Commit b03f35a0 authored by Ben Hutchings's avatar Ben Hutchings Committed by Zheng Zengkai
Browse files

x86/xen: Fix initialisation in hypercall_page after rethunk 

stable inclusion
from stable-v5.10.133
commit 668cb1ddf0ae7fcffcfc2ac1cfec9f770c8191fc
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5PTAS
CVE: CVE-2022-29900,CVE-2022-23816,CVE-2022-29901

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=668cb1ddf0ae7fcffcfc2ac1cfec9f770c8191fc



--------------------------------

The hypercall_page is special and the RETs there should not be changed
into rethunk calls (but can have SLS mitigation).  Change the initial
instructions to ret + int3 padding, as was done in upstream commit
5b2fc515 "x86/ibt,xen: Sprinkle the ENDBR".

Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLin Yujun <linyujun809@huawei.com>
Reviewed-by: default avatarZhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 864aa198

arch/x86/xen/xen-head.S

+2 −2
Original line number Diff line number Diff line
@@ -69,9 +69,9 @@ SYM_CODE_END(asm_cpu_bringup_and_idle) 
SYM_CODE_START(hypercall_page)

	.rept (PAGE_SIZE / 32)

		UNWIND_HINT_FUNC

		.skip 31, 0x90

		ANNOTATE_UNRET_SAFE

		RET

		ret

		.skip 31, 0xcc

	.endr



#define HYPERCALL(n) \