[PATCH] x86/asm/entry/32: Simplify zeroing of pt_regs->r8..r11 on int80 code path

[PATCH] x86/asm/entry/32: Simplify zeroing of pt_regs->r8..r11 on int80 code path

[Denys Vlasenko]

32-bit syscall entry points do not save complete pt_regs struct -
they leave some fields uninitialized. However, they must be careful
to not leak uninitialized data in pt_regs->r8..r11 to ptrace users.

CLEAR_RREGS macro is used to zero these fields out when needed.

However, on int80 code path this zeroing is unconditional. This patch
simplifies it by storing zeroes there right away, when pt_regs
is constructed on stack. This uses shrter instructions:

   text    data     bss     dec     hex filename
   1423       0       0    1423     58f ia32entry.o.before
   1407       0       0    1407     57f ia32entry.o

Compile-tested.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
CC: Linus Torvalds <torvalds@linux-foundation.org>
CC: Steven Rostedt <rostedt@goodmis.org>
CC: Ingo Molnar <mingo@kernel.org>
CC: Borislav Petkov <bp@alien8.de>
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
CC: Frederic Weisbecker <fweisbec@gmail.com>
CC: Alexei Starovoitov <ast@plumgrid.com>
CC: Will Drewry <wad@chromium.org>
CC: Kees Cook <keescook@chromium.org>
CC: x86@kernel.org
CC: linux-kernel@vger.kernel.org
---
 arch/x86/ia32/ia32entry.S | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 2be23c7..2801cbe 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -421,6 +421,10 @@ ia32_badarg:
 	movq $-EFAULT,%rax
 	jmp ia32_sysret
 
+ia32_ret_from_sys_call:
+	CLEAR_RREGS
+	jmp int_ret_from_sys_call
+
 /*
  * Emulated IA32 system calls via int 0x80.
  *
@@ -462,8 +466,12 @@ ENTRY(ia32_syscall)
 	pushq	%rdx			/* pt_regs->dx */
 	pushq	%rcx			/* pt_regs->cx */
 	pushq	$-ENOSYS		/* pt_regs->ax */
+	pushq	$0			/* pt_regs->r8 */
+	pushq	$0			/* pt_regs->r9 */
+	pushq	$0			/* pt_regs->r10 */
+	pushq	$0			/* pt_regs->r11 */
 	cld
-	sub	$(10*8),%rsp /* pt_regs->r8-11,bp,bx,r12-15 not saved */
+	sub	$(6*8),%rsp /* pt_regs->bp,bx,r12-15 not saved */
 
 	orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
 	testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
@@ -481,13 +489,10 @@ ia32_do_call:
 ia32_sysret:
 	movq %rax,RAX(%rsp)
 1:
-ia32_ret_from_sys_call:
-	CLEAR_RREGS
 	jmp int_ret_from_sys_call
 
 ia32_tracesys:
 	SAVE_EXTRA_REGS
-	CLEAR_RREGS
 	movq %rsp,%rdi        /* &pt_regs -> arg1 */
 	call syscall_trace_enter
 	LOAD_ARGS32	/* reload args from stack in case ptrace changed it */
-- 
1.8.1.4

[tip:x86/asm] x86/asm/entry/32: Simplify the zeroing of pt_regs-> r8..r11 in the int80 code path

[tip-bot for Denys Vlasenko]

Commit-ID:  61b1e3e782d6784b714c0d80de529e0737d0e79c
Gitweb:     http://git.kernel.org/tip/61b1e3e782d6784b714c0d80de529e0737d0e79c
Author:     Denys Vlasenko <dvlasenk@redhat.com>
AuthorDate: Tue, 2 Jun 2015 19:35:10 +0200
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 5 Jun 2015 13:22:21 +0200

x86/asm/entry/32: Simplify the zeroing of pt_regs->r8..r11 in the int80 code path

32-bit syscall entry points do not save the complete pt_regs struct,
they leave some fields uninitialized. However, they must be
careful to not leak uninitialized data in pt_regs->r8..r11 to
ptrace users.

CLEAR_RREGS macro is used to zero these fields out when needed.

However, in the int80 code path this zeroing is unconditional.
This patch simplifies it by storing zeroes there right away,
when pt_regs is constructed on stack.

This uses shorter instructions:

   text    data     bss     dec     hex filename
   1423       0       0    1423     58f ia32entry.o.before
   1407       0       0    1407     57f ia32entry.o

Compile-tested.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Drewry <wad@chromium.org>
Link: http://lkml.kernel.org/r/1433266510-2938-1-git-send-email-dvlasenk@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/entry/ia32entry.S | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/arch/x86/entry/ia32entry.S b/arch/x86/entry/ia32entry.S
index f167674..f00a409 100644
--- a/arch/x86/entry/ia32entry.S
+++ b/arch/x86/entry/ia32entry.S
@@ -421,6 +421,10 @@ ia32_badarg:
 	movq $-EFAULT,%rax
 	jmp ia32_sysret
 
+ia32_ret_from_sys_call:
+	CLEAR_RREGS
+	jmp int_ret_from_sys_call
+
 /*
  * Emulated IA32 system calls via int 0x80.
  *
@@ -462,8 +466,12 @@ ENTRY(ia32_syscall)
 	pushq	%rdx			/* pt_regs->dx */
 	pushq	%rcx			/* pt_regs->cx */
 	pushq	$-ENOSYS		/* pt_regs->ax */
+	pushq	$0			/* pt_regs->r8 */
+	pushq	$0			/* pt_regs->r9 */
+	pushq	$0			/* pt_regs->r10 */
+	pushq	$0			/* pt_regs->r11 */
 	cld
-	sub	$(10*8),%rsp /* pt_regs->r8-11,bp,bx,r12-15 not saved */
+	sub	$(6*8),%rsp /* pt_regs->bp,bx,r12-15 not saved */
 
 	orl $TS_COMPAT, ASM_THREAD_INFO(TI_status, %rsp, SIZEOF_PTREGS)
 	testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
@@ -481,13 +489,10 @@ ia32_do_call:
 ia32_sysret:
 	movq %rax,RAX(%rsp)
 1:
-ia32_ret_from_sys_call:
-	CLEAR_RREGS
 	jmp int_ret_from_sys_call
 
 ia32_tracesys:
 	SAVE_EXTRA_REGS
-	CLEAR_RREGS
 	movq %rsp,%rdi        /* &pt_regs -> arg1 */
 	call syscall_trace_enter
 	LOAD_ARGS32	/* reload args from stack in case ptrace changed it */