Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1621732ybz; Sun, 26 Apr 2020 00:26:40 -0700 (PDT) X-Google-Smtp-Source: APiQypJZzgJoTXBlvDnRz3SSx0oNFB2V0WaZf3tNOuhHvlWXHKCcJf2OP7YPaMTt5/Uu5YSNyp7w X-Received: by 2002:a17:907:2170:: with SMTP id rl16mr14921987ejb.238.1587886000252; Sun, 26 Apr 2020 00:26:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587886000; cv=none; d=google.com; s=arc-20160816; b=EhVSL61GPzPXU2zSKC/YUoIku/xvxtwIKmFUL71I2Rpst39vmk0P5F4W6Kl0KD8Y4a wZbaplnRv1wdPnz5Y2aIMILP2vFg/IPxMuh5XguRrBCNFqGa3Wk+1QnPpA92DPCGldS7 VnApTIGiHuNYUEKoE9dKytwi1SgEwYoIt5aQ1LguUrb/Zl0xewfS6N8RQc4ZcoLRwpGA fMod//JAboS9eiCxPIoVn1JLxvxeOEptZBSvA4vp4Xjvn9u1JGkiElDz5DAiLhAVtkT0 96fvygwA8Bi+o0ZP+bUvQ5aEBO+p0cnnk8QuLzHJBKSawAqrvW0cW+heQYGXJbGOyXcl cXwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=ivpZyRsN3jZJLZv91Eh0BD8t+MutXUiNyvP+ijHY9XM=; b=SsDz+MdLgzh/ZW5w8fZIGyMkpbTbZJs8gdwgn+te3QaMfs9EH7xU5Dq81b3trwQKZO rbKsWjQEQYLJE6LiMN3BTH3McxJLWtLBmbvPvfwSDk8Qzi0bAZGbPClPgtdRAgOgoXY3 njcVCYzK2K/RF4Wg9HLysTREx/IQK2KRxtlXBPVYg3u6mPwu41RfDoHIUugxFBF+3jRK 4WYI9HpUHE7F3fEZUrihf9Mbb4iceFlqQiVeIcHkZ774TecgI9jFQGmW6Wqk1SAwvm/4 uD165ZjzKDKu+gi63OLH9EVfcLbLXAAOBEwZKJwBspybkC7cU6YG23a5IK+xHV31CTsv X7Ug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l25si5577137edw.288.2020.04.26.00.26.17; Sun, 26 Apr 2020 00:26:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726387AbgDZGr4 (ORCPT + 99 others); Sun, 26 Apr 2020 02:47:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50396 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726270AbgDZGrx (ORCPT ); Sun, 26 Apr 2020 02:47:53 -0400 Received: from Galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35368C09B054; Sat, 25 Apr 2020 23:47:53 -0700 (PDT) Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jSb4q-0008VM-89; Sun, 26 Apr 2020 08:47:44 +0200 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id D5CDB1C0178; Sun, 26 Apr 2020 08:47:43 +0200 (CEST) Date: Sun, 26 Apr 2020 06:47:43 -0000 From: "tip-bot2 for Josh Poimboeuf" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/entry/64: Fix unwind hints in register clearing code Cc: Miroslav Benes , Josh Poimboeuf , Ingo Molnar , Andy Lutomirski , Dave Jones , Jann Horn , Peter Zijlstra , Thomas Gleixner , Vince Weaver , x86 , LKML In-Reply-To: <68fd3d0bc92ae2d62ff7879d15d3684217d51f08.1587808742.git.jpoimboe@redhat.com> References: <68fd3d0bc92ae2d62ff7879d15d3684217d51f08.1587808742.git.jpoimboe@redhat.com> MIME-Version: 1.0 Message-ID: <158788366345.28353.4484839996256078679.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 06a9750edcffa808494d56da939085c35904e618 Gitweb: https://git.kernel.org/tip/06a9750edcffa808494d56da939085c35904e618 Author: Josh Poimboeuf AuthorDate: Sat, 25 Apr 2020 05:03:01 -05:00 Committer: Ingo Molnar CommitterDate: Sat, 25 Apr 2020 12:22:27 +02:00 x86/entry/64: Fix unwind hints in register clearing code The PUSH_AND_CLEAR_REGS macro zeroes each register immediately after pushing it. If an NMI or exception hits after a register is cleared, but before the UNWIND_HINT_REGS annotation, the ORC unwinder will wrongly think the previous value of the register was zero. This can confuse the unwinding process and cause it to exit early. Because ORC is simpler than DWARF, there are a limited number of unwind annotation states, so it's not possible to add an individual unwind hint after each push/clear combination. Instead, the register clearing instructions need to be consolidated and moved to after the UNWIND_HINT_REGS annotation. Fixes: 3f01daecd545 ("x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro") Reviewed-by: Miroslav Benes Signed-off-by: Josh Poimboeuf Signed-off-by: Ingo Molnar Cc: Andy Lutomirski Cc: Dave Jones Cc: Jann Horn Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Vince Weaver Link: https://lore.kernel.org/r/68fd3d0bc92ae2d62ff7879d15d3684217d51f08.1587808742.git.jpoimboe@redhat.com --- arch/x86/entry/calling.h | 40 ++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h index 0789e13..1c7f13b 100644 --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -98,13 +98,6 @@ For 32-bit we have the following conventions - kernel is built with #define SIZEOF_PTREGS 21*8 .macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax save_ret=0 - /* - * Push registers and sanitize registers of values that a - * speculation attack might otherwise want to exploit. The - * lower registers are likely clobbered well before they - * could be put to use in a speculative execution gadget. - * Interleave XOR with PUSH for better uop scheduling: - */ .if \save_ret pushq %rsi /* pt_regs->si */ movq 8(%rsp), %rsi /* temporarily store the return address in %rsi */ @@ -114,34 +107,43 @@ For 32-bit we have the following conventions - kernel is built with pushq %rsi /* pt_regs->si */ .endif pushq \rdx /* pt_regs->dx */ - xorl %edx, %edx /* nospec dx */ pushq %rcx /* pt_regs->cx */ - xorl %ecx, %ecx /* nospec cx */ pushq \rax /* pt_regs->ax */ pushq %r8 /* pt_regs->r8 */ - xorl %r8d, %r8d /* nospec r8 */ pushq %r9 /* pt_regs->r9 */ - xorl %r9d, %r9d /* nospec r9 */ pushq %r10 /* pt_regs->r10 */ - xorl %r10d, %r10d /* nospec r10 */ pushq %r11 /* pt_regs->r11 */ - xorl %r11d, %r11d /* nospec r11*/ pushq %rbx /* pt_regs->rbx */ - xorl %ebx, %ebx /* nospec rbx*/ pushq %rbp /* pt_regs->rbp */ - xorl %ebp, %ebp /* nospec rbp*/ pushq %r12 /* pt_regs->r12 */ - xorl %r12d, %r12d /* nospec r12*/ pushq %r13 /* pt_regs->r13 */ - xorl %r13d, %r13d /* nospec r13*/ pushq %r14 /* pt_regs->r14 */ - xorl %r14d, %r14d /* nospec r14*/ pushq %r15 /* pt_regs->r15 */ - xorl %r15d, %r15d /* nospec r15*/ UNWIND_HINT_REGS + .if \save_ret pushq %rsi /* return address on top of stack */ .endif + + /* + * Sanitize registers of values that a speculation attack might + * otherwise want to exploit. The lower registers are likely clobbered + * well before they could be put to use in a speculative execution + * gadget. + */ + xorl %edx, %edx /* nospec dx */ + xorl %ecx, %ecx /* nospec cx */ + xorl %r8d, %r8d /* nospec r8 */ + xorl %r9d, %r9d /* nospec r9 */ + xorl %r10d, %r10d /* nospec r10 */ + xorl %r11d, %r11d /* nospec r11 */ + xorl %ebx, %ebx /* nospec rbx */ + xorl %ebp, %ebp /* nospec rbp */ + xorl %r12d, %r12d /* nospec r12 */ + xorl %r13d, %r13d /* nospec r13 */ + xorl %r14d, %r14d /* nospec r14 */ + xorl %r15d, %r15d /* nospec r15 */ + .endm .macro POP_REGS pop_rdi=1 skip_r11rcx=0