e22438f8e9
On AMD CPUs, SYSRET can return with a valid SS descriptor with
with the hidden attributes set to an unusable state. Make sure
the kernel doesn't let this happen. This detects an
as-yet-unfixed regression.
Note that the 64-bit version of this test fails on AMD CPUs on
all kernel versions, although the issue in the 64-bit case is
much less severe than in the 32-bit case.
Reported-by: Brian Gerst <brgerst@gmail.com>
Tested-by: Denys Vlasenko <dvlasenk@redhat.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Tests: e7d6eefaaa ("x86/vdso32/syscall.S: Do not load __USER32_DS to %ss")
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Drewry <wad@chromium.org>
Link: http://lkml.kernel.org/r/resend_4d740841bac383742949e2fefb03982736595087.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
67 lines
1.3 KiB
ArmAsm
67 lines
1.3 KiB
ArmAsm
/*
|
|
* thunks.S - assembly helpers for mixed-bitness code
|
|
* Copyright (c) 2015 Andrew Lutomirski
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms and conditions of the GNU General Public License,
|
|
* version 2, as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* These are little helpers that make it easier to switch bitness on
|
|
* the fly.
|
|
*/
|
|
|
|
.text
|
|
|
|
.global call32_from_64
|
|
.type call32_from_64, @function
|
|
call32_from_64:
|
|
// rdi: stack to use
|
|
// esi: function to call
|
|
|
|
// Save registers
|
|
pushq %rbx
|
|
pushq %rbp
|
|
pushq %r12
|
|
pushq %r13
|
|
pushq %r14
|
|
pushq %r15
|
|
pushfq
|
|
|
|
// Switch stacks
|
|
mov %rsp,(%rdi)
|
|
mov %rdi,%rsp
|
|
|
|
// Switch to compatibility mode
|
|
pushq $0x23 /* USER32_CS */
|
|
pushq $1f
|
|
lretq
|
|
|
|
1:
|
|
.code32
|
|
// Call the function
|
|
call *%esi
|
|
// Switch back to long mode
|
|
jmp $0x33,$1f
|
|
.code64
|
|
|
|
1:
|
|
// Restore the stack
|
|
mov (%rsp),%rsp
|
|
|
|
// Restore registers
|
|
popfq
|
|
popq %r15
|
|
popq %r14
|
|
popq %r13
|
|
popq %r12
|
|
popq %rbp
|
|
popq %rbx
|
|
|
|
ret
|
|
|
|
.size call32_from_64, .-call32_from_64
|