This doesn't change much, but uses shorter 32-bit insns:
-48 8b 74 24 68 mov 0x68(%rsp),%rsi
-48 8b 7c 24 70 mov 0x70(%rsp),%rdi
-48 8b 54 24 60 mov 0x60(%rsp),%rdx
+8b 54 24 60 mov 0x60(%rsp),%edx
+8b 74 24 68 mov 0x68(%rsp),%esi
+8b 7c 24 70 mov 0x70(%rsp),%edi
and does the loads in pt_regs order.
Since these are the only uses of RESTORE_RSI_RDI[_RDX], drop these macros.
Signed-off-by: Denys Vlasenko <[email protected]>
CC: Linus Torvalds <[email protected]>
CC: Steven Rostedt <[email protected]>
CC: Ingo Molnar <[email protected]>
CC: Borislav Petkov <[email protected]>
CC: "H. Peter Anvin" <[email protected]>
CC: Andy Lutomirski <[email protected]>
CC: Oleg Nesterov <[email protected]>
CC: Frederic Weisbecker <[email protected]>
CC: Alexei Starovoitov <[email protected]>
CC: Will Drewry <[email protected]>
CC: Kees Cook <[email protected]>
CC: [email protected]
CC: [email protected]
---
arch/x86/entry/calling.h | 6 ------
arch/x86/entry/entry_64_compat.S | 7 +++++--
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
index f4e6308..519207f 100644
--- a/arch/x86/entry/calling.h
+++ b/arch/x86/entry/calling.h
@@ -193,12 +193,6 @@ For 32-bit we have the following conventions - kernel is built with
.macro RESTORE_C_REGS_EXCEPT_RCX_R11
RESTORE_C_REGS_HELPER 1,0,0,1,1
.endm
- .macro RESTORE_RSI_RDI
- RESTORE_C_REGS_HELPER 0,0,0,0,0
- .endm
- .macro RESTORE_RSI_RDI_RDX
- RESTORE_C_REGS_HELPER 0,0,0,0,1
- .endm
.macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
subq $-(15*8+\addskip), %rsp
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index bb187a6..b868cfc 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -140,7 +140,8 @@ sysexit_from_sys_call:
*/
andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
movl RIP(%rsp), %ecx /* User %eip */
- RESTORE_RSI_RDI
+ movl RSI(%rsp), %esi
+ movl RDI(%rsp), %edi
xorl %edx, %edx /* Do not leak kernel information */
xorq %r8, %r8
xorq %r9, %r9
@@ -366,7 +367,9 @@ cstar_dispatch:
sysretl_from_sys_call:
andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
- RESTORE_RSI_RDI_RDX
+ movl RDX(%rsp), %edx
+ movl RSI(%rsp), %esi
+ movl RDI(%rsp), %edi
movl RIP(%rsp), %ecx
movl EFLAGS(%rsp), %r11d
xorq %r10, %r10
--
1.8.1.4
We do there three different things. This patch adds comments to explain it.
First, we prepare %ecx and %r11 for SYSRET to restore EIP and FLAGS.
These insns need to be scheduled first, since SYSRET depends on them.
Move these loads up.
Second, we restore those registers which userspace expects to not be clobbered.
Here requiremends differ for SYSENTER and SYSCALL code paths:
SYSENTER code path does not preserve %edx and %ebp,
SYSCALL path does.
And third, we clear registers which may still have some data from kernel in them.
While at it, replace XORQ with equivalent XORL: even though for r8+ regs
XORL form is the same length as XORQ (we don't save on REX prefix),
XORL reg,reg is faster than XORQ on Silvermont CPUs.
Signed-off-by: Denys Vlasenko <[email protected]>
CC: Linus Torvalds <[email protected]>
CC: Steven Rostedt <[email protected]>
CC: Ingo Molnar <[email protected]>
CC: Borislav Petkov <[email protected]>
CC: "H. Peter Anvin" <[email protected]>
CC: Andy Lutomirski <[email protected]>
CC: Oleg Nesterov <[email protected]>
CC: Frederic Weisbecker <[email protected]>
CC: Alexei Starovoitov <[email protected]>
CC: Will Drewry <[email protected]>
CC: Kees Cook <[email protected]>
CC: [email protected]
CC: [email protected]
---
arch/x86/entry/entry_64_compat.S | 37 +++++++++++++++++++++++++------------
1 file changed, 25 insertions(+), 12 deletions(-)
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index b868cfc..f2064bd 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -139,14 +139,22 @@ sysexit_from_sys_call:
* with 'sysenter' and it uses the SYSENTER calling convention.
*/
andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
+ /* Prepare registers for SYSRET insn */
movl RIP(%rsp), %ecx /* User %eip */
+ movl EFLAGS(%rsp), %r11d /* User eflags *
+ /* Restore registers per SYSEXIT ABI requirements: */
+ /* arg1 (ebx): preserved by virtue of being a callee-saved register */
+ /* arg2 (ecx): used by SYSEXIT to restore esp (and by SYSRET to restore eip) */
+ /* arg3 (edx): used by SYSEXIT to restore eip */
+ /* arg4,5 (esi,edi): preserved */
movl RSI(%rsp), %esi
movl RDI(%rsp), %edi
- xorl %edx, %edx /* Do not leak kernel information */
- xorq %r8, %r8
- xorq %r9, %r9
- xorq %r10, %r10
- movl EFLAGS(%rsp), %r11d /* User eflags */
+ /* user stack (ebp): clobbered */
+ /* Clear callee-clobbered registers (preventing info leaks) */
+ xorl %edx, %edx
+ xorl %r8d, %r8d
+ xorl %r9d, %r9d
+ xorl %r10d, %r10d
TRACE_IRQS_ON
/*
@@ -170,8 +178,7 @@ sysexit_from_sys_call:
* pop %ecx
*
* Therefore, we invoke SYSRETL with EDX and R8-R10 zeroed to
- * avoid info leaks. R11 ends up with VDSO32_SYSENTER_RETURN's
- * address (already known to user code), and R12-R15 are
+ * avoid info leaks. R11 ends up with EFLAGS, and R12-R15 are
* callee-saved and therefore don't contain any interesting
* kernel data.
*/
@@ -367,14 +374,20 @@ cstar_dispatch:
sysretl_from_sys_call:
andl $~TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
+ /* Prepare registers for SYSRET insn */
+ movl RIP(%rsp), %ecx /* User %eip */
+ movl EFLAGS(%rsp), %r11d /* User eflags *
+ /* Restore registers per SYSRET ABI requirements: */
+ /* arg1 (ebx): preserved by virtue of being a callee-saved register */
+ /* arg2 (ebp): preserved (already restored, see above) */
+ /* arg3,4,5 (edx,esi,edi): preserved */
movl RDX(%rsp), %edx
movl RSI(%rsp), %esi
movl RDI(%rsp), %edi
- movl RIP(%rsp), %ecx
- movl EFLAGS(%rsp), %r11d
- xorq %r10, %r10
- xorq %r9, %r9
- xorq %r8, %r8
+ /* Clear callee-clobbered registers (preventing info leaks) */
+ xorl %r8d, %r8d
+ xorl %r9d, %r9d
+ xorl %r10d, %r10d
TRACE_IRQS_ON
movl RSP(%rsp), %esp
/*
--
1.8.1.4