linux/arch
Andy Lutomirski 8c7aa698ba x86_64, entry: Filter RFLAGS.NT on entry from userspace
The NT flag doesn't do anything in long mode other than causing IRET
to #GP.  Oddly, CPL3 code can still set NT using popf.

Entry via hardware or software interrupt clears NT automatically, so
the only relevant entries are fast syscalls.

If user code causes kernel code to run with NT set, then there's at
least some (small) chance that it could cause trouble.  For example,
user code could cause a call to EFI code with NT set, and who knows
what would happen?  Apparently some games on Wine sometimes do
this (!), and, if an IRET return happens, they will segfault.  That
segfault cannot be handled, because signal delivery fails, too.

This patch programs the CPU to clear NT on entry via SYSCALL (both
32-bit and 64-bit, by my reading of the AMD APM), and it clears NT
in software on entry via SYSENTER.

To save a few cycles, this borrows a trick from Jan Beulich in Xen:
it checks whether NT is set before trying to clear it.  As a result,
it seems to have very little effect on SYSENTER performance on my
machine.

There's another minor bug fix in here: it looks like the CFI
annotations were wrong if CONFIG_AUDITSYSCALL=n.

Testers beware: on Xen, SYSENTER with NT set turns into a GPF.

I haven't touched anything on 32-bit kernels.

The syscall mask change comes from a variant of this patch by Anish
Bhatt.

Note to stable maintainers: there is no known security issue here.
A misguided program can set NT and cause the kernel to try and fail
to deliver SIGSEGV, crashing the program.  This patch fixes Far Cry
on Wine: https://bugs.winehq.org/show_bug.cgi?id=33275

Cc: <stable@vger.kernel.org>
Reported-by: Anish Bhatt <anish@chelsio.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/395749a5d39a29bd3e4b35899cf3a3c1340e5595.1412189265.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2014-10-06 10:53:26 -07:00
..
alpha alpha: io: implement relaxed accessor macros for writes 2014-08-29 11:18:45 -07:00
arc ARC: [mm] Fix compilation breakage 2014-09-03 10:08:50 -07:00
arm ARM: SoC fixes for 3.17 2014-09-27 14:58:59 -07:00
arm64 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-09-19 09:07:47 -07:00
avr32 Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
blackfin Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
c6x Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
cris Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
frv frv: Define cpu_relax_lowlatency() 2014-08-19 09:40:08 -05:00
hexagon flush_icache_range: export symbol to fix build errors 2014-08-29 16:28:17 -07:00
ia64 [IA64] refresh arch/ia64/configs/* using "make savedefconfig" 2014-09-23 11:09:29 -07:00
m32r Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
m68k m68k: Wire up memfd_create 2014-09-01 10:28:00 +02:00
metag Metag architecture changes for v3.17 2014-08-13 18:18:09 -06:00
microblaze microblaze: Fix number of syscalls 2014-09-09 13:14:47 +02:00
mips Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2014-09-27 14:42:18 -07:00
mn10300 Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
openrisc Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
parisc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-24 12:45:24 -07:00
powerpc powerpc: Update defconfigs which were missing CONFIG_NET. 2014-09-24 14:34:29 -04:00
s390 s390: Update defconfigs which were missing CONFIG_NET. 2014-09-24 14:34:20 -04:00
score Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
sh sh: Set CONFIG_NET=y in defconfigs 2014-09-24 13:38:30 -04:00
sparc sparc: bpf_jit: fix loads from negative offsets 2014-09-24 15:04:07 -04:00
tile flush_icache_range: export symbol to fix build errors 2014-08-29 16:28:17 -07:00
um Merge branch 'signal-cleanup' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/misc 2014-08-09 09:58:12 -07:00
unicore32 unicore32: Fix build error 2014-08-31 17:08:12 -07:00
x86 x86_64, entry: Filter RFLAGS.NT on entry from userspace 2014-10-06 10:53:26 -07:00
xtensa Xtensa improvements for 3.17: 2014-08-31 17:08:42 -07:00
.gitignore
Kconfig