Google Git
Sign in
kernel / pub / scm / linux / kernel / git / luto / linux / pr-20150716-nmi-part-1
tag95b5d574b6c5effa9d9f0a3eaf05cb0f41b9f2d1
taggerAndy Lutomirski <luto@kernel.org>Thu Jul 16 13:03:44 2015 -0700
object4fb2a8d9cb0efcd7405f1ad105d7f3c764afe02f 
x86/nmi: CVE-2015-3290 fixes

This is the first three patches in the NMI series.  They fix
CVE-2015-3290.  I omitted the fix for CVE-2015-3291 and the testing
patches because they're far less urgent.
commit4fb2a8d9cb0efcd7405f1ad105d7f3c764afe02f[log] [tgz]
authorAndy Lutomirski <luto@kernel.org>Fri Jul 10 11:35:31 2015 -0700
committerAndy Lutomirski <luto@kernel.org>Wed Jul 15 10:04:14 2015 -0700
tree275bca426758874396a38c7458e189ab5cd831be
parente7c2c90651fd54c3ca499fbb065ea5cbac30047d [diff]
x86/nmi/64: Switch stacks on userspace NMI entry

Returning to userspace is tricky: IRET can fail, and ESPFIX can
rearrange the stack prior to IRET.

The NMI nesting fixup relies on a precise stack layout and atomic
IRET.  Rather than trying to teach the NMI nesting fixup to handle
ESPFIX and failed IRET, punt: run NMIs that came from user mode on
the normal kernel stack.

This will make some nested NMIs visible to C code, but the C code is
okay with that.

As a side effect, this should speed up perf: it eliminates an RDMSR
when NMIs come from user mode.

Fixes CVE-2015-3290.

Cc: stable@vger.kernel.org
Reviewed-by: Steven Rostedt <rostedt@goodmis.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
1 file changed
tree: 275bca426758874396a38c7458e189ab5cd831be
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS