CVE-2015-6666 x86_64 NT flag handling DoS (rhbz 1256746 1256753)
This commit is contained in:
parent
33d32884c2
commit
2634b95c75
|
@ -0,0 +1,62 @@
|
|||
From 512255a2ad2c832ca7d4de9f31245f73781922d0 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Lutomirski <luto@kernel.org>
|
||||
Date: Mon, 17 Aug 2015 12:22:50 -0700
|
||||
Subject: [PATCH] Revert "sched/x86_64: Don't save flags on context switch"
|
||||
|
||||
This reverts commit:
|
||||
|
||||
2c7577a75837 ("sched/x86_64: Don't save flags on context switch")
|
||||
|
||||
It was a nice speedup. It's also not quite correct: SYSENTER
|
||||
enables interrupts too early.
|
||||
|
||||
We can re-add this optimization once the SYSENTER code is beaten
|
||||
into shape, which should happen in 4.3 or 4.4.
|
||||
|
||||
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Cc: stable@vger.kernel.org # v3.19
|
||||
Link: http://lkml.kernel.org/r/85f56651f59f76624e80785a8fd3bdfdd089a818.1439838962.git.luto@kernel.org
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
---
|
||||
arch/x86/include/asm/switch_to.h | 12 ++++--------
|
||||
1 file changed, 4 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h
|
||||
index 751bf4b7bf11..d7f3b3b78ac3 100644
|
||||
--- a/arch/x86/include/asm/switch_to.h
|
||||
+++ b/arch/x86/include/asm/switch_to.h
|
||||
@@ -79,12 +79,12 @@ do { \
|
||||
#else /* CONFIG_X86_32 */
|
||||
|
||||
/* frame pointer must be last for get_wchan */
|
||||
-#define SAVE_CONTEXT "pushq %%rbp ; movq %%rsi,%%rbp\n\t"
|
||||
-#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp\t"
|
||||
+#define SAVE_CONTEXT "pushf ; pushq %%rbp ; movq %%rsi,%%rbp\n\t"
|
||||
+#define RESTORE_CONTEXT "movq %%rbp,%%rsi ; popq %%rbp ; popf\t"
|
||||
|
||||
#define __EXTRA_CLOBBER \
|
||||
, "rcx", "rbx", "rdx", "r8", "r9", "r10", "r11", \
|
||||
- "r12", "r13", "r14", "r15", "flags"
|
||||
+ "r12", "r13", "r14", "r15"
|
||||
|
||||
#ifdef CONFIG_CC_STACKPROTECTOR
|
||||
#define __switch_canary \
|
||||
@@ -100,11 +100,7 @@ do { \
|
||||
#define __switch_canary_iparam
|
||||
#endif /* CC_STACKPROTECTOR */
|
||||
|
||||
-/*
|
||||
- * There is no need to save or restore flags, because flags are always
|
||||
- * clean in kernel mode, with the possible exception of IOPL. Kernel IOPL
|
||||
- * has no effect.
|
||||
- */
|
||||
+/* Save restore flags to clear handle leaking NT */
|
||||
#define switch_to(prev, next, last) \
|
||||
asm volatile(SAVE_CONTEXT \
|
||||
"movq %%rsp,%P[threadrsp](%[prev])\n\t" /* save RSP */ \
|
||||
--
|
||||
2.4.3
|
||||
|
|
@ -644,6 +644,9 @@ Patch511: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
|||
#rhbz 1250717
|
||||
Patch512: ext4-dont-manipulate-recovery-flag-when-freezing.patch
|
||||
|
||||
#CVE-2015-6666 rhbz 1256746 1256753
|
||||
Patch513: Revert-sched-x86_64-Don-t-save-flags-on-context-swit.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1393,6 +1396,9 @@ ApplyPatch iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
|
|||
#rhbz 1250717
|
||||
ApplyPatch ext4-dont-manipulate-recovery-flag-when-freezing.patch
|
||||
|
||||
#CVE-2015-6666 rhbz 1256746 1256753
|
||||
ApplyPatch Revert-sched-x86_64-Don-t-save-flags-on-context-swit.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2252,6 +2258,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Aug 25 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-6666 x86_64 NT flag handling DoS (rhbz 1256746 1256753)
|
||||
|
||||
* Fri Aug 21 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Disable EFI_VARS (rhbz 1252137)
|
||||
|
||||
|
|
Loading…
Reference in New Issue