patches/kernel/0135-x86-decoder-Add-new-TEST-instruction-pattern.patch

   1 From 73c945c5114ca89d182b9fbab0b38c8afd2da375 Mon Sep 17 00:00:00 2001
   2 From: Masami Hiramatsu <mhiramat@kernel.org>
   3 Date: Fri, 24 Nov 2017 13:56:30 +0900
   4 Subject: [PATCH 135/232] x86/decoder: Add new TEST instruction pattern
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 The kbuild test robot reported this build warning:
  12
  13   Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c
  14
  15   Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx)
  16   Warning: objdump says 3 bytes, but insn_get_length() says 2
  17   Warning: decoded and checked 1569014 instructions with 1 warnings
  18
  19 This sequence seems to be a new instruction not in the opcode map in the Intel SDM.
  20
  21 The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8.
  22 Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of
  23 the ModR/M Byte (bits 2,1,0 in parenthesis)"
  24
  25 In that table, opcodes listed by the index REG bits as:
  26
  27   000         001       010 011  100        101        110         111
  28  TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX
  29
  30 So, it seems TEST Ib is assigned to 001.
  31
  32 Add the new pattern.
  33
  34 Reported-by: kbuild test robot <fengguang.wu@intel.com>
  35 Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
  36 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  37 Cc: <stable@vger.kernel.org>
  38 Cc: H. Peter Anvin <hpa@zytor.com>
  39 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  40 Cc: Peter Zijlstra <peterz@infradead.org>
  41 Cc: Thomas Gleixner <tglx@linutronix.de>
  42 Cc: linux-kernel@vger.kernel.org
  43 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  44 (cherry picked from commit 2cf68f74af0a6cf808ad03f0d528c72b03c89cc7)
  45 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  46 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  47 (cherry picked from commit 8896d68f8ff2a97b91279221ddaba73664c5161d)
  48 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  49 ---
  50  arch/x86/lib/x86-opcode-map.txt | 2 +-
  51  1 file changed, 1 insertion(+), 1 deletion(-)
  52
  53 diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
  54 index aa2270dc9e87..e0b85930dd77 100644
  55 --- a/arch/x86/lib/x86-opcode-map.txt
  56 +++ b/arch/x86/lib/x86-opcode-map.txt
  57 @@ -896,7 +896,7 @@ EndTable
  58
  59  GrpTable: Grp3_1
  60  0: TEST Eb,Ib
  61 -1:
  62 +1: TEST Eb,Ib
  63  2: NOT Eb
  64  3: NEG Eb
  65  4: MUL AL,Eb
  66 --
  67 2.14.2
  68