Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 633c5ed17f
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0059-x86-head-Add-unwind-hint-annotations.patch

0059-x86-head-Add-unwind-hint-annotations.patch 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. From 6ef121f444bab6ac294e1eda62eb727ee639c6d7 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Josh Poimboeuf <[email protected]>
    3. 

  3. Date: Mon, 18 Sep 2017 21:43:37 -0500
    4. 

  4. Subject: [PATCH 059/242] x86/head: Add unwind hint annotations
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. Jiri Slaby reported an ORC issue when unwinding from an idle task.  The
    12. 

  12. stack was:
    13. 

  13. 

  14.     ffffffff811083c2 do_idle+0x142/0x1e0
    15. 

  15.     ffffffff8110861d cpu_startup_entry+0x5d/0x60
    16. 

  16.     ffffffff82715f58 start_kernel+0x3ff/0x407
    17. 

  17.     ffffffff827153e8 x86_64_start_kernel+0x14e/0x15d
    18. 

  18.     ffffffff810001bf secondary_startup_64+0x9f/0xa0
    19. 

  19. 

  20. The ORC unwinder errored out at secondary_startup_64 because the head
    21. 

  21. code isn't annotated yet so there wasn't a corresponding ORC entry.
    22. 

  22. 

  23. Fix that and any other head-related unwinding issues by adding unwind
    24. 

  24. hints to the head code.
    25. 

  25. 

  26. Reported-by: Jiri Slaby <[email protected]>
    27. 

  27. Tested-by: Jiri Slaby <[email protected]>
    28. 

  28. Signed-off-by: Josh Poimboeuf <[email protected]>
    29. 

  29. Cc: Andy Lutomirski <[email protected]>
    30. 

  30. Cc: Boris Ostrovsky <[email protected]>
    31. 

  31. Cc: Juergen Gross <[email protected]>
    32. 

  32. Cc: Linus Torvalds <[email protected]>
    33. 

  33. Cc: Peter Zijlstra <[email protected]>
    34. 

  34. Cc: Thomas Gleixner <[email protected]>
    35. 

  35. Link: http://lkml.kernel.org/r/78ef000a2f68f545d6eef44ee912edceaad82ccf.1505764066.git.jpoimboe@redhat.com
    36. 

  36. Signed-off-by: Ingo Molnar <[email protected]>
    37. 

  37. (cherry picked from commit 2704fbb672d0d9a19414907fda7949283dcef6a1)
    38. 

  38. Signed-off-by: Andy Whitcroft <[email protected]>
    39. 

  39. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    40. 

  40. (cherry picked from commit b63a868e404e64172afefea553c6a40963a151db)
    41. 

  41. Signed-off-by: Fabian Grünbichler <[email protected]>
    42. 

  42. ---
    43. 

  43.  arch/x86/kernel/Makefile  |  1 -
    44. 

  44.  arch/x86/kernel/head_64.S | 14 ++++++++++++--
    45. 

  45.  2 files changed, 12 insertions(+), 3 deletions(-)
    46. 

  46. 

  47. diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
    48. 

  48. index 287eac7d207f..e2315aecc441 100644
    49. 

  49. --- a/arch/x86/kernel/Makefile
    50. 

  50. +++ b/arch/x86/kernel/Makefile
    51. 

  51. @@ -26,7 +26,6 @@ KASAN_SANITIZE_dumpstack.o				:= n
    52. 

  52.  KASAN_SANITIZE_dumpstack_$(BITS).o			:= n
    53. 

  53.  KASAN_SANITIZE_stacktrace.o := n
    54. 

  54.  
    55. 

  55. -OBJECT_FILES_NON_STANDARD_head_$(BITS).o		:= y
    56. 

  56.  OBJECT_FILES_NON_STANDARD_relocate_kernel_$(BITS).o	:= y
    57. 

  57.  OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o		:= y
    58. 

  58.  OBJECT_FILES_NON_STANDARD_test_nx.o			:= y
    59. 

  59. diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
    60. 

  60. index 45b18b1a6417..d081bc7a027d 100644
    61. 

  61. --- a/arch/x86/kernel/head_64.S
    62. 

  62. +++ b/arch/x86/kernel/head_64.S
    63. 

  63. @@ -49,6 +49,7 @@ L3_START_KERNEL = pud_index(__START_KERNEL_map)
    64. 

  64.  	.code64
    65. 

  65.  	.globl startup_64
    66. 

  66.  startup_64:
    67. 

  67. +	UNWIND_HINT_EMPTY
    68. 

  68.  	/*
    69. 

  69.  	 * At this point the CPU runs in 64bit mode CS.L = 1 CS.D = 0,
    70. 

  70.  	 * and someone has loaded an identity mapped page table
    71. 

  71. @@ -81,6 +82,7 @@ startup_64:
    72. 

  72.  	movq	$(early_top_pgt - __START_KERNEL_map), %rax
    73. 

  73.  	jmp 1f
    74. 

  74.  ENTRY(secondary_startup_64)
    75. 

  75. +	UNWIND_HINT_EMPTY
    76. 

  76.  	/*
    77. 

  77.  	 * At this point the CPU runs in 64bit mode CS.L = 1 CS.D = 0,
    78. 

  78.  	 * and someone has loaded a mapped page table.
    79. 

  79. @@ -116,6 +118,7 @@ ENTRY(secondary_startup_64)
    80. 

  80.  	movq	$1f, %rax
    81. 

  81.  	jmp	*%rax
    82. 

  82.  1:
    83. 

  83. +	UNWIND_HINT_EMPTY
    84. 

  84.  
    85. 

  85.  	/* Check if nx is implemented */
    86. 

  86.  	movl	$0x80000001, %eax
    87. 

  87. @@ -230,6 +233,7 @@ END(secondary_startup_64)
    88. 

  88.   */
    89. 

  89.  ENTRY(start_cpu0)
    90. 

  90.  	movq	initial_stack(%rip), %rsp
    91. 

  91. +	UNWIND_HINT_EMPTY
    92. 

  92.  	jmp	.Ljump_to_C_code
    93. 

  93.  ENDPROC(start_cpu0)
    94. 

  94.  #endif
    95. 

  95. @@ -254,13 +258,18 @@ ENTRY(early_idt_handler_array)
    96. 

  96.  	i = 0
    97. 

  97.  	.rept NUM_EXCEPTION_VECTORS
    98. 

  98.  	.ifeq (EXCEPTION_ERRCODE_MASK >> i) & 1
    99. 

  99. -	pushq $0		# Dummy error code, to make stack frame uniform
    100. 

  100. +		UNWIND_HINT_IRET_REGS
    101. 

  101. +		pushq $0	# Dummy error code, to make stack frame uniform
    102. 

  102. +	.else
    103. 

  103. +		UNWIND_HINT_IRET_REGS offset=8
    104. 

  104.  	.endif
    105. 

  105.  	pushq $i		# 72(%rsp) Vector number
    106. 

  106.  	jmp early_idt_handler_common
    107. 

  107. +	UNWIND_HINT_IRET_REGS
    108. 

  108.  	i = i + 1
    109. 

  109.  	.fill early_idt_handler_array + i*EARLY_IDT_HANDLER_SIZE - ., 1, 0xcc
    110. 

  110.  	.endr
    111. 

  111. +	UNWIND_HINT_IRET_REGS offset=16
    112. 

  112.  END(early_idt_handler_array)
    113. 

  113.  
    114. 

  114.  early_idt_handler_common:
    115. 

  115. @@ -289,6 +298,7 @@ early_idt_handler_common:
    116. 

  116.  	pushq %r13				/* pt_regs->r13 */
    117. 

  117.  	pushq %r14				/* pt_regs->r14 */
    118. 

  118.  	pushq %r15				/* pt_regs->r15 */
    119. 

  119. +	UNWIND_HINT_REGS
    120. 

  120.  
    121. 

  121.  	cmpq $14,%rsi		/* Page fault? */
    122. 

  122.  	jnz 10f
    123. 

  123. @@ -411,7 +421,7 @@ ENTRY(phys_base)
    124. 

  124.  EXPORT_SYMBOL(phys_base)
    125. 

  125.  
    126. 

  126.  #include "../../x86/xen/xen-head.S"
    127. 

  127. -	
    128. 

  128. +
    129. 

  129.  	__PAGE_ALIGNED_BSS
    130. 

  130.  NEXT_PAGE(empty_zero_page)
    131. 

  131.  	.skip PAGE_SIZE
    132. 

  132. -- 
    133. 

  133. 2.14.2
    134. 

  134.