| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Apr 2024 10:58:03 -0700
From: "Xin Li (Intel)" <xin@...or.com>
To: linux-kernel@...r.kernel.org
Cc: luto@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com
Subject: [PATCH v2 1/1] x86/fred: Fix INT80 emulation for FRED
Add a FRED-specific INT80 handler fred_int80_emulation().
Commit
55617fb991df ("x86/entry: Do not allow external 0x80 interrupts")
added a bunch of checks to the int $0x80 path, however they are
unnecessary and event wrong in fact under FRED.
1) FRED distinguishes external interrupts from software interrupts,
thus int80_emulation() should NEVER be called for handling an
external interrupt, and then int80_is_external() is meaningless
when FRED is enabled.
2) The FRED kernel entry handler NEVER dispatches INTx, which is
of event type EVENT_TYPE_SWINT, so the user mode checking in
do_int80_emulation() is redundant.
3) int80_emulation() does a CLEAR_BRANCH_HISTORY, which is likly
an overkill for new x86 CPU implementations that support FRED.
A dedicated FRED INT80 handler duplicates most of the code in
do_int80_emulation(), but it avoids sprinkling moar tests and
seems more readable.
Suggested-by: H. Peter Anvin (Intel) <hpa@...or.com>
Signed-off-by: Xin Li (Intel) <xin@...or.com>
---
Change since v1:
* Prefer a FRED-specific INT80 handler instead of sprinkling moar
tests around (Borislav Petkov).
---
arch/x86/entry/common.c | 40 +++++++++++++++++++++++++++++++++++++
arch/x86/entry/entry_fred.c | 2 +-
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index 6de50b80702e..3cfc7c4fe1a2 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -255,6 +255,46 @@ __visible noinstr void do_int80_emulation(struct pt_regs *regs)
instrumentation_end();
syscall_exit_to_user_mode(regs);
}
+
+#ifdef CONFIG_X86_FRED
+/*
+ * Called only if a user level application executes "int $0x80".
+ *
+ * Note, under FRED interrupt 0x80 could be used as a hardware interrupt.
+ */
+DEFINE_FREDENTRY_RAW(int80_emulation)
+{
+ int nr;
+
+ enter_from_user_mode(regs);
+
+ instrumentation_begin();
+ add_random_kstack_offset();
+
+ /*
+ * FRED pushed 0 into regs::orig_ax and regs::ax contains the
+ * syscall number.
+ *
+ * User tracing code (ptrace or signal handlers) might assume
+ * that the regs::orig_ax contains a 32-bit number on invoking
+ * a 32-bit syscall.
+ *
+ * Establish the syscall convention by saving the 32bit truncated
+ * syscall number in regs::orig_ax and by invalidating regs::ax.
+ */
+ regs->orig_ax = regs->ax & GENMASK(31, 0);
+ regs->ax = -ENOSYS;
+
+ nr = syscall_32_enter(regs);
+
+ local_irq_enable();
+ nr = syscall_enter_from_user_mode_work(regs, nr);
+ do_syscall_32_irqs_on(regs, nr);
+
+ instrumentation_end();
+ syscall_exit_to_user_mode(regs);
+}
+#endif
#else /* CONFIG_IA32_EMULATION */
/* Handles int $0x80 on a 32bit kernel */
diff --git a/arch/x86/entry/entry_fred.c b/arch/x86/entry/entry_fred.c
index ac120cbdaaf2..9fa18b8c7f26 100644
--- a/arch/x86/entry/entry_fred.c
+++ b/arch/x86/entry/entry_fred.c
@@ -66,7 +66,7 @@ static noinstr void fred_intx(struct pt_regs *regs)
/* INT80 */
case IA32_SYSCALL_VECTOR:
if (ia32_enabled())
- return int80_emulation(regs);
+ return fred_int80_emulation(regs);
fallthrough;
#endif
base-commit: 367dc2b68007e8ca00a0d8dc9afb69bff5451ae7
--
2.44.0
Powered by blists - more mailing lists