71 lines
2.3 KiB
Diff
71 lines
2.3 KiB
Diff
From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001
|
|
From: Thomas Gleixner <tglx@linutronix.de>
|
|
Date: Thu, 2 Nov 2017 13:22:35 +0100
|
|
Subject: [PATCH 107/241] x86/cpuid: Replace set/clear_bit32()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
CVE-2017-5754
|
|
|
|
Peter pointed out that the set/clear_bit32() variants are broken in various
|
|
aspects.
|
|
|
|
Replace them with open coded set/clear_bit() and type cast
|
|
cpu_info::x86_capability as it's done in all other places throughout x86.
|
|
|
|
Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies")
|
|
Reported-by: Peter Ziljstra <peterz@infradead.org>
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Cc: Andi Kleen <ak@linux.intel.com>
|
|
(cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2)
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
|
|
(cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171)
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
---
|
|
arch/x86/kernel/cpu/cpuid-deps.c | 26 +++++++++++---------------
|
|
1 file changed, 11 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
|
|
index c21f22d836ad..904b0a3c4e53 100644
|
|
--- a/arch/x86/kernel/cpu/cpuid-deps.c
|
|
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
|
|
@@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = {
|
|
{}
|
|
};
|
|
|
|
-static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit)
|
|
-{
|
|
- clear_bit32(bit, c->x86_capability);
|
|
-}
|
|
-
|
|
-static inline void __setup_clear_cpu_cap(unsigned int bit)
|
|
-{
|
|
- clear_cpu_cap(&boot_cpu_data, bit);
|
|
- set_bit32(bit, cpu_caps_cleared);
|
|
-}
|
|
-
|
|
static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature)
|
|
{
|
|
- if (!c)
|
|
- __setup_clear_cpu_cap(feature);
|
|
- else
|
|
- __clear_cpu_cap(c, feature);
|
|
+ /*
|
|
+ * Note: This could use the non atomic __*_bit() variants, but the
|
|
+ * rest of the cpufeature code uses atomics as well, so keep it for
|
|
+ * consistency. Cleanup all of it separately.
|
|
+ */
|
|
+ if (!c) {
|
|
+ clear_cpu_cap(&boot_cpu_data, feature);
|
|
+ set_bit(feature, (unsigned long *)cpu_caps_cleared);
|
|
+ } else {
|
|
+ clear_bit(feature, (unsigned long *)c->x86_capability);
|
|
+ }
|
|
}
|
|
|
|
/* Take the capabilities and the BUG bits into account */
|
|
--
|
|
2.14.2
|
|
|