[pve-kernel.git] / patches / kernel / 0135-x86-decoder-Add-new-TEST-instruction-pattern.patch

From 73c945c5114ca89d182b9fbab0b38c8afd2da375 Mon Sep 17 00:00:00 2001
From: Masami Hiramatsu <mhiramat@kernel.org>
Date: Fri, 24 Nov 2017 13:56:30 +0900
Subject: [PATCH 135/241] x86/decoder: Add new TEST instruction pattern
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

The kbuild test robot reported this build warning:

  Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c

  Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
  Warning: objdump says 3 bytes, but insn_get_length() says 2
  Warning: decoded and checked 1569014 instructions with 1 warnings

This sequence seems to be a new instruction not in the opcode map in the Intel SDM.

The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
the ModR/M Byte (bits 2,1,0 in parenthesis)"

In that table, opcodes listed by the index REG bits as:

  000         001       010 011  100        101        110         111
 TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX

So, it seems TEST Ib is assigned to 001.

Add the new pattern.

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 2cf68f74af0a6cf808ad03f0d528c72b03c89cc7)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 8896d68f8ff2a97b91279221ddaba73664c5161d)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/lib/x86-opcode-map.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
index aa2270dc9e87..e0b85930dd77 100644
--- a/arch/x86/lib/x86-opcode-map.txt
+++ b/arch/x86/lib/x86-opcode-map.txt
@@ -896,7 +896,7 @@ EndTable
 
 GrpTable: Grp3_1
 0: TEST Eb,Ib
-1:
+1: TEST Eb,Ib
 2: NOT Eb
 3: NEG Eb
 4: MUL AL,Eb
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From 73c945c5114ca89d182b9fbab0b38c8afd2da375 Mon Sep 17 00:00:00 2001
	2	From: Masami Hiramatsu <mhiramat@kernel.org>
	3	Date: Fri, 24 Nov 2017 13:56:30 +0900
e4cdf2a5	4	Subject: [PATCH 135/241] x86/decoder: Add new TEST instruction pattern
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	The kbuild test robot reported this build warning:
	12
	13	Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c
	14
	15	Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
	16	Warning: objdump says 3 bytes, but insn_get_length() says 2
	17	Warning: decoded and checked 1569014 instructions with 1 warnings
	18
	19	This sequence seems to be a new instruction not in the opcode map in the Intel SDM.
	20
	21	The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
	22	Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
	23	the ModR/M Byte (bits 2,1,0 in parenthesis)"
	24
	25	In that table, opcodes listed by the index REG bits as:
	26
	27	000 001 010 011 100 101 110 111
	28	TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX
	29
	30	So, it seems TEST Ib is assigned to 001.
	31
	32	Add the new pattern.
	33
	34	Reported-by: kbuild test robot <fengguang.wu@intel.com>
	35	Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
	36	Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	37	Cc: <stable@vger.kernel.org>
	38	Cc: H. Peter Anvin <hpa@zytor.com>
	39	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	40	Cc: Peter Zijlstra <peterz@infradead.org>
	41	Cc: Thomas Gleixner <tglx@linutronix.de>
	42	Cc: linux-kernel@vger.kernel.org
	43	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	44	(cherry picked from commit 2cf68f74af0a6cf808ad03f0d528c72b03c89cc7)
	45	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	46	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	47	(cherry picked from commit 8896d68f8ff2a97b91279221ddaba73664c5161d)
	48	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	49	---
	50	arch/x86/lib/x86-opcode-map.txt \| 2 +-
	51	1 file changed, 1 insertion(+), 1 deletion(-)
	52
	53	diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
	54	index aa2270dc9e87..e0b85930dd77 100644
	55	--- a/arch/x86/lib/x86-opcode-map.txt
	56	+++ b/arch/x86/lib/x86-opcode-map.txt
	57	@@ -896,7 +896,7 @@ EndTable
	58
	59	GrpTable: Grp3_1
	60	0: TEST Eb,Ib
	61	-1:
	62	+1: TEST Eb,Ib
	63	2: NOT Eb
	64	3: NEG Eb
	65	4: MUL AL,Eb
	66	--
	67	2.14.2
	68