pve-kernel-qoup/patches/kernel/0107-x86-cpuid-Replace-set-clear_bit32.patch
Fabian Grünbichler 321d628a98 add KPTI and related patches
picked from Ubuntu-4.13.0-23.26
2018-01-06 15:15:39 +01:00

72 lines
2.3 KiB
Diff

From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 2 Nov 2017 13:22:35 +0100
Subject: [PATCH 107/231] x86/cpuid: Replace set/clear_bit32()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
CVE-2017-5754
Peter pointed out that the set/clear_bit32() variants are broken in various
aspects.
Replace them with open coded set/clear_bit() and type cast
cpu_info::x86_capability as it's done in all other places throughout x86.
Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies")
Reported-by: Peter Ziljstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <ak@linux.intel.com>
(cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
arch/x86/kernel/cpu/cpuid-deps.c | 26 +++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index c21f22d836ad..904b0a3c4e53 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = {
{}
};
-static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit)
-{
- clear_bit32(bit, c->x86_capability);
-}
-
-static inline void __setup_clear_cpu_cap(unsigned int bit)
-{
- clear_cpu_cap(&boot_cpu_data, bit);
- set_bit32(bit, cpu_caps_cleared);
-}
-
static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature)
{
- if (!c)
- __setup_clear_cpu_cap(feature);
- else
- __clear_cpu_cap(c, feature);
+ /*
+ * Note: This could use the non atomic __*_bit() variants, but the
+ * rest of the cpufeature code uses atomics as well, so keep it for
+ * consistency. Cleanup all of it separately.
+ */
+ if (!c) {
+ clear_cpu_cap(&boot_cpu_data, feature);
+ set_bit(feature, (unsigned long *)cpu_caps_cleared);
+ } else {
+ clear_bit(feature, (unsigned long *)c->x86_capability);
+ }
}
/* Take the capabilities and the BUG bits into account */
--
2.14.2