[kernel] r22851 - in dists/trunk/linux: . debian debian/patches debian/patches/bugfix/x86
Ben Hutchings
benh at moszumanska.debian.org
Thu Jul 23 01:24:15 UTC 2015
Author: benh
Date: Thu Jul 23 01:24:14 2015
New Revision: 22851
Log:
Merge changes from sid up to 4.0.8-2
Drop the new rt patches.
Forward-port the NMI fixes to 4.1 (hopefully correctly).
Added:
dists/trunk/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
dists/trunk/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch
- copied unchanged from r22848, dists/sid/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch
dists/trunk/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch
dists/trunk/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch
dists/trunk/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch
dists/trunk/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch
dists/trunk/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch
- copied, changed from r22848, dists/sid/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch
Modified:
dists/trunk/linux/ (props changed)
dists/trunk/linux/debian/changelog
dists/trunk/linux/debian/patches/series
Modified: dists/trunk/linux/debian/changelog
==============================================================================
--- dists/trunk/linux/debian/changelog Thu Jul 23 01:01:27 2015 (r22850)
+++ dists/trunk/linux/debian/changelog Thu Jul 23 01:24:14 2015 (r22851)
@@ -53,6 +53,22 @@
-- Ben Hutchings <ben at decadent.org.uk> Tue, 07 Jul 2015 09:15:45 +0100
+linux (4.0.8-2) unstable; urgency=high
+
+ [ Uwe Kleine-König ]
+ * [rt] Update to 4.0.8-rt6
+
+ [ Ben Hutchings ]
+ * [amd64] Fix nested NMI handling (CVE-2015-3290, CVE-2015-3291,
+ CVE-2015-5157)
+ - Enable nested do_nmi handling for 64-bit kernels
+ - Remove asm code that saves cr2
+ - Switch stacks on userspace NMI entry
+ - Reorder nested NMI checks
+ - Use DF to avoid userspace RSP confusing nested NMI detection
+
+ -- Ben Hutchings <ben at decadent.org.uk> Wed, 22 Jul 2015 21:45:07 +0100
+
linux (4.0.8-1) unstable; urgency=medium
* New upstream stable update:
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -19,7 +19,7 @@
Cc: Thomas Gleixner <tglx at linutronix.de>
Link: http://lkml.kernel.org/r/2f2318653dbad284a59311f13f08cea71298fd7c.1433449436.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo at kernel.org>
-[bwh: Backported to 4.0: adjust filename, context]
+[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 4 +---
@@ -27,16 +27,16 @@
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -862,8 +862,6 @@ retint_restore_args: /* return to kernel
- TRACE_IRQS_IRETQ
- restore_args:
- RESTORE_ARGS 1,8,1
+@@ -811,8 +811,6 @@ retint_kernel:
+ restore_c_regs_and_iret:
+ RESTORE_C_REGS
+ REMOVE_PT_GPREGS_FROM_STACK 8
-
-irq_return:
INTERRUPT_RETURN
ENTRY(native_iret)
-@@ -1708,7 +1706,7 @@ nmi_restore:
+@@ -1658,7 +1656,7 @@ nmi_restore:
/* Clear the NMI executing stack variable */
movq $0, 5*8(%rsp)
Copied: dists/trunk/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch Thu Jul 23 01:24:14 2015 (r22851, copy of r22848, dists/sid/linux/debian/patches/bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch)
@@ -0,0 +1,191 @@
+From: Andy Lutomirski <luto at kernel.org>
+Date: Wed, 15 Jul 2015 10:29:33 -0700
+Subject: [4/9] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels
+Origin: https://git.kernel.org/linus/9d05041679904b12c12421cbcf9cb5f4860a8d7b
+
+32-bit kernels handle nested NMIs in C. Enable the exact same
+handling on 64-bit kernels as well. This isn't currently
+necessary, but it will become necessary once the asm code starts
+allowing limited nesting.
+
+Signed-off-by: Andy Lutomirski <luto at kernel.org>
+Reviewed-by: Steven Rostedt <rostedt at goodmis.org>
+Cc: Borislav Petkov <bp at suse.de>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>
+Cc: Peter Zijlstra <peterz at infradead.org>
+Cc: Thomas Gleixner <tglx at linutronix.de>
+Cc: stable at vger.kernel.org
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+---
+ arch/x86/kernel/nmi.c | 123 +++++++++++++++++++++-----------------------------
+ 1 file changed, 52 insertions(+), 71 deletions(-)
+
+--- a/arch/x86/kernel/nmi.c
++++ b/arch/x86/kernel/nmi.c
+@@ -408,15 +408,15 @@ static void default_do_nmi(struct pt_reg
+ NOKPROBE_SYMBOL(default_do_nmi);
+
+ /*
+- * NMIs can hit breakpoints which will cause it to lose its
+- * NMI context with the CPU when the breakpoint does an iret.
+- */
+-#ifdef CONFIG_X86_32
+-/*
+- * For i386, NMIs use the same stack as the kernel, and we can
+- * add a workaround to the iret problem in C (preventing nested
+- * NMIs if an NMI takes a trap). Simply have 3 states the NMI
+- * can be in:
++ * NMIs can hit breakpoints which will cause it to lose its NMI context
++ * with the CPU when the breakpoint or page fault does an IRET.
++ *
++ * As a result, NMIs can nest if NMIs get unmasked due an IRET during
++ * NMI processing. On x86_64, the asm glue protects us from nested NMIs
++ * if the outer NMI came from kernel mode, but we can still nest if the
++ * outer NMI came from user mode.
++ *
++ * To handle these nested NMIs, we have three states:
+ *
+ * 1) not running
+ * 2) executing
+@@ -430,15 +430,14 @@ NOKPROBE_SYMBOL(default_do_nmi);
+ * (Note, the latch is binary, thus multiple NMIs triggering,
+ * when one is running, are ignored. Only one NMI is restarted.)
+ *
+- * If an NMI hits a breakpoint that executes an iret, another
+- * NMI can preempt it. We do not want to allow this new NMI
+- * to run, but we want to execute it when the first one finishes.
+- * We set the state to "latched", and the exit of the first NMI will
+- * perform a dec_return, if the result is zero (NOT_RUNNING), then
+- * it will simply exit the NMI handler. If not, the dec_return
+- * would have set the state to NMI_EXECUTING (what we want it to
+- * be when we are running). In this case, we simply jump back
+- * to rerun the NMI handler again, and restart the 'latched' NMI.
++ * If an NMI executes an iret, another NMI can preempt it. We do not
++ * want to allow this new NMI to run, but we want to execute it when the
++ * first one finishes. We set the state to "latched", and the exit of
++ * the first NMI will perform a dec_return, if the result is zero
++ * (NOT_RUNNING), then it will simply exit the NMI handler. If not, the
++ * dec_return would have set the state to NMI_EXECUTING (what we want it
++ * to be when we are running). In this case, we simply jump back to
++ * rerun the NMI handler again, and restart the 'latched' NMI.
+ *
+ * No trap (breakpoint or page fault) should be hit before nmi_restart,
+ * thus there is no race between the first check of state for NOT_RUNNING
+@@ -461,49 +460,36 @@ enum nmi_states {
+ static DEFINE_PER_CPU(enum nmi_states, nmi_state);
+ static DEFINE_PER_CPU(unsigned long, nmi_cr2);
+
+-#define nmi_nesting_preprocess(regs) \
+- do { \
+- if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { \
+- this_cpu_write(nmi_state, NMI_LATCHED); \
+- return; \
+- } \
+- this_cpu_write(nmi_state, NMI_EXECUTING); \
+- this_cpu_write(nmi_cr2, read_cr2()); \
+- } while (0); \
+- nmi_restart:
+-
+-#define nmi_nesting_postprocess() \
+- do { \
+- if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) \
+- write_cr2(this_cpu_read(nmi_cr2)); \
+- if (this_cpu_dec_return(nmi_state)) \
+- goto nmi_restart; \
+- } while (0)
+-#else /* x86_64 */
++#ifdef CONFIG_X86_64
+ /*
+- * In x86_64 things are a bit more difficult. This has the same problem
+- * where an NMI hitting a breakpoint that calls iret will remove the
+- * NMI context, allowing a nested NMI to enter. What makes this more
+- * difficult is that both NMIs and breakpoints have their own stack.
+- * When a new NMI or breakpoint is executed, the stack is set to a fixed
+- * point. If an NMI is nested, it will have its stack set at that same
+- * fixed address that the first NMI had, and will start corrupting the
+- * stack. This is handled in entry_64.S, but the same problem exists with
+- * the breakpoint stack.
+- *
+- * If a breakpoint is being processed, and the debug stack is being used,
+- * if an NMI comes in and also hits a breakpoint, the stack pointer
+- * will be set to the same fixed address as the breakpoint that was
+- * interrupted, causing that stack to be corrupted. To handle this case,
+- * check if the stack that was interrupted is the debug stack, and if
+- * so, change the IDT so that new breakpoints will use the current stack
+- * and not switch to the fixed address. On return of the NMI, switch back
+- * to the original IDT.
++ * In x86_64, we need to handle breakpoint -> NMI -> breakpoint. Without
++ * some care, the inner breakpoint will clobber the outer breakpoint's
++ * stack.
++ *
++ * If a breakpoint is being processed, and the debug stack is being
++ * used, if an NMI comes in and also hits a breakpoint, the stack
++ * pointer will be set to the same fixed address as the breakpoint that
++ * was interrupted, causing that stack to be corrupted. To handle this
++ * case, check if the stack that was interrupted is the debug stack, and
++ * if so, change the IDT so that new breakpoints will use the current
++ * stack and not switch to the fixed address. On return of the NMI,
++ * switch back to the original IDT.
+ */
+ static DEFINE_PER_CPU(int, update_debug_stack);
++#endif
+
+-static inline void nmi_nesting_preprocess(struct pt_regs *regs)
++dotraplinkage notrace void
++do_nmi(struct pt_regs *regs, long error_code)
+ {
++ if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) {
++ this_cpu_write(nmi_state, NMI_LATCHED);
++ return;
++ }
++ this_cpu_write(nmi_state, NMI_EXECUTING);
++ this_cpu_write(nmi_cr2, read_cr2());
++nmi_restart:
++
++#ifdef CONFIG_X86_64
+ /*
+ * If we interrupted a breakpoint, it is possible that
+ * the nmi handler will have breakpoints too. We need to
+@@ -514,22 +500,8 @@ static inline void nmi_nesting_preproces
+ debug_stack_set_zero();
+ this_cpu_write(update_debug_stack, 1);
+ }
+-}
+-
+-static inline void nmi_nesting_postprocess(void)
+-{
+- if (unlikely(this_cpu_read(update_debug_stack))) {
+- debug_stack_reset();
+- this_cpu_write(update_debug_stack, 0);
+- }
+-}
+ #endif
+
+-dotraplinkage notrace void
+-do_nmi(struct pt_regs *regs, long error_code)
+-{
+- nmi_nesting_preprocess(regs);
+-
+ nmi_enter();
+
+ inc_irq_stat(__nmi_count);
+@@ -539,8 +511,17 @@ do_nmi(struct pt_regs *regs, long error_
+
+ nmi_exit();
+
+- /* On i386, may loop back to preprocess */
+- nmi_nesting_postprocess();
++#ifdef CONFIG_X86_64
++ if (unlikely(this_cpu_read(update_debug_stack))) {
++ debug_stack_reset();
++ this_cpu_write(update_debug_stack, 0);
++ }
++#endif
++
++ if (unlikely(this_cpu_read(nmi_cr2) != read_cr2()))
++ write_cr2(this_cpu_read(nmi_cr2));
++ if (this_cpu_dec_return(nmi_state))
++ goto nmi_restart;
+ }
+ NOKPROBE_SYMBOL(do_nmi);
+
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -21,8 +21,8 @@
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -1673,29 +1673,11 @@ end_repeat_nmi:
- call save_paranoid
+@@ -1621,29 +1621,11 @@ end_repeat_nmi:
+ call paranoid_entry
DEFAULT_FRAME 0
- /*
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -25,20 +25,14 @@
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: stable at vger.kernel.org
Signed-off-by: Ingo Molnar <mingo at kernel.org>
-[bwh: Backported to 4.0:
+[bwh: Backported to 4.1:
- Adjust filename, context
- - s/restore_c_regs_and_iret/restore_args/
- - Use kernel_stack + KERNEL_STACK_OFFSET instead of cpu_current_top_of_stack]
+ - Use kernel_stack instead of cpu_current_top_of_stack]
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
-[luto: Open-coded return path to avoid dependency on partial pt_regs details]
-Signed-off-by: Andy Lutomirski <luto at kernel.org>
---
- arch/x86/kernel/entry_64.S | 79 +++++++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 75 insertions(+), 4 deletions(-)
-
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -1494,19 +1494,90 @@ ENTRY(nmi)
+@@ -1442,19 +1442,73 @@ ENTRY(nmi)
* a nested NMI that updated the copy interrupt stack frame, a
* jump will be made to the repeat_nmi code that will handle the second
* NMI.
@@ -49,7 +43,7 @@
+ * other IST entries.
*/
- /* Use %rdx as out temp variable throughout */
+ /* Use %rdx as our temp variable throughout */
pushq_cfi %rdx
CFI_REL_OFFSET rdx, 0
@@ -68,7 +62,6 @@
+ cld
+ movq %rsp, %rdx
+ movq PER_CPU_VAR(kernel_stack), %rsp
-+ addq $KERNEL_STACK_OFFSET, %rsp
+ pushq 5*8(%rdx) /* pt_regs->ss */
+ pushq 4*8(%rdx) /* pt_regs->rsp */
+ pushq 3*8(%rdx) /* pt_regs->flags */
@@ -101,33 +94,17 @@
+ movq $-1, %rsi
+ call do_nmi
+
-+ /*
-+ * Return back to user mode. We must *not* do the normal exit
-+ * work, because we don't want to enable interrupts. Fortunately,
-+ * do_nmi doesn't modify pt_regs.
-+ */
-+ SWAPGS
-+
/*
- * If %cs was not the kernel segment, then the NMI triggered in user
- * space, which means it is definitely not nested.
-+ * Open-code the entire return process for compatibility with varying
-+ * register layouts across different kernel versions.
++ * Return back to user mode. We must *not* do the normal exit
++ * work, because we don't want to enable interrupts. Fortunately,
++ * do_nmi doesn't modify pt_regs.
*/
- cmpl $__KERNEL_CS, 16(%rsp)
- jne first_nmi
-+ addq $6*8, %rsp /* skip bx, bp, and r12-r15 */
-+ popq %r11 /* pt_regs->r11 */
-+ popq %r10 /* pt_regs->r10 */
-+ popq %r9 /* pt_regs->r9 */
-+ popq %r8 /* pt_regs->r8 */
-+ popq %rax /* pt_regs->ax */
-+ popq %rcx /* pt_regs->cx */
-+ popq %rdx /* pt_regs->dx */
-+ popq %rsi /* pt_regs->si */
-+ popq %rdi /* pt_regs->di */
-+ addq $8, %rsp /* skip orig_ax */
-+ INTERRUPT_RETURN
++ SWAPGS
++ jmp restore_c_regs_and_iret
+.Lnmi_from_kernel:
/*
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -14,7 +14,7 @@
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: stable at vger.kernel.org
Signed-off-by: Ingo Molnar <mingo at kernel.org>
-[bwh: Backported to 4.0: adjust filename, context]
+[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 159 ++++++++++++++++++++++++++-------------------
@@ -23,7 +23,7 @@
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -1481,11 +1481,12 @@ ENTRY(nmi)
+@@ -1429,11 +1429,12 @@ ENTRY(nmi)
* If the variable is not set and the stack is not the NMI
* stack then:
* o Set the special variable on the stack
@@ -39,7 +39,7 @@
* o return back to the first NMI
*
* Now on exit of the first NMI, we first clear the stack variable
-@@ -1579,18 +1580,60 @@ ENTRY(nmi)
+@@ -1510,18 +1511,60 @@ ENTRY(nmi)
.Lnmi_from_kernel:
/*
@@ -107,7 +107,7 @@
*/
lea 6*8(%rsp), %rdx
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
-@@ -1607,9 +1650,11 @@ ENTRY(nmi)
+@@ -1538,9 +1581,11 @@ ENTRY(nmi)
nested_nmi:
/*
@@ -122,7 +122,7 @@
*/
movq $repeat_nmi, %rdx
cmpq 8(%rsp), %rdx
-@@ -1619,7 +1664,10 @@ nested_nmi:
+@@ -1550,7 +1595,10 @@ nested_nmi:
ja nested_nmi_out
1:
@@ -134,7 +134,7 @@
leaq -1*8(%rsp), %rdx
movq %rdx, %rsp
CFI_ADJUST_CFA_OFFSET 1*8
-@@ -1638,60 +1686,23 @@ nested_nmi_out:
+@@ -1569,60 +1617,23 @@ nested_nmi_out:
popq_cfi %rdx
CFI_RESTORE rdx
@@ -200,7 +200,7 @@
.rept 5
pushq_cfi 11*8(%rsp)
.endr
-@@ -1699,6 +1710,7 @@ first_nmi:
+@@ -1630,6 +1641,7 @@ first_nmi:
/* Everything up to here is safe from nested NMIs */
@@ -208,7 +208,7 @@
/*
* If there was a nested NMI, the first NMI's iret will return
* here. But NMIs are still enabled and we can take another
-@@ -1707,16 +1719,21 @@ first_nmi:
+@@ -1638,16 +1650,21 @@ first_nmi:
* it will just return, as we are about to repeat an NMI anyway.
* This makes it safe to copy to the stack frame that a nested
* NMI will update.
@@ -237,7 +237,7 @@
addq $(10*8), %rsp
CFI_ADJUST_CFA_OFFSET -10*8
.rept 5
-@@ -1727,9 +1744,9 @@ repeat_nmi:
+@@ -1658,9 +1675,9 @@ repeat_nmi:
end_repeat_nmi:
/*
@@ -249,14 +249,15 @@
+ * frame to point back to repeat_nmi.
*/
pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
- subq $ORIG_RAX-R15, %rsp
-@@ -1754,11 +1771,17 @@ end_repeat_nmi:
- nmi_swapgs:
- SWAPGS_UNSAFE_STACK
+ ALLOC_PT_GPREGS_ON_STACK
+@@ -1687,11 +1704,18 @@ nmi_swapgs:
nmi_restore:
+ RESTORE_EXTRA_REGS
+ RESTORE_C_REGS
- /* Pop the extra iret frame at once */
+
- RESTORE_ALL 6*8
++ /* Point RSP at the "iret" frame. */
+ REMOVE_PT_GPREGS_FROM_STACK 6*8
- /* Clear the NMI executing stack variable */
+ /* Clear "NMI executing". */
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -33,7 +33,7 @@
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: stable at vger.kernel.org
Signed-off-by: Ingo Molnar <mingo at kernel.org>
-[bwh: Backported to 4.0: adjust filename, spacing]
+[bwh: Backported to 4.1: adjust filename, spacing]
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 34 ++++++++++++++++++----------------
@@ -41,7 +41,7 @@
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -1623,7 +1623,24 @@ ENTRY(nmi)
+@@ -1554,7 +1554,24 @@ ENTRY(nmi)
/*
* Determine whether we're a nested NMI.
*
@@ -67,7 +67,7 @@
* This will not detect if we interrupted an outer NMI just
* before IRET.
*/
-@@ -1650,21 +1667,6 @@ ENTRY(nmi)
+@@ -1581,21 +1598,6 @@ ENTRY(nmi)
nested_nmi:
/*
Copied and modified: dists/trunk/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch (from r22848, dists/sid/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch)
==============================================================================
--- dists/sid/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch Wed Jul 22 23:44:02 2015 (r22848, copy source)
+++ dists/trunk/linux/debian/patches/bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch Thu Jul 23 01:24:14 2015 (r22851)
@@ -27,7 +27,7 @@
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: stable at vger.kernel.org
Signed-off-by: Ingo Molnar <mingo at kernel.org>
-[bwh: Backported to 4.0: adjust filename, context]
+[bwh: Backported to 4.1: adjust filename, context]
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
arch/x86/kernel/entry_64.S | 29 +++++++++++++++++++++++++----
@@ -35,7 +35,7 @@
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -1650,7 +1650,14 @@ ENTRY(nmi)
+@@ -1581,7 +1581,14 @@ ENTRY(nmi)
/*
* Now test if the previous stack was an NMI stack. This covers
* the case where we interrupt an outer NMI after it clears
@@ -51,7 +51,7 @@
*/
lea 6*8(%rsp), %rdx
/* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
-@@ -1661,10 +1668,16 @@ ENTRY(nmi)
+@@ -1592,10 +1599,16 @@ ENTRY(nmi)
cmpq %rdx, 4*8(%rsp)
/* If it is below the NMI stack, it is a normal NMI */
jb first_nmi
@@ -69,9 +69,9 @@
nested_nmi:
/*
* Modify the "iret" frame to point to repeat_nmi, forcing another
-@@ -1776,8 +1789,16 @@ nmi_restore:
-
- RESTORE_ALL 6*8
+@@ -1710,8 +1723,16 @@ nmi_restore:
+ /* Point RSP at the "iret" frame. */
+ REMOVE_PT_GPREGS_FROM_STACK 6*8
- /* Clear "NMI executing". */
- movq $0, 5*8(%rsp)
Modified: dists/trunk/linux/debian/patches/series
==============================================================================
--- dists/trunk/linux/debian/patches/series Thu Jul 23 01:01:27 2015 (r22850)
+++ dists/trunk/linux/debian/patches/series Thu Jul 23 01:24:14 2015 (r22851)
@@ -80,3 +80,10 @@
features/all/efi-autoload-efi-pstore.patch
bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
+bugfix/x86/0003-x86-asm-entry-64-Remove-pointless-jump-to-irq_return.patch
+bugfix/x86/0004-x86-nmi-Enable-nested-do_nmi-handling-for-64-bit-ker.patch
+bugfix/x86/0005-x86-nmi-64-Remove-asm-code-that-saves-cr2.patch
+bugfix/x86/0006-x86-nmi-64-Switch-stacks-on-userspace-NMI-entry.patch
+bugfix/x86/0007-x86-nmi-64-Improve-nested-NMI-comments.patch
+bugfix/x86/0008-x86-nmi-64-Reorder-nested-NMI-checks.patch
+bugfix/x86/0009-x86-nmi-64-Use-DF-to-avoid-userspace-RSP-confusing-n.patch
More information about the Kernel-svn-changes
mailing list