email protected]>
    43. 

  43. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    44. 

  44. (cherry picked from commit 8158adf795cb48be67891feacacc36d7a247afdf)
    45. 

  45. Signed-off-by: Fabian Grünbichler <[email protected]>
    46. 

  46. ---
    47. 

  47.  arch/x86/include/asm/processor.h | 1 -
    48. 

  48.  arch/x86/kernel/dumpstack.c      | 3 +--
    49. 

  49.  arch/x86/kernel/process.c        | 1 -
    50. 

  50.  arch/x86/kernel/traps.c          | 7 -------
    51. 

  51.  4 files changed, 1 insertion(+), 11 deletions(-)
    52. 

  52. 

  53. diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
    54. 

  54. index 1bfe4bad797a..4737d378d7b5 100644
    55. 

  55. --- a/arch/x86/include/asm/processor.h
    56. 

  56. +++ b/arch/x86/include/asm/processor.h
    57. 

  57. @@ -335,7 +335,6 @@ struct tss_struct {
    58. 

  58.  	 * Space for the temporary SYSENTER stack, used for SYSENTER
    59. 

  59.  	 * and the entry trampoline as well.
    60. 

  60.  	 */
    61. 

  61. -	unsigned long		SYSENTER_stack_canary;
    62. 

  62.  	unsigned long		SYSENTER_stack[64];
    63. 

  63.  
    64. 

  64.  	/*
    65. 

  65. diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
    66. 

  66. index c1f503673f1e..c32c6cce9dcc 100644
    67. 

  67. --- a/arch/x86/kernel/dumpstack.c
    68. 

  68. +++ b/arch/x86/kernel/dumpstack.c
    69. 

  69. @@ -48,8 +48,7 @@ bool in_sysenter_stack(unsigned long *stack, struct stack_info *info)
    70. 

  70.  	int cpu = smp_processor_id();
    71. 

  71.  	struct tss_struct *tss = &get_cpu_entry_area(cpu)->tss;
    72. 

  72.  
    73. 

  73. -	/* Treat the canary as part of the stack for unwinding purposes. */
    74. 

  74. -	void *begin = &tss->SYSENTER_stack_canary;
    75. 

  75. +	void *begin = &tss->SYSENTER_stack;
    76. 

  76.  	void *end = (void *)&tss->SYSENTER_stack + sizeof(tss->SYSENTER_stack);
    77. 

  77.  
    78. 

  78.  	if ((void *)stack < begin || (void *)stack >= end)
    79. 

  79. diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
    80. 

  80. index 407fc37a8718..ec758390d24e 100644
    81. 

  81. --- a/arch/x86/kernel/process.c
    82. 

  82. +++ b/arch/x86/kernel/process.c
    83. 

  83. @@ -80,7 +80,6 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
    84. 

  84.  	  */
    85. 

  85.  	.io_bitmap		= { [0 ... IO_BITMAP_LONGS] = ~0 },
    86. 

  86.  #endif
    87. 

  87. -	.SYSENTER_stack_canary	= STACK_END_MAGIC,
    88. 

  88.  };
    89. 

  89.  EXPORT_PER_CPU_SYMBOL(cpu_tss);
    90. 

  90.  
    91. 

  91. diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
    92. 

  92. index fd4d47e8672e..2818c83892b3 100644
    93. 

  93. --- a/arch/x86/kernel/traps.c
    94. 

  94. +++ b/arch/x86/kernel/traps.c
    95. 

  95. @@ -826,13 +826,6 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code)
    96. 

  96.  	debug_stack_usage_dec();
    97. 

  97.  
    98. 

  98.  exit:
    99. 

  99. -	/*
    100. 

  100. -	 * This is the most likely code path that involves non-trivial use
    101. 

  101. -	 * of the SYSENTER stack.  Check that we haven't overrun it.
    102. 

  102. -	 */
    103. 

  103. -	WARN(this_cpu_read(cpu_tss.SYSENTER_stack_canary) != STACK_END_MAGIC,
    104. 

  104. -	     "Overran or corrupted SYSENTER stack\n");
    105. 

  105. -
    106. 

  106.  	ist_exit(regs);
    107. 

  107.  }
    108. 

  108.  NOKPROBE_SYMBOL(do_debug);
    109. 

  109. -- 
    110. 

  110. 2.14.2
    111. 

  111.