patches/kernel/0107-x86-cpuid-Replace-set-clear_bit32.patch

   1 From 3e535e66c0bd546a1891c3a8ad6bf6aae7a0829e Mon Sep 17 00:00:00 2001
   2 From: Thomas Gleixner <tglx@linutronix.de>
   3 Date: Thu, 2 Nov 2017 13:22:35 +0100
   4 Subject: [PATCH 107/233] x86/cpuid: Replace set/clear_bit32()
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 Peter pointed out that the set/clear_bit32() variants are broken in various
  12 aspects.
  13
  14 Replace them with open coded set/clear_bit() and type cast
  15 cpu_info::x86_capability as it's done in all other places throughout x86.
  16
  17 Fixes: 0b00de857a64 ("x86/cpuid: Add generic table for CPUID dependencies")
  18 Reported-by: Peter Ziljstra <peterz@infradead.org>
  19 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  20 Cc: Andi Kleen <ak@linux.intel.com>
  21 (cherry picked from commit 06dd688ddda5819025e014b79aea9af6ab475fa2)
  22 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  23 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  24 (cherry picked from commit 3e511952bc3ff9b233d418b0a75a8331deb08171)
  25 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  26 ---
  27  arch/x86/kernel/cpu/cpuid-deps.c | 26 +++++++++++---------------
  28  1 file changed, 11 insertions(+), 15 deletions(-)
  29
  30 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
  31 index c21f22d836ad..904b0a3c4e53 100644
  32 --- a/arch/x86/kernel/cpu/cpuid-deps.c
  33 +++ b/arch/x86/kernel/cpu/cpuid-deps.c
  34 @@ -62,23 +62,19 @@ const static struct cpuid_dep cpuid_deps[] = {
  35         {}
  36  };
  37
  38 -static inline void __clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit)
  39 -{
  40 -       clear_bit32(bit, c->x86_capability);
  41 -}
  42 -
  43 -static inline void __setup_clear_cpu_cap(unsigned int bit)
  44 -{
  45 -       clear_cpu_cap(&boot_cpu_data, bit);
  46 -       set_bit32(bit, cpu_caps_cleared);
  47 -}
  48 -
  49  static inline void clear_feature(struct cpuinfo_x86 *c, unsigned int feature)
  50  {
  51 -       if (!c)
  52 -               __setup_clear_cpu_cap(feature);
  53 -       else
  54 -               __clear_cpu_cap(c, feature);
  55 +       /*
  56 +        * Note: This could use the non atomic __*_bit() variants, but the
  57 +        * rest of the cpufeature code uses atomics as well, so keep it for
  58 +        * consistency. Cleanup all of it separately.
  59 +        */
  60 +       if (!c) {
  61 +               clear_cpu_cap(&boot_cpu_data, feature);
  62 +               set_bit(feature, (unsigned long *)cpu_caps_cleared);
  63 +       } else {
  64 +               clear_bit(feature, (unsigned long *)c->x86_capability);
  65 +       }
  66  }
  67
  68  /* Take the capabilities and the BUG bits into account */
  69 --
  70 2.14.2
  71