Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4431786iob; Sun, 8 May 2022 12:32:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx9Cmv0+NHbj+g3MFWixj2BsverO3vjTJ7yr+dkR6Gze/omCWkB8xWB7vsfJ67ga/k6erBD X-Received: by 2002:a17:907:96a8:b0:6f4:45f1:6e76 with SMTP id hd40-20020a17090796a800b006f445f16e76mr12108543ejc.186.1652038326733; Sun, 08 May 2022 12:32:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652038326; cv=none; d=google.com; s=arc-20160816; b=f5JgD+RIEK/VMOSCGsj5iFoZEcRnB3k5nSsh8w68g5c9BWSULTAKWccTcat8ikx0oP GesfRU9v19Bg0yRdb6ukX8bX9iVNjPQRJXZCB6zCs3++uEHXnkOZp/NvzhlsH5CVOoU1 UkgBIQyY/pVHKze3NcQj77aR9cYaoZFkeqq9fD5gj48m4BIjOqLLLxcGZ/e0w4K8N5q+ wQv3jO/OpavFzw640Vl4x6kakel/gHphJpLGUVJvrAt8BvwmculUbyO6TQGaQdPQ8DSF y48vjRmsosCcMVXqy80aVgan7vkfmdRLNJGtQzowbu0LEweNDCS51v6QAeOoM/UngLnY 7fhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id:dkim-signature; bh=SphQ9KPOAD+tVcln1GuUYwPYc5Upd7RmPAUA28r5dTY=; b=qM1xZ0/xu2dgfDekXjw5ybjjF7BlvTRy86J6PbKibqd1kZwd+ZAibFnhtWQBOaT/EX xRrAYsnY89OSqqD1qc99KK54lFy99Cw59+OkIuCTEMvYucAFEnlMF+HjxZb3cgtoCNfP pWsfyi2J1OHY+9WhjxEf9G2GPHdb0bnxXEI8sYfy4FQeXaDB75YoLn94pCbq4X0cKnc7 nlsm0I0sdpjzbH69BInrCdoBN4xGXgdwAwEPBSMVkIcKFwrmdbehlv8y7EzlMdPdlx7E 6oGLiqn9ZNfPM4vVyS2WCozidyuqi1XE92fUpT0pGDmxo8mIsaYrIl/gsKSRKGJuehGC 1dFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=oQLqszHT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hb44-20020a170907162c00b006f504076c29si12537376ejc.688.2022.05.08.12.31.40; Sun, 08 May 2022 12:32:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=oQLqszHT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1391715AbiEFMYW (ORCPT + 99 others); Fri, 6 May 2022 08:24:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236947AbiEFMYS (ORCPT ); Fri, 6 May 2022 08:24:18 -0400 Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08D951901B for ; Fri, 6 May 2022 05:20:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: Subject:Cc:To:From:Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To; bh=SphQ9KPOAD+tVcln1GuUYwPYc5Upd7RmPAUA28r5dTY=; b=oQLqszHTZrgSkFSX5rZoPHCKUN kyHKyWoVLrAOP+/NiYdRS8NiZ4HJZCgOAM2mM8fMlMODSGRqDoXCoaBNIzptiXvYV13uNi2rkASdG 3yL/TKQJW+7VMuIfh/fAB0hNLIgynSknuWaGVrafA9Lzb24lYkZlxYYaL4mQnFhJ+rrMT9o2wlsic UaT72saFI6VsVsc4ORj0xZy6/WBXcOWbWRWevMkLqh0RKJIiby8ADf4IAjYgvcunot34QRzlWdqLc X+Z+GCpqO1intiiqxE3H4MvxWk0oeW0A3ICPbVAZGaO3zGf+xfZmt4dhX76QCqswVP/jzlX0UBEPx VVYOanmg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1nmwwU-00BfTb-Qk; Fri, 06 May 2022 12:20:19 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 1090A3005B9; Fri, 6 May 2022 14:20:16 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0) id EB7A02026F792; Fri, 6 May 2022 14:20:15 +0200 (CEST) Message-ID: <20220506121631.293889636@infradead.org> User-Agent: quilt/0.66 Date: Fri, 06 May 2022 14:14:34 +0200 From: Peter Zijlstra To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, peterz@infradead.org, jpoimboe@redhat.com, brgerst@gmail.com, jiangshanlai@gmail.com, Andrew.Cooper3@citrix.com, mark.rutland@arm.com, Borislav Petkov Subject: [PATCH 3/6] x86/entry: Use PUSH_AND_CLEAR_REGS for compat References: <20220506121431.563656641@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since the upper regs don't exist for ia32 code, preserving them doesn't hurt and it simplifies the code. This doesn't add any attack surface that would not already be available through INT80. Notably: - 32bit SYSENTER: didn't clear si, dx, cx. - 32bit SYSCALL, INT80: *do* clear si since the C functions don't take a second argument. - 64bit: didn't clear si since the C functions take a second argument; except the error_entry path might have only one argument, so clearing si was missing here. 32b SYSENTER should be clearing all those 3 registers, nothing uses them and selftests pass. Unconditionally clear rsi since it simplifies code. Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Borislav Petkov --- arch/x86/entry/calling.h | 1 arch/x86/entry/entry_64_compat.S | 87 +-------------------------------------- 2 files changed, 4 insertions(+), 84 deletions(-) --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -99,6 +99,7 @@ For 32-bit we have the following convent * well before they could be put to use in a speculative execution * gadget. */ + xorl %esi, %esi /* nospec si */ xorl %edx, %edx /* nospec dx */ xorl %ecx, %ecx /* nospec cx */ xorl %r8d, %r8d /* nospec r8 */ --- a/arch/x86/entry/entry_64_compat.S +++ b/arch/x86/entry/entry_64_compat.S @@ -83,32 +83,7 @@ SYM_INNER_LABEL(entry_SYSENTER_compat_af movl %eax, %eax pushq %rax /* pt_regs->orig_ax */ - pushq %rdi /* pt_regs->di */ - pushq %rsi /* pt_regs->si */ - pushq %rdx /* pt_regs->dx */ - pushq %rcx /* pt_regs->cx */ - pushq $-ENOSYS /* pt_regs->ax */ - pushq $0 /* pt_regs->r8 = 0 */ - xorl %r8d, %r8d /* nospec r8 */ - pushq $0 /* pt_regs->r9 = 0 */ - xorl %r9d, %r9d /* nospec r9 */ - pushq $0 /* pt_regs->r10 = 0 */ - xorl %r10d, %r10d /* nospec r10 */ - pushq $0 /* pt_regs->r11 = 0 */ - xorl %r11d, %r11d /* nospec r11 */ - pushq %rbx /* pt_regs->rbx */ - xorl %ebx, %ebx /* nospec rbx */ - pushq %rbp /* pt_regs->rbp (will be overwritten) */ - xorl %ebp, %ebp /* nospec rbp */ - pushq $0 /* pt_regs->r12 = 0 */ - xorl %r12d, %r12d /* nospec r12 */ - pushq $0 /* pt_regs->r13 = 0 */ - xorl %r13d, %r13d /* nospec r13 */ - pushq $0 /* pt_regs->r14 = 0 */ - xorl %r14d, %r14d /* nospec r14 */ - pushq $0 /* pt_regs->r15 = 0 */ - xorl %r15d, %r15d /* nospec r15 */ - + PUSH_AND_CLEAR_REGS rax=$-ENOSYS UNWIND_HINT_REGS cld @@ -225,35 +200,7 @@ SYM_INNER_LABEL(entry_SYSCALL_compat_saf SYM_INNER_LABEL(entry_SYSCALL_compat_after_hwframe, SYM_L_GLOBAL) movl %eax, %eax /* discard orig_ax high bits */ pushq %rax /* pt_regs->orig_ax */ - pushq %rdi /* pt_regs->di */ - pushq %rsi /* pt_regs->si */ - xorl %esi, %esi /* nospec si */ - pushq %rdx /* pt_regs->dx */ - xorl %edx, %edx /* nospec dx */ - pushq %rbp /* pt_regs->cx (stashed in bp) */ - xorl %ecx, %ecx /* nospec cx */ - pushq $-ENOSYS /* pt_regs->ax */ - pushq $0 /* pt_regs->r8 = 0 */ - xorl %r8d, %r8d /* nospec r8 */ - pushq $0 /* pt_regs->r9 = 0 */ - xorl %r9d, %r9d /* nospec r9 */ - pushq $0 /* pt_regs->r10 = 0 */ - xorl %r10d, %r10d /* nospec r10 */ - pushq $0 /* pt_regs->r11 = 0 */ - xorl %r11d, %r11d /* nospec r11 */ - pushq %rbx /* pt_regs->rbx */ - xorl %ebx, %ebx /* nospec rbx */ - pushq %rbp /* pt_regs->rbp (will be overwritten) */ - xorl %ebp, %ebp /* nospec rbp */ - pushq $0 /* pt_regs->r12 = 0 */ - xorl %r12d, %r12d /* nospec r12 */ - pushq $0 /* pt_regs->r13 = 0 */ - xorl %r13d, %r13d /* nospec r13 */ - pushq $0 /* pt_regs->r14 = 0 */ - xorl %r14d, %r14d /* nospec r14 */ - pushq $0 /* pt_regs->r15 = 0 */ - xorl %r15d, %r15d /* nospec r15 */ - + PUSH_AND_CLEAR_REGS rax=$-ENOSYS UNWIND_HINT_REGS movq %rsp, %rdi @@ -380,35 +327,7 @@ SYM_CODE_START(entry_INT80_compat) pushq 0*8(%rax) /* regs->orig_ax */ .Lint80_keep_stack: - pushq %rdi /* pt_regs->di */ - pushq %rsi /* pt_regs->si */ - xorl %esi, %esi /* nospec si */ - pushq %rdx /* pt_regs->dx */ - xorl %edx, %edx /* nospec dx */ - pushq %rcx /* pt_regs->cx */ - xorl %ecx, %ecx /* nospec cx */ - pushq $-ENOSYS /* pt_regs->ax */ - pushq %r8 /* pt_regs->r8 */ - xorl %r8d, %r8d /* nospec r8 */ - pushq %r9 /* pt_regs->r9 */ - xorl %r9d, %r9d /* nospec r9 */ - pushq %r10 /* pt_regs->r10*/ - xorl %r10d, %r10d /* nospec r10 */ - pushq %r11 /* pt_regs->r11 */ - xorl %r11d, %r11d /* nospec r11 */ - pushq %rbx /* pt_regs->rbx */ - xorl %ebx, %ebx /* nospec rbx */ - pushq %rbp /* pt_regs->rbp */ - xorl %ebp, %ebp /* nospec rbp */ - pushq %r12 /* pt_regs->r12 */ - xorl %r12d, %r12d /* nospec r12 */ - pushq %r13 /* pt_regs->r13 */ - xorl %r13d, %r13d /* nospec r13 */ - pushq %r14 /* pt_regs->r14 */ - xorl %r14d, %r14d /* nospec r14 */ - pushq %r15 /* pt_regs->r15 */ - xorl %r15d, %r15d /* nospec r15 */ - + PUSH_AND_CLEAR_REGS rax=$-ENOSYS UNWIND_HINT_REGS cld