leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
57b8b1a185
linux/arch/x86/kernel/cpu
History
Thomas Gleixner 57b8b1a185 x86/cpuid: Prevent out of bound access in do_clear_cpu_cap() 
do_clear_cpu_cap() allocates a bitmap to keep track of disabled feature
dependencies. That bitmap is sized NCAPINTS * BITS_PER_INIT. The possible
'features' which can be handed in are larger than this, because after the
capabilities the bug 'feature' bits occupy another 32bit. Not really
obvious...

So clearing any of the misfeature bits, as 32bit does for the F00F bug,
accesses that bitmap out of bounds thereby corrupting the stack.

Size the bitmap proper and add a sanity check to catch accidental out of
bound access.

Fixes: 0b00de857a ("x86/cpuid: Add generic table for CPUID dependencies")
Reported-by: kernel test robot <xiaolong.ye@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Link: https://lkml.kernel.org/r/20171018022023.GA12058@yexl-desktop
2017-10-18 20:03:34 +02:00
..
mcheck Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 17:43:56 -07:00
microcode Merge branch 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 11:11:57 -07:00
mtrr x86/mtrr: Prevent CPU hotplug lock recursion 2017-08-15 13:03:47 +02:00
.gitignore
amd.c x86/cpu/AMD: Fix erratum 1076 (CPB bit) 2017-09-15 11:30:53 +02:00
aperfmperf.c cpufreq: x86: Disable interrupts during MSRs reading 2017-08-11 01:27:41 +02:00
bugs.c x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier 2017-09-17 18:59:08 +02:00
centaur.c Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-01 20:51:12 -07:00
common.c x86/fpu: Parse clearcpuid= as early XSAVE argument 2017-10-17 17:14:57 +02:00
cpu.h
cpuid-deps.c x86/cpuid: Prevent out of bound access in do_clear_cpu_cap() 2017-10-18 20:03:34 +02:00
cyrix.c x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC 2017-06-05 08:34:20 +02:00
hypervisor.c x86/cpu: remove hypervisor specific set_cpu_features 2017-05-02 11:14:30 +02:00
intel_cacheinfo.c x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask 2017-08-10 17:37:43 +02:00
intel_rdt_ctrlmondata.c x86/intel_rdt/mbm: Add mbm counter initialization 2017-08-01 22:41:29 +02:00
intel_rdt_monitor.c x86/intel_rdt/cqm: Improve limbo list processing 2017-08-16 12:05:41 +02:00
intel_rdt_rdtgroup.c x86/intel_rdt: Remove redundant ternary operator on return 2017-08-16 16:20:55 +02:00
intel_rdt.c x86/intel_rdt: Turn off most RDT features on Skylake 2017-08-25 22:00:45 +02:00
intel_rdt.h x86/intel_rdt/cqm: Improve limbo list processing 2017-08-16 12:05:41 +02:00
intel.c x86/arch_prctl: Add ARCH_[GET|SET]_CPUID 2017-03-20 16:10:34 +01:00
Makefile x86/cpuid: Add generic table for CPUID dependencies 2017-10-17 17:14:57 +02:00
match.c x86/kernel: Audit and remove any unnecessary uses of module.h 2016-07-14 15:06:41 +02:00
mkcapflags.sh
mshyperv.c x86/hyper-V: Allocate the IDT entry early in boot 2017-09-13 11:02:26 +02:00
perfctr-watchdog.c x86/kernel: Audit and remove any unnecessary uses of module.h 2016-07-14 15:06:41 +02:00
powerflags.c x86/cpu: Add advanced power management bits 2016-03-29 11:12:11 +02:00
proc.c x86: do not use cpufreq_quick_get() for /proc/cpuinfo "cpu MHz" 2017-06-24 01:45:47 +02:00
rdrand.c x86, asm: Use CC_SET()/CC_OUT() and static_cpu_has() in archrandom.h 2016-06-08 12:41:20 -07:00
scattered.c x86/cpu/AMD: Add the Secure Memory Encryption CPU feature 2017-07-18 11:37:59 +02:00
topology.c
transmeta.c Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-07 14:42:34 -08:00
umc.c
vmware.c vmware: set cpu capabilities during platform initialization 2017-05-02 11:14:24 +02:00