MIME-Version: 1.0
In-Reply-To: <20180110010328.22163-4-andi@firstfloor.org>
References: <20180110010328.22163-1-andi@firstfloor.org> <20180110010328.22163-4-andi@firstfloor.org>
From: Brian Gerst <brgerst@gmail.com>
Date: Wed, 10 Jan 2018 22:35:58 -0500
Message-ID: <CAMzpN2j5wBdSiHt=3wiE7X4GY3+B6-RUE1ZaJw2VjHcJN+kGwA@mail.gmail.com>
Subject: Re: [PATCH v1 3/8] x86/entry/clearregs: Clear registers for 64bit SYSCALL
To: Andi Kleen <andi@firstfloor.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Paul Turner <pjt@google.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Jiri Kosina <jikos@kernel.org>, Andi Kleen <ak@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org

On Tue, Jan 9, 2018 at 8:03 PM, Andi Kleen <andi@firstfloor.org> wrote:
> From: Andi Kleen <ak@linux.intel.com>
>
> We clear all the non argument registers for 64bit SYSCALLs
> to minimize any risk of bad speculation using user values.
>
> So far unused argument registers still leak. To be addressed
> in future patches.
>
> Signed-off-by: Andi Kleen <ak@linux.intel.com>
> ---
>  arch/x86/entry/entry_64.S | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
> index bbdfbdd817d6..632081fd7086 100644
> --- a/arch/x86/entry/entry_64.S
> +++ b/arch/x86/entry/entry_64.S
> @@ -236,6 +236,14 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
>         pushq   %r11                            /* pt_regs->r11 */
>         sub     $(6*8), %rsp
>         SAVE_EXTRA_REGS
> +       /* Sanitize registers against speculation attacks */
> +       /* r10 is cleared later, arguments are handled in san_args* */
> +       CLEAR_R11_TO_R15

Don't need to explicitly clear R11 here.  It is clobbered with current_task.

> +#ifndef CONFIG_FRAME_POINTER
> +       xor     %ebp, %ebp
> +#endif
> +       xor     %ebx, %ebx
> +       xor     %ecx, %ecx
>
>         UNWIND_HINT_REGS extra=0
>
> @@ -263,6 +271,7 @@ entry_SYSCALL_64_fastpath:
>  #endif
>         ja      1f                              /* return -ENOSYS (already in pt_regs->ax) */
>         movq    %r10, %rcx
> +       xor     %r10, %r10

RCX is already clear, so xchgq %r10, %rcx will be simpler.

--
Brian Gerst