]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Thomas Gleixner <tglx@linutronix.de> |
3 | Date: Sat, 30 Dec 2017 22:13:53 +0100 | |
59d5af67 | 4 | Subject: [PATCH] x86/smpboot: Remove stale TLB flush invocations |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | smpboot_setup_warm_reset_vector() and smpboot_restore_warm_reset_vector() | |
12 | invoke local_flush_tlb() for no obvious reason. | |
13 | ||
14 | Digging in history revealed that the original code in the 2.1 era added | |
15 | those because the code manipulated a swapper_pg_dir pagetable entry. The | |
16 | pagetable manipulation was removed long ago in the 2.3 timeframe, but the | |
17 | TLB flush invocations stayed around forever. | |
18 | ||
19 | Remove them along with the pointless pr_debug()s which come from the same 2.1 | |
20 | change. | |
21 | ||
22 | Reported-by: Dominik Brodowski <linux@dominikbrodowski.net> | |
23 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
24 | Cc: <stable@vger.kernel.org> | |
25 | Cc: Andy Lutomirski <luto@kernel.org> | |
26 | Cc: Borislav Petkov <bp@alien8.de> | |
27 | Cc: Dave Hansen <dave.hansen@linux.intel.com> | |
28 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
29 | Cc: Linus Torvalds <torvalds@linuxfoundation.org> | |
30 | Cc: Peter Zijlstra <peterz@infradead.org> | |
31 | Link: http://lkml.kernel.org/r/20171230211829.586548655@linutronix.de | |
32 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
33 | (cherry picked from commit 322f8b8b340c824aef891342b0f5795d15e11562) | |
34 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
35 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
36 | (cherry picked from commit fb08c4a80a22dc79c9775f493e291dfe2c642b86) | |
37 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
38 | --- | |
39 | arch/x86/kernel/smpboot.c | 9 --------- | |
40 | 1 file changed, 9 deletions(-) | |
41 | ||
42 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c | |
43 | index 03d2ba2da3b0..6ad8391b9866 100644 | |
44 | --- a/arch/x86/kernel/smpboot.c | |
45 | +++ b/arch/x86/kernel/smpboot.c | |
46 | @@ -128,25 +128,16 @@ static inline void smpboot_setup_warm_reset_vector(unsigned long start_eip) | |
47 | spin_lock_irqsave(&rtc_lock, flags); | |
48 | CMOS_WRITE(0xa, 0xf); | |
49 | spin_unlock_irqrestore(&rtc_lock, flags); | |
50 | - local_flush_tlb(); | |
51 | - pr_debug("1.\n"); | |
52 | *((volatile unsigned short *)phys_to_virt(TRAMPOLINE_PHYS_HIGH)) = | |
53 | start_eip >> 4; | |
54 | - pr_debug("2.\n"); | |
55 | *((volatile unsigned short *)phys_to_virt(TRAMPOLINE_PHYS_LOW)) = | |
56 | start_eip & 0xf; | |
57 | - pr_debug("3.\n"); | |
58 | } | |
59 | ||
60 | static inline void smpboot_restore_warm_reset_vector(void) | |
61 | { | |
62 | unsigned long flags; | |
63 | ||
64 | - /* | |
65 | - * Install writable page 0 entry to set BIOS data area. | |
66 | - */ | |
67 | - local_flush_tlb(); | |
68 | - | |
69 | /* | |
70 | * Paranoid: Set warm reset code and vector here back | |
71 | * to default values. | |
72 | -- | |
73 | 2.14.2 | |
74 |