]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9a40617) | patch
x86/nospec: Simplify alternative_msr_write()
authorLinus Torvalds <torvalds@linux-foundation.org>
Tue, 1 May 2018 13:55:51 +0000 (15:55 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 14 May 2018 10:05:41 +0000 (12:05 +0200)
commite6c919745f60afbcbc8ba5dc4a77e0922e8278d1
tree8ae0070f9a9cd8f0e970454c1655c7824272f49atree
parent9a40617520fb0aa940df2f3eacf659fadcd615fccommit | diff
x86/nospec: Simplify alternative_msr_write()

The macro is not type safe and I did look for why that "g" constraint for
the asm doesn't work: it's because the asm is more fundamentally wrong.

It does

        movl %[val], %%eax

but "val" isn't a 32-bit value, so then gcc will pass it in a register,
and generate code like

        movl %rsi, %eax

and gas will complain about a nonsensical 'mov' instruction (it's moving a
64-bit register to a 32-bit one).

Passing it through memory will just hide the real bug - gcc still thinks
the memory location is 64-bit, but the "movl" will only load the first 32
bits and it all happens to work because x86 is little-endian.

Convert it to a type safe inline function with a little trick which hands
the feature into the ALTERNATIVE macro.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
arch/x86/include/asm/nospec-branch.h diff | blob | blame | history
Ubuntu Artful kernel mirror