[pve-kernel.git] / patches / kernel / 0107-x86-cpuid-Replace-set-clear_bit32.patch

From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 2 Nov 2017 13:22:35 +0100
Subject: [PATCH 107/241] x86/cpuid: Replace set/clear_bit32()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

Peter pointed out that the set/clear_bit32() variants are broken in various
aspects.

Replace them with open coded set/clear_bit() and type cast
cpu_info::x86_capability as it's done in all other places throughout x86.

Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies")
Reported-by: Peter Ziljstra <peterz@infradead.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <ak@linux.intel.com>
(cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/kernel/cpu/cpuid-deps.c | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index c21f22d836ad..904b0a3c4e53 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = {
 	{}
 };
 
-static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit)
-{
-	clear_bit32(bit, c->x86_capability);
-}
-
-static inline void __setup_clear_cpu_cap(unsigned int bit)
-{
-	clear_cpu_cap(&boot_cpu_data, bit);
-	set_bit32(bit, cpu_caps_cleared);
-}
-
 static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature)
 {
-	if (!c)
-		__setup_clear_cpu_cap(feature);
-	else
-		__clear_cpu_cap(c, feature);
+	/*
+	 * Note: This could use the non atomic __*_bit() variants, but the
+	 * rest of the cpufeature code uses atomics as well, so keep it for
+	 * consistency. Cleanup all of it separately.
+	 */
+	if (!c) {
+		clear_cpu_cap(&boot_cpu_data, feature);
+		set_bit(feature, (unsigned long *)cpu_caps_cleared);
+	} else {
+		clear_bit(feature, (unsigned long *)c->x86_capability);
+	}
 }
 
 /* Take the capabilities and the BUG bits into account */
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001
	2	From: Thomas Gleixner <tglx@linutronix.de>
	3	Date: Thu, 2 Nov 2017 13:22:35 +0100
e4cdf2a5	4	Subject: [PATCH 107/241] x86/cpuid: Replace set/clear_bit32()
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	Peter pointed out that the set/clear_bit32() variants are broken in various
	12	aspects.
	13
	14	Replace them with open coded set/clear_bit() and type cast
	15	cpu_info::x86_capability as it's done in all other places throughout x86.
	16
	17	Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies")
	18	Reported-by: Peter Ziljstra <peterz@infradead.org>
	19	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	20	Cc: Andi Kleen <ak@linux.intel.com>
	21	(cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2)
	22	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	23	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	24	(cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171)
	25	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	26	---
	27	arch/x86/kernel/cpu/cpuid-deps.c \| 26 +++++++++++---------------
	28	1 file changed, 11 insertions(+), 15 deletions(-)
	29
	30	diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
	31	index c21f22d836ad..904b0a3c4e53 100644
	32	--- a/arch/x86/kernel/cpu/cpuid-deps.c
	33	+++ b/arch/x86/kernel/cpu/cpuid-deps.c
	34	@@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = {
	35	{}
	36	};
	37
	38	-static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit)
	39	-{
	40	- clear_bit32(bit, c->x86_capability);
	41	-}
	42	-
	43	-static inline void __setup_clear_cpu_cap(unsigned int bit)
	44	-{
	45	- clear_cpu_cap(&boot_cpu_data, bit);
	46	- set_bit32(bit, cpu_caps_cleared);
	47	-}
	48	-
	49	static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature)
	50	{
	51	- if (!c)
	52	- __setup_clear_cpu_cap(feature);
	53	- else
	54	- __clear_cpu_cap(c, feature);
	55	+ /*
	56	+ * Note: This could use the non atomic __*_bit() variants, but the
	57	+ * rest of the cpufeature code uses atomics as well, so keep it for
	58	+ * consistency. Cleanup all of it separately.
	59	+ */
	60	+ if (!c) {
	61	+ clear_cpu_cap(&boot_cpu_data, feature);
	62	+ set_bit(feature, (unsigned long *)cpu_caps_cleared);
	63	+ } else {
	64	+ clear_bit(feature, (unsigned long *)c->x86_capability);
	65	+ }
	66	}
	67
	68	/* Take the capabilities and the BUG bits into account */
69	--
70	2.14.2
71