From: Juergen Gross <jgross@xxxxxxxx>
commit dda014ba59331dee4f3b773a020e109932f4bd24 upstream.
The syscall instruction is used in Xen PV mode for doing hypercalls.
Allow syscall to be used in the kernel in case it is tagged with an
unwind hint for objtool.
This is part of XSA-466 / CVE-2024-53241.
Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Co-developed-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/objtool/check.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -3820,9 +3820,12 @@ static int validate_branch(struct objtoo
break;
case INSN_CONTEXT_SWITCH:
- if (func && (!next_insn || !next_insn->hint)) {
- WARN_INSN(insn, "unsupported instruction in callable function");
- return 1;
+ if (func) {
+ if (!next_insn || !next_insn->hint) {
+ WARN_INSN(insn, "unsupported instruction in callable function");
+ return 1;
+ }
+ break;
}
return 0;
Patches currently in stable-queue which might be from jgross@xxxxxxxx are
queue-6.12/x86-make-get_cpu_vendor-accessible-from-xen-code.patch
queue-6.12/x86-xen-use-new-hypercall-functions-instead-of-hypercall-page.patch
queue-6.12/x86-static-call-provide-a-way-to-do-very-early-static-call-updates.patch
queue-6.12/objtool-x86-allow-syscall-instruction.patch
queue-6.12/x86-xen-remove-hypercall-page.patch
queue-6.12/xen-netfront-fix-crash-when-removing-device.patch
queue-6.12/x86-xen-don-t-do-pv-iret-hypercall-through-hypercall-page.patch
queue-6.12/x86-xen-add-central-hypercall-functions.patch
