diff options
| author |   Andy Lutomirski <luto@kernel.org> | 2019-07-01 20:43:21 -0700 |
|---|---|---|
| committer |   Thomas Gleixner <tglx@linutronix.de> | 2019-07-02 08:45:20 +0200 |
| commit | 539bca535decb11a0861b6205c6684b8e908589b (patch) | |
| tree | 9059dc59b231d9a4152b67638f67751bc1c92a60 /tools | |
| parent | x86/entry/64: Don't compile ignore_sysret if 32-bit emulation is enabled (diff) | |
| download | linux-dev-539bca535decb11a0861b6205c6684b8e908589b.tar.xz linux-dev-539bca535decb11a0861b6205c6684b8e908589b.zip | |
x86/entry/64: Fix and clean up paranoid_exit
paranoid_exit needs to restore CR3 before GSBASE. Doing it in the opposite
order crashes if the exception came from a context with user GSBASE and
user CR3 -- RESTORE_CR3 cannot resture user CR3 if run with user GSBASE.
This results in infinitely recursing exceptions if user code does SYSENTER
with TF set if both FSGSBASE and PTI are enabled.
The old code worked if user code just set TF without SYSENTER because #DB
from user mode is special cased in idtentry and paranoid_exit doesn't run.
Fix it by cleaning up the spaghetti code. All that paranoid_exit needs to
do is to disable IRQs, handle IRQ tracing, then restore CR3, and restore
GSBASE. Simply do those actions in that order.
Fixes: 708078f65721 ("x86/entry/64: Handle FSGSBASE enabled paranoid entry/exit")
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ravi Shankar <ravi.v.shankar@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Link: https://lkml.kernel.org/r/59725ceb08977359489fbed979716949ad45f616.1562035429.git.luto@kernel.org
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions