From: tip-bot for Josh Poimboeuf <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: hpa@zytor.com, mingo@kernel.org, dvlasenk@redhat.com,
brgerst@gmail.com, torvalds@linux-foundation.org,
a.p.zijlstra@chello.nl, jpoimboe@redhat.com,
matt@codeblueprint.co.uk, bp@alien8.de,
akpm@linux-foundation.org, peterz@infradead.org,
tglx@linutronix.de, luto@kernel.org, rostedt@goodmis.org,
athorlton@sgi.com, linux-kernel@vger.kernel.org
Subject: [tip:x86/urgent] x86/entry/64: Fix stack return address retrieval in thunk
Date: Thu, 19 May 2016 02:12:42 -0700 [thread overview]
Message-ID: <tip-d4bf7078c43e11097e0d6f04d3fb999bf92c4fb0@git.kernel.org> (raw)
In-Reply-To: <20160517180606.v5o7wcgdni7443ol@treble>
Commit-ID: d4bf7078c43e11097e0d6f04d3fb999bf92c4fb0
Gitweb: http://git.kernel.org/tip/d4bf7078c43e11097e0d6f04d3fb999bf92c4fb0
Author: Josh Poimboeuf <jpoimboe@redhat.com>
AuthorDate: Tue, 17 May 2016 13:06:06 -0500
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Thu, 19 May 2016 09:12:34 +0200
x86/entry/64: Fix stack return address retrieval in thunk
With CONFIG_FRAME_POINTER enabled, a thunk can pass a bad return address
value to the called function. '9*8(%rsp)' actually gets the frame
pointer, not the return address.
The only users of the 'put_ret_addr_in_rdi' option are two functions
which trace the enabling and disabling of interrupts, so this bug can
result in bad debug or tracing information with CONFIG_IRQSOFF_TRACER or
CONFIG_PROVE_LOCKING.
Fix this by implementing the suggestion of Linus: explicitly push
the frame pointer all the time and constify the stack offsets that
way. This is both correct and easier to read.
Reported-by: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
[ Extended the changelog a bit. ]
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alex Thorlton <athorlton@sgi.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 058fb73274f9 ("x86/asm/entry: Create stack frames in thunk functions")
Link: http://lkml.kernel.org/r/20160517180606.v5o7wcgdni7443ol@treble
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/entry/thunk_64.S | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/arch/x86/entry/thunk_64.S b/arch/x86/entry/thunk_64.S
index 98df1fa..027aec4 100644
--- a/arch/x86/entry/thunk_64.S
+++ b/arch/x86/entry/thunk_64.S
@@ -8,16 +8,15 @@
#include <linux/linkage.h>
#include "calling.h"
#include <asm/asm.h>
-#include <asm/frame.h>
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
.macro THUNK name, func, put_ret_addr_in_rdi=0
.globl \name
.type \name, @function
\name:
- FRAME_BEGIN
+ pushq %rbp
+ movq %rsp, %rbp
- /* this one pushes 9 elems, the next one would be %rIP */
pushq %rdi
pushq %rsi
pushq %rdx
@@ -29,8 +28,8 @@
pushq %r11
.if \put_ret_addr_in_rdi
- /* 9*8(%rsp) is return addr on stack */
- movq 9*8(%rsp), %rdi
+ /* 8(%rbp) is return addr on stack */
+ movq 8(%rbp), %rdi
.endif
call \func
@@ -65,7 +64,7 @@ restore:
popq %rdx
popq %rsi
popq %rdi
- FRAME_END
+ popq %rbp
ret
_ASM_NOKPROBE(restore)
#endif
next prev parent reply other threads:[~2016-05-19 9:14 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-16 14:46 [GIT PULL] EFI fix Ingo Molnar
2016-05-16 20:05 ` Linus Torvalds
2016-05-16 20:23 ` Alex Thorlton
2016-05-16 22:40 ` Alex Thorlton
2016-05-17 6:30 ` [tip:x86/urgent] x86/efi: Fix 7-parameter efi_call()s tip-bot for Linus Torvalds
2016-05-17 9:04 ` [GIT PULL] EFI fix Matt Fleming
2016-05-17 9:46 ` Matt Fleming
2016-05-17 10:20 ` Ingo Molnar
2016-05-17 14:43 ` [PATCH] x86/asm/entry: fix stack return address retrieval in thunk Josh Poimboeuf
2016-05-17 16:31 ` Linus Torvalds
2016-05-17 16:51 ` Steven Rostedt
2016-05-17 17:21 ` Linus Torvalds
2016-05-17 17:25 ` Josh Poimboeuf
2016-05-17 18:06 ` [PATCH v2] " Josh Poimboeuf
2016-05-17 18:33 ` Linus Torvalds
2016-05-19 9:12 ` tip-bot for Josh Poimboeuf [this message]
2016-05-23 12:08 ` [GIT PULL] EFI fix Matt Fleming
2016-05-23 12:33 ` Josh Poimboeuf
2016-05-24 9:03 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-d4bf7078c43e11097e0d6f04d3fb999bf92c4fb0@git.kernel.org \
--to=tipbot@zytor.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=athorlton@sgi.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.