]>
Commit | Line | Data |
---|---|---|
035dbe67 FG |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Borislav Petkov <bp@suse.de> | |
3 | Date: Wed, 10 Jan 2018 12:28:16 +0100 | |
4 | Subject: [PATCH] x86/alternatives: Fix optimize_nops() checking | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | The alternatives code checks only the first byte whether it is a NOP, but | |
12 | with NOPs in front of the payload and having actual instructions after it | |
13 | breaks the "optimized' test. | |
14 | ||
15 | Make sure to scan all bytes before deciding to optimize the NOPs in there. | |
16 | ||
17 | Reported-by: David Woodhouse <dwmw2@infradead.org> | |
18 | Signed-off-by: Borislav Petkov <bp@suse.de> | |
19 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
20 | Cc: Tom Lendacky <thomas.lendacky@amd.com> | |
21 | Cc: Andi Kleen <ak@linux.intel.com> | |
22 | Cc: Tim Chen <tim.c.chen@linux.intel.com> | |
23 | Cc: Peter Zijlstra <peterz@infradead.org> | |
24 | Cc: Jiri Kosina <jikos@kernel.org> | |
25 | Cc: Dave Hansen <dave.hansen@intel.com> | |
26 | Cc: Andi Kleen <andi@firstfloor.org> | |
27 | Cc: Andrew Lutomirski <luto@kernel.org> | |
28 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
29 | Cc: Greg Kroah-Hartman <gregkh@linux-foundation.org> | |
30 | Cc: Paul Turner <pjt@google.com> | |
31 | Link: https://lkml.kernel.org/r/20180110112815.mgciyf5acwacphkq@pd.tnic | |
32 | ||
33 | (cherry picked from commit 612e8e9350fd19cae6900cf36ea0c6892d1a0dca) | |
34 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
35 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
36 | (cherry picked from commit dc241f68557ee1929a92b9ec6f7a1294bbbd4f00) | |
37 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
38 | --- | |
39 | arch/x86/kernel/alternative.c | 7 +++++-- | |
40 | 1 file changed, 5 insertions(+), 2 deletions(-) | |
41 | ||
42 | diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c | |
43 | index 32e14d137416..5dc05755a044 100644 | |
44 | --- a/arch/x86/kernel/alternative.c | |
45 | +++ b/arch/x86/kernel/alternative.c | |
46 | @@ -344,9 +344,12 @@ recompute_jump(struct alt_instr *a, u8 *orig_insn, u8 *repl_insn, u8 *insnbuf) | |
47 | static void __init_or_module noinline optimize_nops(struct alt_instr *a, u8 *instr) | |
48 | { | |
49 | unsigned long flags; | |
50 | + int i; | |
51 | ||
52 | - if (instr[0] != 0x90) | |
53 | - return; | |
54 | + for (i = 0; i < a->padlen; i++) { | |
55 | + if (instr[i] != 0x90) | |
56 | + return; | |
57 | + } | |
58 | ||
59 | local_irq_save(flags); | |
60 | add_nops(instr + (a->instrlen - a->padlen), a->padlen); | |
61 | -- | |
62 | 2.14.2 | |
63 |