]>
Commit | Line | Data |
---|---|---|
321d628a FG |
1 | From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001 |
2 | From: Thomas Gleixner <tglx@linutronix.de> | |
3 | Date: Thu, 2 Nov 2017 13:22:35 +0100 | |
633c5ed1 | 4 | Subject: [PATCH 107/242] x86/cpuid: Replace set/clear_bit32() |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | Peter pointed out that the set/clear_bit32() variants are broken in various | |
12 | aspects. | |
13 | ||
14 | Replace them with open coded set/clear_bit() and type cast | |
15 | cpu_info::x86_capability as it's done in all other places throughout x86. | |
16 | ||
17 | Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies") | |
18 | Reported-by: Peter Ziljstra <peterz@infradead.org> | |
19 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
20 | Cc: Andi Kleen <ak@linux.intel.com> | |
21 | (cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2) | |
22 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
23 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
24 | (cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171) | |
25 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
26 | --- | |
27 | arch/x86/kernel/cpu/cpuid-deps.c | 26 +++++++++++--------------- | |
28 | 1 file changed, 11 insertions(+), 15 deletions(-) | |
29 | ||
30 | diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c | |
31 | index c21f22d836ad..904b0a3c4e53 100644 | |
32 | --- a/arch/x86/kernel/cpu/cpuid-deps.c | |
33 | +++ b/arch/x86/kernel/cpu/cpuid-deps.c | |
34 | @@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = { | |
35 | {} | |
36 | }; | |
37 | ||
38 | -static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit) | |
39 | -{ | |
40 | - clear_bit32(bit, c->x86_capability); | |
41 | -} | |
42 | - | |
43 | -static inline void __setup_clear_cpu_cap(unsigned int bit) | |
44 | -{ | |
45 | - clear_cpu_cap(&boot_cpu_data, bit); | |
46 | - set_bit32(bit, cpu_caps_cleared); | |
47 | -} | |
48 | - | |
49 | static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature) | |
50 | { | |
51 | - if (!c) | |
52 | - __setup_clear_cpu_cap(feature); | |
53 | - else | |
54 | - __clear_cpu_cap(c, feature); | |
55 | + /* | |
56 | + * Note: This could use the non atomic __*_bit() variants, but the | |
57 | + * rest of the cpufeature code uses atomics as well, so keep it for | |
58 | + * consistency. Cleanup all of it separately. | |
59 | + */ | |
60 | + if (!c) { | |
61 | + clear_cpu_cap(&boot_cpu_data, feature); | |
62 | + set_bit(feature, (unsigned long *)cpu_caps_cleared); | |
63 | + } else { | |
64 | + clear_bit(feature, (unsigned long *)c->x86_capability); | |
65 | + } | |
66 | } | |
67 | ||
68 | /* Take the capabilities and the BUG bits into account */ | |
69 | -- | |
70 | 2.14.2 | |
71 |