1. 08 3月, 2018 1 次提交
  2. 17 2月, 2018 2 次提交
  3. 15 2月, 2018 2 次提交
  4. 24 1月, 2018 2 次提交
  5. 09 1月, 2018 1 次提交
  6. 06 1月, 2018 1 次提交
  7. 23 12月, 2017 1 次提交
    • P
      x86/microcode: Dont abuse the TLB-flush interface · 23cb7d46
      Peter Zijlstra 提交于
      Commit:
      
        ec400dde ("x86/microcode_intel_early.c: Early update ucode on Intel's CPU")
      
      ... grubbed into tlbflush internals without coherent explanation.
      
      Since it says its a precaution and the SDM doesn't mention anything like
      this, take it out back.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: Eduardo Valentin <eduval@amazon.com>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: aliguori@amazon.com
      Cc: daniel.gruss@iaik.tugraz.at
      Cc: fenghua.yu@intel.com
      Cc: hughd@google.com
      Cc: keescook@google.com
      Cc: linux-mm@kvack.org
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      23cb7d46
  8. 06 12月, 2017 1 次提交
  9. 18 10月, 2017 1 次提交
  10. 14 10月, 2017 1 次提交
  11. 29 8月, 2017 1 次提交
  12. 18 8月, 2017 1 次提交
  13. 25 7月, 2017 1 次提交
    • S
      x86/microcode/AMD: Free unneeded patch before exit from update_cache() · a99f0342
      Shu Wang 提交于
      verify_and_add_patch() allocates memory for a microcode patch and hands
      it down to be added to the cache of patches. However, if the cache
      already has the latest patch, the newly allocated one needs to be freed
      before returning. Do that.
      
      This issue has been found by kmemleak:
      
        unreferenced object 0xffff88010e780b40 (size 32):
          comm "bash", pid 860, jiffies 4294690939 (age 29.297s)
          backtrace:
             kmemleak_alloc
             kmem_cache_alloc_trace
             load_microcode_amd.isra.0
             request_microcode_amd
             reload_store
             dev_attr_store
             sysfs_kf_write
             kernfs_fop_write
             __vfs_write
             vfs_write
             SyS_write
             do_syscall_64
             return_from_SYSCALL_64
             0xffffffffffffffff
      
        (gdb) list *0xffffffff81050d60
        0xffffffff81050d60 is in load_microcode_amd
                      (arch/x86/kernel/cpu/microcode/amd.c:616).
      
      which is this:
      
      	patch = kzalloc(sizeof(*patch), GFP_KERNEL);
      -->	if (!patch) {
      		pr_err("Patch allocation failure.\n");
      		return -EINVAL;
      	}
      Signed-off-by: NShu Wang <shuwang@redhat.com>
      [ Rewrite commit message. ]
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: chuhu@redhat.com
      Cc: liwang@redhat.com
      Link: http://lkml.kernel.org/r/20170724101228.17326-2-bp@alien8.deSigned-off-by: NIngo Molnar <mingo@kernel.org>
      a99f0342
  14. 26 6月, 2017 1 次提交
  15. 20 6月, 2017 2 次提交
  16. 08 6月, 2017 1 次提交
  17. 29 5月, 2017 1 次提交
    • B
      x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug · dac6ca24
      Borislav Petkov 提交于
      With CONFIG_DEBUG_PREEMPT enabled, I get:
      
        BUG: using smp_processor_id() in preemptible [00000000] code: swapper/0/1
        caller is debug_smp_processor_id
        CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc2+ #2
        Call Trace:
         dump_stack
         check_preemption_disabled
         debug_smp_processor_id
         save_microcode_in_initrd_amd
         ? microcode_init
         save_microcode_in_initrd
         ...
      
      because, well, it says it above, we're using smp_processor_id() in
      preemptible code.
      
      But passing the CPU number is not really needed. It is only used to
      determine whether we're on the BSP, and, if so, to save the microcode
      patch for early loading.
      
       [ We don't absolutely need to do it on the BSP but we do that
         customarily there. ]
      
      Instead, convert that function parameter to a boolean which denotes
      whether the patch should be saved or not, thereby avoiding the use of
      smp_processor_id() in preemptible code.
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/20170528200414.31305-1-bp@alien8.deSigned-off-by: NIngo Molnar <mingo@kernel.org>
      dac6ca24
  18. 13 5月, 2017 1 次提交
  19. 18 3月, 2017 1 次提交
  20. 30 1月, 2017 1 次提交
    • B
      x86/microcode: Do not access the initrd after it has been freed · 24c25032
      Borislav Petkov 提交于
      When we look for microcode blobs, we first try builtin and if that
      doesn't succeed, we fallback to the initrd supplied to the kernel.
      
      However, at some point doing boot, that initrd gets jettisoned and we
      shouldn't access it anymore. But we do, as the below KASAN report shows.
      That's because find_microcode_in_initrd() doesn't check whether the
      initrd is still valid or not.
      
      So do that.
      
        ==================================================================
        BUG: KASAN: use-after-free in find_cpio_data
        Read of size 1 by task swapper/1/0
        page:ffffea0000db9d40 count:0 mapcount:0 mapping:          (null) index:0x1
        flags: 0x100000000000000()
        raw: 0100000000000000 0000000000000000 0000000000000001 00000000ffffffff
        raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
        page dumped because: kasan: bad access detected
        CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W       4.10.0-rc5-debug-00075-g2dbde22 #3
        Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 1.2.3 12/01/2016
        Call Trace:
         dump_stack
         ? _atomic_dec_and_lock
         ? __dump_page
         kasan_report_error
         ? pointer
         ? find_cpio_data
         __asan_report_load1_noabort
         ? find_cpio_data
         find_cpio_data
         ? vsprintf
         ? dump_stack
         ? get_ucode_user
         ? print_usage_bug
         find_microcode_in_initrd
         __load_ucode_intel
         ? collect_cpu_info_early
         ? debug_check_no_locks_freed
         load_ucode_intel_ap
         ? collect_cpu_info
         ? trace_hardirqs_on
         ? flat_send_IPI_mask_allbutself
         load_ucode_ap
         ? get_builtin_firmware
         ? flush_tlb_func
         ? do_raw_spin_trylock
         ? cpumask_weight
         cpu_init
         ? trace_hardirqs_off
         ? play_dead_common
         ? native_play_dead
         ? hlt_play_dead
         ? syscall_init
         ? arch_cpu_idle_dead
         ? do_idle
         start_secondary
         start_cpu
        Memory state around the buggy address:
         ffff880036e74f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
         ffff880036e74f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
        >ffff880036e75000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                           ^
         ffff880036e75080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
         ffff880036e75100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
        ==================================================================
      Reported-by: NAndrey Ryabinin <aryabinin@virtuozzo.com>
      Tested-by: NAndrey Ryabinin <aryabinin@virtuozzo.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/20170126165833.evjemhbqzaepirxo@pd.tnicSigned-off-by: NIngo Molnar <mingo@kernel.org>
      24c25032
  21. 23 1月, 2017 14 次提交
  22. 10 1月, 2017 2 次提交