Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

	  it can be used to assist security vulnerability exploitation.

	  This setting can be changed at boot time via the kernel command

	  line parameter vsyscall=[native|emulate|none].

	  line parameter vsyscall=[emulate|none].

	  On a system with recent enough glibc (2.14 or newer) and no

	  static binaries, you can say None without a performance penalty

	  If unsure, select "Emulate".

	config LEGACY_VSYSCALL_NATIVE

		bool "Native"

		help

		  Actual executable code is located in the fixed vsyscall

		  address mapping, implementing time() efficiently. Since

		  this makes the mapping executable, it can be used during

		  security vulnerability exploitation (traditionally as

		  ROP gadgets). This configuration is not recommended.

	config LEGACY_VSYSCALL_EMULATE

		bool "Emulate"

		help

	pushq	2*8(%rdi)		/* regs->ip */

	pushq	1*8(%rdi)		/* regs->orig_ax */

	movq	(%rdi), %rdi		/* restore %rdi */

	pushq	%rdi			/* pt_regs->di */

	pushq	(%rdi)			/* pt_regs->di */

	pushq	%rsi			/* pt_regs->si */

	pushq	%rdx			/* pt_regs->dx */

	pushq	%rcx			/* pt_regs->cx */

	TRACE_IRQS_ON

	jmp	swapgs_restore_regs_and_return_to_usermode

END(entry_INT80_compat)

ENTRY(stub32_clone)

	/*

	 * The 32-bit clone ABI is: clone(..., int tls_val, int *child_tidptr).

	 * The 64-bit clone ABI is: clone(..., int *child_tidptr, int tls_val).

	 *

	 * The native 64-bit kernel's sys_clone() implements the latter,

	 * so we need to swap arguments here before calling it:

	 */

	xchg	%r8, %rcx

	jmp	sys_clone

ENDPROC(stub32_clone)

#

0	i386	restart_syscall		sys_restart_syscall

1	i386	exit			sys_exit

2	i386	fork			sys_fork			sys_fork

2	i386	fork			sys_fork

3	i386	read			sys_read

4	i386	write			sys_write

5	i386	open			sys_open			compat_sys_open

6	i386	close			sys_close

7	i386	waitpid			sys_waitpid			sys32_waitpid

7	i386	waitpid			sys_waitpid			compat_sys_x86_waitpid

8	i386	creat			sys_creat

9	i386	link			sys_link

10	i386	unlink			sys_unlink

69	i386	ssetmask		sys_ssetmask

70	i386	setreuid		sys_setreuid16

71	i386	setregid		sys_setregid16

72	i386	sigsuspend		sys_sigsuspend			sys_sigsuspend

72	i386	sigsuspend		sys_sigsuspend

73	i386	sigpending		sys_sigpending			compat_sys_sigpending

74	i386	sethostname		sys_sethostname

75	i386	setrlimit		sys_setrlimit			compat_sys_setrlimit

87	i386	swapon			sys_swapon

88	i386	reboot			sys_reboot

89	i386	readdir			sys_old_readdir			compat_sys_old_readdir

90	i386	mmap			sys_old_mmap			sys32_mmap

90	i386	mmap			sys_old_mmap			compat_sys_x86_mmap

91	i386	munmap			sys_munmap

92	i386	truncate		sys_truncate			compat_sys_truncate

93	i386	ftruncate		sys_ftruncate			compat_sys_ftruncate

117	i386	ipc			sys_ipc				compat_sys_ipc

118	i386	fsync			sys_fsync

119	i386	sigreturn		sys_sigreturn			sys32_sigreturn

120	i386	clone			sys_clone			stub32_clone

120	i386	clone			sys_clone			compat_sys_x86_clone

121	i386	setdomainname		sys_setdomainname

122	i386	uname			sys_newuname

123	i386	modify_ldt		sys_modify_ldt

177	i386	rt_sigtimedwait		sys_rt_sigtimedwait		compat_sys_rt_sigtimedwait

178	i386	rt_sigqueueinfo		sys_rt_sigqueueinfo		compat_sys_rt_sigqueueinfo

179	i386	rt_sigsuspend		sys_rt_sigsuspend

180	i386	pread64			sys_pread64			sys32_pread

181	i386	pwrite64		sys_pwrite64			sys32_pwrite

180	i386	pread64			sys_pread64			compat_sys_x86_pread

181	i386	pwrite64		sys_pwrite64			compat_sys_x86_pwrite

182	i386	chown			sys_chown16

183	i386	getcwd			sys_getcwd

184	i386	capget			sys_capget

187	i386	sendfile		sys_sendfile			compat_sys_sendfile

188	i386	getpmsg

189	i386	putpmsg

190	i386	vfork			sys_vfork			sys_vfork

190	i386	vfork			sys_vfork

191	i386	ugetrlimit		sys_getrlimit			compat_sys_getrlimit

192	i386	mmap2			sys_mmap_pgoff

193	i386	truncate64		sys_truncate64			sys32_truncate64

194	i386	ftruncate64		sys_ftruncate64			sys32_ftruncate64

195	i386	stat64			sys_stat64			sys32_stat64

196	i386	lstat64			sys_lstat64			sys32_lstat64

197	i386	fstat64			sys_fstat64			sys32_fstat64

193	i386	truncate64		sys_truncate64			compat_sys_x86_truncate64

194	i386	ftruncate64		sys_ftruncate64			compat_sys_x86_ftruncate64

195	i386	stat64			sys_stat64			compat_sys_x86_stat64

196	i386	lstat64			sys_lstat64			compat_sys_x86_lstat64

197	i386	fstat64			sys_fstat64			compat_sys_x86_fstat64

198	i386	lchown32		sys_lchown

199	i386	getuid32		sys_getuid

200	i386	getgid32		sys_getgid

# 222 is unused

# 223 is unused

224	i386	gettid			sys_gettid

225	i386	readahead		sys_readahead			sys32_readahead

225	i386	readahead		sys_readahead			compat_sys_x86_readahead

226	i386	setxattr		sys_setxattr

227	i386	lsetxattr		sys_lsetxattr

228	i386	fsetxattr		sys_fsetxattr

247	i386	io_getevents		sys_io_getevents		compat_sys_io_getevents

248	i386	io_submit		sys_io_submit			compat_sys_io_submit

249	i386	io_cancel		sys_io_cancel

250	i386	fadvise64		sys_fadvise64			sys32_fadvise64

250	i386	fadvise64		sys_fadvise64			compat_sys_x86_fadvise64

# 251 is available for reuse (was briefly sys_set_zone_reclaim)

252	i386	exit_group		sys_exit_group

253	i386	lookup_dcookie		sys_lookup_dcookie		compat_sys_lookup_dcookie

269	i386	fstatfs64		sys_fstatfs64			compat_sys_fstatfs64

270	i386	tgkill			sys_tgkill

271	i386	utimes			sys_utimes			compat_sys_utimes

272	i386	fadvise64_64		sys_fadvise64_64		sys32_fadvise64_64

272	i386	fadvise64_64		sys_fadvise64_64		compat_sys_x86_fadvise64_64

273	i386	vserver

274	i386	mbind			sys_mbind

275	i386	get_mempolicy		sys_get_mempolicy		compat_sys_get_mempolicy

297	i386	mknodat			sys_mknodat

298	i386	fchownat		sys_fchownat

299	i386	futimesat		sys_futimesat			compat_sys_futimesat

300	i386	fstatat64		sys_fstatat64			sys32_fstatat

300	i386	fstatat64		sys_fstatat64			compat_sys_x86_fstatat

301	i386	unlinkat		sys_unlinkat

302	i386	renameat		sys_renameat

303	i386	linkat			sys_linkat

311	i386	set_robust_list		sys_set_robust_list		compat_sys_set_robust_list

312	i386	get_robust_list		sys_get_robust_list		compat_sys_get_robust_list

313	i386	splice			sys_splice

314	i386	sync_file_range		sys_sync_file_range		sys32_sync_file_range

314	i386	sync_file_range		sys_sync_file_range		compat_sys_x86_sync_file_range

315	i386	tee			sys_tee

316	i386	vmsplice		sys_vmsplice			compat_sys_vmsplice

317	i386	move_pages		sys_move_pages			compat_sys_move_pages

321	i386	signalfd		sys_signalfd			compat_sys_signalfd

322	i386	timerfd_create		sys_timerfd_create

323	i386	eventfd			sys_eventfd

324	i386	fallocate		sys_fallocate			sys32_fallocate

324	i386	fallocate		sys_fallocate			compat_sys_x86_fallocate

325	i386	timerfd_settime		sys_timerfd_settime		compat_sys_timerfd_settime

326	i386	timerfd_gettime		sys_timerfd_gettime		compat_sys_timerfd_gettime

327	i386	signalfd4		sys_signalfd4			compat_sys_signalfd4

#define CREATE_TRACE_POINTS

#include "vsyscall_trace.h"

static enum { EMULATE, NATIVE, NONE } vsyscall_mode =

#if defined(CONFIG_LEGACY_VSYSCALL_NATIVE)

	NATIVE;

#elif defined(CONFIG_LEGACY_VSYSCALL_NONE)

static enum { EMULATE, NONE } vsyscall_mode =

#ifdef CONFIG_LEGACY_VSYSCALL_NONE

	NONE;

#else

	EMULATE;

	if (str) {

		if (!strcmp("emulate", str))

			vsyscall_mode = EMULATE;

		else if (!strcmp("native", str))

			vsyscall_mode = NATIVE;

		else if (!strcmp("none", str))

			vsyscall_mode = NONE;

		else

	WARN_ON_ONCE(address != regs->ip);

	/* This should be unreachable in NATIVE mode. */

	if (WARN_ON(vsyscall_mode == NATIVE))

		return false;

	if (vsyscall_mode == NONE) {

		warn_bad_vsyscall(KERN_INFO, regs,

				  "vsyscall attempted with vsyscall=none");

	if (vsyscall_mode != NONE) {

		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,

			     vsyscall_mode == NATIVE

			     ? PAGE_KERNEL_VSYSCALL

			     : PAGE_KERNEL_VVAR);

			     PAGE_KERNEL_VVAR);

		set_vsyscall_pgtable_user_bits(swapper_pg_dir);

	}

#define AA(__x)		((unsigned long)(__x))

asmlinkage long sys32_truncate64(const char __user *filename,

				 unsigned long offset_low,

				 unsigned long offset_high)

COMPAT_SYSCALL_DEFINE3(x86_truncate64, const char __user *, filename,

		       unsigned long, offset_low, unsigned long, offset_high)

{

       return sys_truncate(filename, ((loff_t) offset_high << 32) | offset_low);

}

asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,

				  unsigned long offset_high)

COMPAT_SYSCALL_DEFINE3(x86_ftruncate64, unsigned int, fd,

		       unsigned long, offset_low, unsigned long, offset_high)

{

       return sys_ftruncate(fd, ((loff_t) offset_high << 32) | offset_low);

}

	return 0;

}

asmlinkage long sys32_stat64(const char __user *filename,

			     struct stat64 __user *statbuf)

COMPAT_SYSCALL_DEFINE2(x86_stat64, const char __user *, filename,

		       struct stat64 __user *, statbuf)

{

	struct kstat stat;

	int ret = vfs_stat(filename, &stat);

	return ret;

}

asmlinkage long sys32_lstat64(const char __user *filename,

			      struct stat64 __user *statbuf)

COMPAT_SYSCALL_DEFINE2(x86_lstat64, const char __user *, filename,

		       struct stat64 __user *, statbuf)

{

	struct kstat stat;

	int ret = vfs_lstat(filename, &stat);

	return ret;

}

asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf)

COMPAT_SYSCALL_DEFINE2(x86_fstat64, unsigned int, fd,

		       struct stat64 __user *, statbuf)

{

	struct kstat stat;

	int ret = vfs_fstat(fd, &stat);

	return ret;

}

asmlinkage long sys32_fstatat(unsigned int dfd, const char __user *filename,

			      struct stat64 __user *statbuf, int flag)

COMPAT_SYSCALL_DEFINE4(x86_fstatat, unsigned int, dfd,

		       const char __user *, filename,

		       struct stat64 __user *, statbuf, int, flag)

{

	struct kstat stat;

	int error;

	unsigned int offset;

};

asmlinkage long sys32_mmap(struct mmap_arg_struct32 __user *arg)

COMPAT_SYSCALL_DEFINE1(x86_mmap, struct mmap_arg_struct32 __user *, arg)

{

	struct mmap_arg_struct32 a;

			       a.offset>>PAGE_SHIFT);

}

asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int __user *stat_addr,

			      int options)

COMPAT_SYSCALL_DEFINE3(x86_waitpid, compat_pid_t, pid, unsigned int __user *,

		       stat_addr, int, options)

{

	return compat_sys_wait4(pid, stat_addr, options, NULL);

}

/* warning: next two assume little endian */

asmlinkage long sys32_pread(unsigned int fd, char __user *ubuf, u32 count,

			    u32 poslo, u32 poshi)

COMPAT_SYSCALL_DEFINE5(x86_pread, unsigned int, fd, char __user *, ubuf,

		       u32, count, u32, poslo, u32, poshi)

{

	return sys_pread64(fd, ubuf, count,

			 ((loff_t)AA(poshi) << 32) | AA(poslo));

}

asmlinkage long sys32_pwrite(unsigned int fd, const char __user *ubuf,

			     u32 count, u32 poslo, u32 poshi)

COMPAT_SYSCALL_DEFINE5(x86_pwrite, unsigned int, fd, const char __user *, ubuf,

		       u32, count, u32, poslo, u32, poshi)

{

	return sys_pwrite64(fd, ubuf, count,

			  ((loff_t)AA(poshi) << 32) | AA(poslo));

 * Some system calls that need sign extended arguments. This could be

 * done by a generic wrapper.

 */

long sys32_fadvise64_64(int fd, __u32 offset_low, __u32 offset_high,

			__u32 len_low, __u32 len_high, int advice)

COMPAT_SYSCALL_DEFINE6(x86_fadvise64_64, int, fd, __u32, offset_low,

		       __u32, offset_high, __u32, len_low, __u32, len_high,

		       int, advice)

{

	return sys_fadvise64_64(fd,

			       (((u64)offset_high)<<32) | offset_low,

				advice);

}

asmlinkage ssize_t sys32_readahead(int fd, unsigned off_lo, unsigned off_hi,

				   size_t count)

COMPAT_SYSCALL_DEFINE4(x86_readahead, int, fd, unsigned int, off_lo,

		       unsigned int, off_hi, size_t, count)

{

	return sys_readahead(fd, ((u64)off_hi << 32) | off_lo, count);

}

asmlinkage long sys32_sync_file_range(int fd, unsigned off_low, unsigned off_hi,

				      unsigned n_low, unsigned n_hi,  int flags)

COMPAT_SYSCALL_DEFINE6(x86_sync_file_range, int, fd, unsigned int, off_low,

		       unsigned int, off_hi, unsigned int, n_low,

		       unsigned int, n_hi, int, flags)

{

	return sys_sync_file_range(fd,

				   ((u64)off_hi << 32) | off_low,

				   ((u64)n_hi << 32) | n_low, flags);

}

asmlinkage long sys32_fadvise64(int fd, unsigned offset_lo, unsigned offset_hi,

				size_t len, int advice)

COMPAT_SYSCALL_DEFINE5(x86_fadvise64, int, fd, unsigned int, offset_lo,

		       unsigned int, offset_hi, size_t, len, int, advice)

{

	return sys_fadvise64_64(fd, ((u64)offset_hi << 32) | offset_lo,

				len, advice);

}

asmlinkage long sys32_fallocate(int fd, int mode, unsigned offset_lo,

				unsigned offset_hi, unsigned len_lo,

				unsigned len_hi)

COMPAT_SYSCALL_DEFINE6(x86_fallocate, int, fd, int, mode,

		       unsigned int, offset_lo, unsigned int, offset_hi,

		       unsigned int, len_lo, unsigned int, len_hi)

{

	return sys_fallocate(fd, mode, ((u64)offset_hi << 32) | offset_lo,

			     ((u64)len_hi << 32) | len_lo);

}

/*

 * The 32-bit clone ABI is CONFIG_CLONE_BACKWARDS

 */

COMPAT_SYSCALL_DEFINE5(x86_clone, unsigned long, clone_flags,

		       unsigned long, newsp, int __user *, parent_tidptr,

		       unsigned long, tls_val, int __user *, child_tidptr)

{

	return sys_clone(clone_flags, newsp, parent_tidptr, child_tidptr,

			tls_val);

}