Skip to main content

Browse the archive

Revision b645af2d5905c4e32399005b867987919cbfc3ae authored by Andy Lutomirski on 23 November 2014, 02:00:33 UTC, committed by Linus Torvalds on 23 November 2014, 21:56:19 UTC 
x86_64, traps: Rework bad_iret
 
It's possible for iretq to userspace to fail.  This can happen because
of a bad CS, SS, or RIP.

Historically, we've handled it by fixing up an exception from iretq to
land at bad_iret, which pretends that the failed iret frame was really
the hardware part of #GP(0) from userspace.  To make this work, there's
an extra fixup to fudge the gs base into a usable state.

This is suboptimal because it loses the original exception.  It's also
buggy because there's no guarantee that we were on the kernel stack to
begin with.  For example, if the failing iret happened on return from an
NMI, then we'll end up executing general_protection on the NMI stack.
This is bad for several reasons, the most immediate of which is that
general_protection, as a non-paranoid idtentry, will try to deliver
signals and/or schedule from the wrong stack.

This patch throws out bad_iret entirely.  As a replacement, it augments
the existing swapgs fudge into a full-blown iret fixup, mostly written
in C.  It's should be clearer and more correct.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 6f442be
History
File Mode Size
9p
adfs
affs
afs
autofs4
befs
bfs
btrfs
cachefiles
ceph
cifs
coda
configfs
cramfs
debugfs
devpts
dlm
ecryptfs
efivarfs
efs
exofs
exportfs
ext2
ext3
ext4
f2fs
fat
freevxfs
fscache
fuse
gfs2
hfs
hfsplus
hostfs
hpfs
hppfs
hugetlbfs
isofs
jbd
jbd2
jffs2
jfs
kernfs
lockd
logfs
minix
ncpfs
nfs
nfs_common
nfsd
nilfs2
nls
notify
ntfs
ocfs2
omfs
openpromfs
overlayfs
proc
pstore
qnx4
qnx6
quota
ramfs
reiserfs
romfs
squashfs
sysfs
sysv
ubifs
udf
ufs
xfs
Kconfig -rw-r--r-- 6.0 KB
Kconfig.binfmt -rw-r--r-- 7.2 KB
Makefile -rw-r--r-- 4.1 KB
aio.c -rw-r--r-- 41.8 KB
anon_inodes.c -rw-r--r-- 4.9 KB
attr.c -rw-r--r-- 7.9 KB
bad_inode.c -rw-r--r-- 7.8 KB
binfmt_aout.c -rw-r--r-- 10.8 KB
binfmt_elf.c -rw-r--r-- 56.9 KB
binfmt_elf_fdpic.c -rw-r--r-- 46.9 KB
binfmt_em86.c -rw-r--r-- 2.6 KB
binfmt_flat.c -rw-r--r-- 26.4 KB
binfmt_misc.c -rw-r--r-- 15.3 KB
binfmt_script.c -rw-r--r-- 2.7 KB
binfmt_som.c -rw-r--r-- 7.1 KB
block_dev.c -rw-r--r-- 44.0 KB
buffer.c -rw-r--r-- 88.8 KB
char_dev.c -rw-r--r-- 14.1 KB
compat.c -rw-r--r-- 37.0 KB
compat_binfmt_elf.c -rw-r--r-- 3.7 KB
compat_ioctl.c -rw-r--r-- 45.4 KB
coredump.c -rw-r--r-- 18.1 KB
dcache.c -rw-r--r-- 87.9 KB
dcookies.c -rw-r--r-- 6.9 KB
direct-io.c -rw-r--r-- 37.6 KB
drop_caches.c -rw-r--r-- 1.8 KB
eventfd.c -rw-r--r-- 11.3 KB
eventpoll.c -rw-r--r-- 59.0 KB
exec.c -rw-r--r-- 37.4 KB
fcntl.c -rw-r--r-- 16.6 KB
fhandle.c -rw-r--r-- 6.5 KB
file.c -rw-r--r-- 21.5 KB
file_table.c -rw-r--r-- 8.4 KB
filesystems.c -rw-r--r-- 6.4 KB
fs-writeback.c -rw-r--r-- 39.6 KB
fs_pin.c -rw-r--r-- 1.5 KB
fs_struct.c -rw-r--r-- 3.3 KB
inode.c -rw-r--r-- 50.0 KB
internal.h -rw-r--r-- 3.5 KB
ioctl.c -rw-r--r-- 15.5 KB
libfs.c -rw-r--r-- 27.9 KB
locks.c -rw-r--r-- 67.8 KB
mbcache.c -rw-r--r-- 24.1 KB
mount.h -rw-r--r-- 3.4 KB
mpage.c -rw-r--r-- 19.9 KB
namei.c -rw-r--r-- 111.8 KB
namespace.c -rw-r--r-- 77.9 KB
no-block.c -rw-r--r-- 688 bytes
open.c -rw-r--r-- 26.4 KB
pipe.c -rw-r--r-- 25.0 KB
pnode.c -rw-r--r-- 10.1 KB
pnode.h -rw-r--r-- 1.7 KB
posix_acl.c -rw-r--r-- 19.9 KB
proc_namespace.c -rw-r--r-- 7.4 KB
read_write.c -rw-r--r-- 30.2 KB
readdir.c -rw-r--r-- 6.9 KB
select.c -rw-r--r-- 25.4 KB
seq_file.c -rw-r--r-- 21.9 KB
signalfd.c -rw-r--r-- 9.1 KB
splice.c -rw-r--r-- 46.1 KB
stack.c -rw-r--r-- 2.5 KB
stat.c -rw-r--r-- 12.0 KB
statfs.c -rw-r--r-- 5.3 KB
super.c -rw-r--r-- 34.9 KB
sync.c -rw-r--r-- 9.5 KB
timerfd.c -rw-r--r-- 13.0 KB
utimes.c -rw-r--r-- 5.9 KB
xattr.c -rw-r--r-- 22.9 KB
back to top