Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
forked fromtorvalds/linux

Commited58d66

Browse files
committed
Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86/pti updates from Thomas Gleixner: "Yet another pile of melted spectrum related updates: - Drop native vsyscall support finally as it causes more trouble than benefit. - Make microcode loading more robust. There were a few issues especially related to late loading which are now surfacing because late loading of the IB* microcodes addressing spectre issues has become more widely used. - Simplify and robustify the syscall handling in the entry code - Prevent kprobes on the entry trampoline code which lead to kernel crashes when the probe hits before CR3 is updated - Don't check microcode versions when running on hypervisors as they are considered as lying anyway. - Fix the 32bit objtool build and a coment typo"* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/kprobes: Fix kernel crash when probing .entry_trampoline code x86/pti: Fix a comment typo x86/microcode: Synchronize late microcode loading x86/microcode: Request microcode on the BSP x86/microcode/intel: Look into the patch cache first x86/microcode: Do not upload microcode if CPUs are offline x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode: Get rid of struct apply_microcode_ctx x86/spectre_v2: Don't check microcode versions when running under hypervisors x86/vsyscall/64: Drop "native" vsyscalls x86/entry/64/compat: Save one instruction in entry_INT80_compat() x86/entry: Do not special-case clone(2) in compat entry x86/syscalls: Use COMPAT_SYSCALL_DEFINEx() macros for x86-only compat syscalls x86/syscalls: Use proper syscall definition for sys_ioperm() x86/entry: Remove stale syscall prototype x86/syscalls/32: Simplify $entry == $compat entries objtool: Fix 32-bit build
2 parents1ad5daa +c07a8f8 commited58d66

File tree

17 files changed

+291
-182
lines changed

17 files changed

+291
-182
lines changed

‎arch/x86/Kconfig‎

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2307,23 +2307,14 @@ choice
23072307
it can be used to assist security vulnerability exploitation.
23082308

23092309
This setting can be changed at boot time via the kernel command
2310-
line parameter vsyscall=[native|emulate|none].
2310+
line parameter vsyscall=[emulate|none].
23112311

23122312
On a system with recent enough glibc (2.14 or newer) and no
23132313
static binaries, you can say None without a performance penalty
23142314
to improve security.
23152315

23162316
If unsure, select "Emulate".
23172317

2318-
config LEGACY_VSYSCALL_NATIVE
2319-
bool "Native"
2320-
help
2321-
Actual executable code is located in the fixed vsyscall
2322-
address mapping, implementing time() efficiently. Since
2323-
this makes the mapping executable, it can be used during
2324-
security vulnerability exploitation (traditionally as
2325-
ROP gadgets). This configuration is not recommended.
2326-
23272318
config LEGACY_VSYSCALL_EMULATE
23282319
bool "Emulate"
23292320
help

‎arch/x86/entry/entry_64_compat.S‎

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -363,9 +363,7 @@ ENTRY(entry_INT80_compat)
363363
pushq2*8(%rdi)/* regs->ip */
364364
pushq1*8(%rdi)/* regs->orig_ax */
365365

366-
movq(%rdi),%rdi/* restore %rdi */
367-
368-
pushq%rdi/* pt_regs->di */
366+
pushq(%rdi)/* pt_regs->di */
369367
pushq%rsi/* pt_regs->si */
370368
pushq%rdx/* pt_regs->dx */
371369
pushq%rcx/* pt_regs->cx */
@@ -406,15 +404,3 @@ ENTRY(entry_INT80_compat)
406404
TRACE_IRQS_ON
407405
jmpswapgs_restore_regs_and_return_to_usermode
408406
END(entry_INT80_compat)
409-
410-
ENTRY(stub32_clone)
411-
/*
412-
* The 32-bit clone ABI is: clone(..., int tls_val, int *child_tidptr).
413-
* The 64-bit clone ABI is: clone(..., int *child_tidptr, int tls_val).
414-
*
415-
* The native 64-bit kernel's sys_clone() implements the latter,
416-
* so we need to swap arguments here before calling it:
417-
*/
418-
xchg%r8,%rcx
419-
jmpsys_clone
420-
ENDPROC(stub32_clone)

‎arch/x86/entry/syscalls/syscall_32.tbl‎

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@
88
#
99
0i386restart_syscallsys_restart_syscall
1010
1i386exitsys_exit
11-
2i386forksys_forksys_fork
11+
2i386forksys_fork
1212
3i386readsys_read
1313
4i386writesys_write
1414
5i386opensys_opencompat_sys_open
1515
6i386closesys_close
16-
7i386waitpidsys_waitpidsys32_waitpid
16+
7i386waitpidsys_waitpidcompat_sys_x86_waitpid
1717
8i386creatsys_creat
1818
9i386linksys_link
1919
10i386unlinksys_unlink
@@ -78,7 +78,7 @@
7878
69i386ssetmasksys_ssetmask
7979
70i386setreuidsys_setreuid16
8080
71i386setregidsys_setregid16
81-
72i386sigsuspendsys_sigsuspendsys_sigsuspend
81+
72i386sigsuspendsys_sigsuspend
8282
73i386sigpendingsys_sigpendingcompat_sys_sigpending
8383
74i386sethostnamesys_sethostname
8484
75i386setrlimitsys_setrlimitcompat_sys_setrlimit
@@ -96,7 +96,7 @@
9696
87i386swaponsys_swapon
9797
88i386rebootsys_reboot
9898
89i386readdirsys_old_readdircompat_sys_old_readdir
99-
90i386mmapsys_old_mmapsys32_mmap
99+
90i386mmapsys_old_mmapcompat_sys_x86_mmap
100100
91i386munmapsys_munmap
101101
92i386truncatesys_truncatecompat_sys_truncate
102102
93i386ftruncatesys_ftruncatecompat_sys_ftruncate
@@ -126,7 +126,7 @@
126126
117i386ipcsys_ipccompat_sys_ipc
127127
118i386fsyncsys_fsync
128128
119i386sigreturnsys_sigreturnsys32_sigreturn
129-
120i386clonesys_clonestub32_clone
129+
120i386clonesys_clonecompat_sys_x86_clone
130130
121i386setdomainnamesys_setdomainname
131131
122i386unamesys_newuname
132132
123i386modify_ldtsys_modify_ldt
@@ -186,8 +186,8 @@
186186
177i386rt_sigtimedwaitsys_rt_sigtimedwaitcompat_sys_rt_sigtimedwait
187187
178i386rt_sigqueueinfosys_rt_sigqueueinfocompat_sys_rt_sigqueueinfo
188188
179i386rt_sigsuspendsys_rt_sigsuspend
189-
180i386pread64sys_pread64sys32_pread
190-
181i386pwrite64sys_pwrite64sys32_pwrite
189+
180i386pread64sys_pread64compat_sys_x86_pread
190+
181i386pwrite64sys_pwrite64compat_sys_x86_pwrite
191191
182i386chownsys_chown16
192192
183i386getcwdsys_getcwd
193193
184i386capgetsys_capget
@@ -196,14 +196,14 @@
196196
187i386sendfilesys_sendfilecompat_sys_sendfile
197197
188i386getpmsg
198198
189i386putpmsg
199-
190i386vforksys_vforksys_vfork
199+
190i386vforksys_vfork
200200
191i386ugetrlimitsys_getrlimitcompat_sys_getrlimit
201201
192i386mmap2sys_mmap_pgoff
202-
193i386truncate64sys_truncate64sys32_truncate64
203-
194i386ftruncate64sys_ftruncate64sys32_ftruncate64
204-
195i386stat64sys_stat64sys32_stat64
205-
196i386lstat64sys_lstat64sys32_lstat64
206-
197i386fstat64sys_fstat64sys32_fstat64
202+
193i386truncate64sys_truncate64compat_sys_x86_truncate64
203+
194i386ftruncate64sys_ftruncate64compat_sys_x86_ftruncate64
204+
195i386stat64sys_stat64compat_sys_x86_stat64
205+
196i386lstat64sys_lstat64compat_sys_x86_lstat64
206+
197i386fstat64sys_fstat64compat_sys_x86_fstat64
207207
198i386lchown32sys_lchown
208208
199i386getuid32sys_getuid
209209
200i386getgid32sys_getgid
@@ -231,7 +231,7 @@
231231
# 222 is unused
232232
# 223 is unused
233233
224i386gettidsys_gettid
234-
225i386readaheadsys_readaheadsys32_readahead
234+
225i386readaheadsys_readaheadcompat_sys_x86_readahead
235235
226i386setxattrsys_setxattr
236236
227i386lsetxattrsys_lsetxattr
237237
228i386fsetxattrsys_fsetxattr
@@ -256,7 +256,7 @@
256256
247i386io_geteventssys_io_geteventscompat_sys_io_getevents
257257
248i386io_submitsys_io_submitcompat_sys_io_submit
258258
249i386io_cancelsys_io_cancel
259-
250i386fadvise64sys_fadvise64sys32_fadvise64
259+
250i386fadvise64sys_fadvise64compat_sys_x86_fadvise64
260260
# 251 is available for reuse (was briefly sys_set_zone_reclaim)
261261
252i386exit_groupsys_exit_group
262262
253i386lookup_dcookiesys_lookup_dcookiecompat_sys_lookup_dcookie
@@ -278,7 +278,7 @@
278278
269i386fstatfs64sys_fstatfs64compat_sys_fstatfs64
279279
270i386tgkillsys_tgkill
280280
271i386utimessys_utimescompat_sys_utimes
281-
272i386fadvise64_64sys_fadvise64_64sys32_fadvise64_64
281+
272i386fadvise64_64sys_fadvise64_64compat_sys_x86_fadvise64_64
282282
273i386vserver
283283
274i386mbindsys_mbind
284284
275i386get_mempolicysys_get_mempolicycompat_sys_get_mempolicy
@@ -306,7 +306,7 @@
306306
297i386mknodatsys_mknodat
307307
298i386fchownatsys_fchownat
308308
299i386futimesatsys_futimesatcompat_sys_futimesat
309-
300i386fstatat64sys_fstatat64sys32_fstatat
309+
300i386fstatat64sys_fstatat64compat_sys_x86_fstatat
310310
301i386unlinkatsys_unlinkat
311311
302i386renameatsys_renameat
312312
303i386linkatsys_linkat
@@ -320,7 +320,7 @@
320320
311i386set_robust_listsys_set_robust_listcompat_sys_set_robust_list
321321
312i386get_robust_listsys_get_robust_listcompat_sys_get_robust_list
322322
313i386splicesys_splice
323-
314i386sync_file_rangesys_sync_file_rangesys32_sync_file_range
323+
314i386sync_file_rangesys_sync_file_rangecompat_sys_x86_sync_file_range
324324
315i386teesys_tee
325325
316i386vmsplicesys_vmsplicecompat_sys_vmsplice
326326
317i386move_pagessys_move_pagescompat_sys_move_pages
@@ -330,7 +330,7 @@
330330
321i386signalfdsys_signalfdcompat_sys_signalfd
331331
322i386timerfd_createsys_timerfd_create
332332
323i386eventfdsys_eventfd
333-
324i386fallocatesys_fallocatesys32_fallocate
333+
324i386fallocatesys_fallocatecompat_sys_x86_fallocate
334334
325i386timerfd_settimesys_timerfd_settimecompat_sys_timerfd_settime
335335
326i386timerfd_gettimesys_timerfd_gettimecompat_sys_timerfd_gettime
336336
327i386signalfd4sys_signalfd4compat_sys_signalfd4

‎arch/x86/entry/vsyscall/vsyscall_64.c‎

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -42,10 +42,8 @@
4242
#defineCREATE_TRACE_POINTS
4343
#include"vsyscall_trace.h"
4444

45-
staticenum {EMULATE,NATIVE,NONE }vsyscall_mode=
46-
#if defined(CONFIG_LEGACY_VSYSCALL_NATIVE)
47-
NATIVE;
48-
#elif defined(CONFIG_LEGACY_VSYSCALL_NONE)
45+
staticenum {EMULATE,NONE }vsyscall_mode=
46+
#ifdefCONFIG_LEGACY_VSYSCALL_NONE
4947
NONE;
5048
#else
5149
EMULATE;
@@ -56,8 +54,6 @@ static int __init vsyscall_setup(char *str)
5654
if (str) {
5755
if (!strcmp("emulate",str))
5856
vsyscall_mode=EMULATE;
59-
elseif (!strcmp("native",str))
60-
vsyscall_mode=NATIVE;
6157
elseif (!strcmp("none",str))
6258
vsyscall_mode=NONE;
6359
else
@@ -139,10 +135,6 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
139135

140136
WARN_ON_ONCE(address!=regs->ip);
141137

142-
/* This should be unreachable in NATIVE mode. */
143-
if (WARN_ON(vsyscall_mode==NATIVE))
144-
return false;
145-
146138
if (vsyscall_mode==NONE) {
147139
warn_bad_vsyscall(KERN_INFO,regs,
148140
"vsyscall attempted with vsyscall=none");
@@ -370,9 +362,7 @@ void __init map_vsyscall(void)
370362

371363
if (vsyscall_mode!=NONE) {
372364
__set_fixmap(VSYSCALL_PAGE,physaddr_vsyscall,
373-
vsyscall_mode==NATIVE
374-
?PAGE_KERNEL_VSYSCALL
375-
:PAGE_KERNEL_VVAR);
365+
PAGE_KERNEL_VVAR);
376366
set_vsyscall_pgtable_user_bits(swapper_pg_dir);
377367
}
378368

‎arch/x86/ia32/sys_ia32.c‎

Lines changed: 44 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -51,15 +51,14 @@
5151
#defineAA(__x)((unsigned long)(__x))
5252

5353

54-
asmlinkage longsys32_truncate64(constchar__user*filename,
55-
unsigned longoffset_low,
56-
unsigned longoffset_high)
54+
COMPAT_SYSCALL_DEFINE3(x86_truncate64,constchar__user*,filename,
55+
unsignedlong,offset_low,unsignedlong,offset_high)
5756
{
5857
returnsys_truncate(filename, ((loff_t)offset_high <<32) |offset_low);
5958
}
6059

61-
asmlinkage longsys32_ftruncate64(unsignedintfd,unsigned longoffset_low,
62-
unsigned longoffset_high)
60+
COMPAT_SYSCALL_DEFINE3(x86_ftruncate64,unsignedint,fd,
61+
unsignedlong,offset_low,unsignedlong,offset_high)
6362
{
6463
returnsys_ftruncate(fd, ((loff_t)offset_high <<32) |offset_low);
6564
}
@@ -96,8 +95,8 @@ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
9695
return0;
9796
}
9897

99-
asmlinkage longsys32_stat64(constchar__user*filename,
100-
structstat64__user*statbuf)
98+
COMPAT_SYSCALL_DEFINE2(x86_stat64,constchar__user*,filename,
99+
structstat64__user*,statbuf)
101100
{
102101
structkstatstat;
103102
intret=vfs_stat(filename,&stat);
@@ -107,8 +106,8 @@ asmlinkage long sys32_stat64(const char __user *filename,
107106
returnret;
108107
}
109108

110-
asmlinkage longsys32_lstat64(constchar__user*filename,
111-
structstat64__user*statbuf)
109+
COMPAT_SYSCALL_DEFINE2(x86_lstat64,constchar__user*,filename,
110+
structstat64__user*,statbuf)
112111
{
113112
structkstatstat;
114113
intret=vfs_lstat(filename,&stat);
@@ -117,7 +116,8 @@ asmlinkage long sys32_lstat64(const char __user *filename,
117116
returnret;
118117
}
119118

120-
asmlinkage longsys32_fstat64(unsignedintfd,structstat64__user*statbuf)
119+
COMPAT_SYSCALL_DEFINE2(x86_fstat64,unsignedint,fd,
120+
structstat64__user*,statbuf)
121121
{
122122
structkstatstat;
123123
intret=vfs_fstat(fd,&stat);
@@ -126,8 +126,9 @@ asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf)
126126
returnret;
127127
}
128128

129-
asmlinkage longsys32_fstatat(unsignedintdfd,constchar__user*filename,
130-
structstat64__user*statbuf,intflag)
129+
COMPAT_SYSCALL_DEFINE4(x86_fstatat,unsignedint,dfd,
130+
constchar__user*,filename,
131+
structstat64__user*,statbuf,int,flag)
131132
{
132133
structkstatstat;
133134
interror;
@@ -153,7 +154,7 @@ struct mmap_arg_struct32 {
153154
unsignedintoffset;
154155
};
155156

156-
asmlinkage longsys32_mmap(structmmap_arg_struct32__user*arg)
157+
COMPAT_SYSCALL_DEFINE1(x86_mmap,structmmap_arg_struct32__user*,arg)
157158
{
158159
structmmap_arg_struct32a;
159160

@@ -167,22 +168,22 @@ asmlinkage long sys32_mmap(struct mmap_arg_struct32 __user *arg)
167168
a.offset>>PAGE_SHIFT);
168169
}
169170

170-
asmlinkage longsys32_waitpid(compat_pid_tpid,unsignedint__user*stat_addr,
171-
intoptions)
171+
COMPAT_SYSCALL_DEFINE3(x86_waitpid,compat_pid_t,pid,unsignedint__user*,
172+
stat_addr,int,options)
172173
{
173174
returncompat_sys_wait4(pid,stat_addr,options,NULL);
174175
}
175176

176177
/* warning: next two assume little endian */
177-
asmlinkage longsys32_pread(unsignedintfd,char__user*ubuf,u32count,
178-
u32poslo,u32poshi)
178+
COMPAT_SYSCALL_DEFINE5(x86_pread,unsignedint,fd,char__user*,ubuf,
179+
u32,count,u32,poslo,u32,poshi)
179180
{
180181
returnsys_pread64(fd,ubuf,count,
181182
((loff_t)AA(poshi) <<32) |AA(poslo));
182183
}
183184

184-
asmlinkage longsys32_pwrite(unsignedintfd,constchar__user*ubuf,
185-
u32count,u32poslo,u32poshi)
185+
COMPAT_SYSCALL_DEFINE5(x86_pwrite,unsignedint,fd,constchar__user*,ubuf,
186+
u32,count,u32,poslo,u32,poshi)
186187
{
187188
returnsys_pwrite64(fd,ubuf,count,
188189
((loff_t)AA(poshi) <<32) |AA(poslo));
@@ -193,40 +194,53 @@ asmlinkage long sys32_pwrite(unsigned int fd, const char __user *ubuf,
193194
* Some system calls that need sign extended arguments. This could be
194195
* done by a generic wrapper.
195196
*/
196-
longsys32_fadvise64_64(intfd,__u32offset_low,__u32offset_high,
197-
__u32len_low,__u32len_high,intadvice)
197+
COMPAT_SYSCALL_DEFINE6(x86_fadvise64_64,int,fd,__u32,offset_low,
198+
__u32,offset_high,__u32,len_low,__u32,len_high,
199+
int,advice)
198200
{
199201
returnsys_fadvise64_64(fd,
200202
(((u64)offset_high)<<32) |offset_low,
201203
(((u64)len_high)<<32) |len_low,
202204
advice);
203205
}
204206

205-
asmlinkagessize_tsys32_readahead(intfd,unsignedoff_lo,unsignedoff_hi,
206-
size_tcount)
207+
COMPAT_SYSCALL_DEFINE4(x86_readahead,int,fd,unsignedint,off_lo,
208+
unsignedint,off_hi,size_t,count)
207209
{
208210
returnsys_readahead(fd, ((u64)off_hi <<32) |off_lo,count);
209211
}
210212

211-
asmlinkage longsys32_sync_file_range(intfd,unsignedoff_low,unsignedoff_hi,
212-
unsignedn_low,unsignedn_hi,intflags)
213+
COMPAT_SYSCALL_DEFINE6(x86_sync_file_range,int,fd,unsignedint,off_low,
214+
unsignedint,off_hi,unsignedint,n_low,
215+
unsignedint,n_hi,int,flags)
213216
{
214217
returnsys_sync_file_range(fd,
215218
((u64)off_hi <<32) |off_low,
216219
((u64)n_hi <<32) |n_low,flags);
217220
}
218221

219-
asmlinkage longsys32_fadvise64(intfd,unsignedoffset_lo,unsignedoffset_hi,
220-
size_tlen,intadvice)
222+
COMPAT_SYSCALL_DEFINE5(x86_fadvise64,int,fd,unsignedint,offset_lo,
223+
unsignedint,offset_hi,size_t,len,int,advice)
221224
{
222225
returnsys_fadvise64_64(fd, ((u64)offset_hi <<32) |offset_lo,
223226
len,advice);
224227
}
225228

226-
asmlinkage longsys32_fallocate(intfd,intmode,unsignedoffset_lo,
227-
unsignedoffset_hi,unsignedlen_lo,
228-
unsignedlen_hi)
229+
COMPAT_SYSCALL_DEFINE6(x86_fallocate,int,fd,int,mode,
230+
unsignedint,offset_lo,unsignedint,offset_hi,
231+
unsignedint,len_lo,unsignedint,len_hi)
229232
{
230233
returnsys_fallocate(fd,mode, ((u64)offset_hi <<32) |offset_lo,
231234
((u64)len_hi <<32) |len_lo);
232235
}
236+
237+
/*
238+
* The 32-bit clone ABI is CONFIG_CLONE_BACKWARDS
239+
*/
240+
COMPAT_SYSCALL_DEFINE5(x86_clone,unsignedlong,clone_flags,
241+
unsignedlong,newsp,int__user*,parent_tidptr,
242+
unsignedlong,tls_val,int__user*,child_tidptr)
243+
{
244+
returnsys_clone(clone_flags,newsp,parent_tidptr,child_tidptr,
245+
tls_val);
246+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp