From: "H. Peter Anvin (Intel)" <[email protected]>
This patchset:
1. Cleans up some duplications between <entry/calling.h> and <asm/ptrace-abi.h>.
2. Swaps the arguments to do_syscall_64() for consistency *and* speed.
3. Adds the maximum number of flags to MSR_SYSCALL_MASK; the previous
is more of a minimum. The more flags that are masked, the less the
likelihood of a control leak into the kernel.
4. Consistently treat the system call number as a signed int. This is
what syscall_get_nr() already does, and therefore what all
architecture-independent code (e.g. seccomp) already expects.
5. Call sys_ni_syscall() for system calls which are out of range but
still positive (negative system calls are used by ptrace and
seccomp as a "skip system call" marker) just as for system call
numbers that correspond to holes in the table.
6. In <entry/calling.h>, factor the PUSH_AND_CLEAR_REGS macro into
separate PUSH_REGS and CLEAR_REGS macros which can be used
separately if desired. This will be used by the FRED entry code at
a later date.
---
arch/x86/entry/calling.h | 45 ++++++--------------------
arch/x86/entry/common.c | 71 ++++++++++++++++++++++++++++--------------
arch/x86/entry/entry_64.S | 4 +--
arch/x86/include/asm/syscall.h | 13 ++++----
arch/x86/kernel/cpu/common.c | 12 +++++--
arch/x86/kernel/head_64.S | 6 ++--
6 files changed, 77 insertions(+), 74 deletions(-)
From: "H. Peter Anvin (Intel)" <[email protected]>
It is better to clear as many flags as possible when we do a system
call entry, as opposed to the other way around. The fewer flags we
keep, the lesser the possible interference between the kernel and user
space.
Signed-off-by: H. Peter Anvin (Intel) <[email protected]>
---
arch/x86/kernel/cpu/common.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index a1b756c49a93..6cf697574661 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1773,10 +1773,16 @@ void syscall_init(void)
wrmsrl_safe(MSR_IA32_SYSENTER_EIP, 0ULL);
#endif
- /* Flags to clear on syscall */
+ /*
+ * Flags to clear on syscall; clear as much as possible
+ * to minimize user space-kernel interference.
+ */
wrmsrl(MSR_SYSCALL_MASK,
- X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|
- X86_EFLAGS_IOPL|X86_EFLAGS_AC|X86_EFLAGS_NT);
+ X86_EFLAGS_CF|X86_EFLAGS_PF|X86_EFLAGS_AF|
+ X86_EFLAGS_ZF|X86_EFLAGS_SF|X86_EFLAGS_TF|
+ X86_EFLAGS_IF|X86_EFLAGS_DF|X86_EFLAGS_OF|
+ X86_EFLAGS_IOPL|X86_EFLAGS_NT|X86_EFLAGS_RF|
+ X86_EFLAGS_AC|X86_EFLAGS_ID);
}
#else /* CONFIG_X86_64 */
--
2.31.1