summaryrefslogtreecommitdiffstats
path: root/Documentation/filesystems/porting
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2019-07-20 10:56:41 +0200
committerThomas Gleixner <tglx@linutronix.de>2019-07-20 14:28:41 +0200
commit6879298bd0673840cadd1fb36d7225485504ceb4 (patch)
tree10b6187c53250f34e55a4a0ec146eea7d852bf98 /Documentation/filesystems/porting
parentx86/hyper-v: Zero out the VP ASSIST PAGE on allocation (diff)
downloadlinux-6879298bd0673840cadd1fb36d7225485504ceb4.tar.xz
linux-6879298bd0673840cadd1fb36d7225485504ceb4.zip
x86/entry/64: Prevent clobbering of saved CR2 value
The recent fix for CR2 corruption introduced a new way to reliably corrupt the saved CR2 value. CR2 is saved early in the entry code in RDX, which is the third argument to the fault handling functions. But it missed that between saving and invoking the fault handler enter_from_user_mode() can be called. RDX is a caller saved register so the invoked function can freely clobber it with the obvious consequences. The TRACE_IRQS_OFF call is safe as it calls through the thunk which preserves RDX, but TRACE_IRQS_OFF_DEBUG is not because it also calls into C-code outside of the thunk. Store CR2 in R12 instead which is a callee saved register and move R12 to RDX just before calling the fault handler. Fixes: a0d14b8909de ("x86/mm, tracing: Fix CR2 corruption") Reported-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1907201020540.1782@nanos.tec.linutronix.de
Diffstat (limited to 'Documentation/filesystems/porting')
0 files changed, 0 insertions, 0 deletions