proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-01-24 09:28:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2777cae2b1
mirror_ubuntu-kernels/arch/x86/kernel
History
Ingo Molnar 2777cae2b1 x86/paravirt: Detect over-sized patching bugs in paravirt_patch_insns() 
So paravirt_patch_insns() contains this gem of logic:

unsigned paravirt_patch_insns(void *insnbuf, unsigned len,
                              const char *start, const char *end)
{
        unsigned insn_len = end - start;

        if (insn_len > len || start == NULL)
                insn_len = len;
        else
                memcpy(insnbuf, start, insn_len);

        return insn_len;
}

Note how 'len' (size of the original instruction) is checked against the new
instruction, and silently discarded with no warning printed whatsoever.

This crashes the kernel in funny ways if the patching template is buggy,
and usually in much later places.

Instead do a direct BUG_ON(), there's no way to continue successfully at that point.

I've tested this patch, with the vanilla kernel check never triggers, and
if I intentionally increase the size of one of the patch templates to a
too high value the assert triggers:

[    0.164385] kernel BUG at arch/x86/kernel/paravirt.c:167!

Without this patch a broken kernel randomly crashes in later places,
after the silent patching failure.

Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20190425091717.GA72229@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-04-25 12:00:31 +02:00
..
acpi treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
apic treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
cpu x86/cpu/intel: Lower the "ENERGY_PERF_BIAS: Set to normal" message's log priority 2019-04-19 19:23:13 +02:00
fpu x86/fpu: Move init_xstate_size() to __init section 2019-02-08 14:32:34 +01:00
kprobes x86/kprobes: Avoid kretprobe recursion bug 2019-04-19 14:26:07 +02:00
.gitignore
alternative.c Merge branch 'x86-alternatives-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-06 08:45:46 -08:00
amd_gart_64.c x86/amd_gart: fix unmapping of non-GART mappings 2019-01-05 08:27:32 +01:00
amd_nb.c x86/amd_nb: Add PCI device IDs for family 17h, model 30h 2018-11-07 21:36:09 +01:00
apb_timer.c
aperture_64.c x86/gart: Exclude GART aperture from kcore 2019-03-23 12:11:49 +01:00
apm_32.c x86/APM: Fix build warning when PROC_FS is not enabled 2018-09-15 10:16:25 +02:00
asm-offsets_32.c x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler 2018-07-20 01:11:36 +02:00
asm-offsets_64.c x86/paravirt: Move the pv_irq_ops under the PARAVIRT_XXL umbrella 2018-09-03 16:50:36 +02:00
asm-offsets.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
audit_64.c
bootflag.c
check.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
cpuid.c x86/cpuid: Allow cpuid_read() to schedule 2018-03-27 12:01:48 +02:00
crash_dump_32.c
crash_dump_64.c x86: Fix various typos in comments 2018-12-03 10:49:13 +01:00
crash.c x86/kexec: Fix a kexec_file_load() failure 2019-01-15 12:12:50 +01:00
devicetree.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
doublefault.c
dumpstack_32.c
dumpstack_64.c
dumpstack.c x86/process: Don't mix user/kernel regs in 64bit __show_regs() 2018-09-06 14:33:12 +02:00
e820.c Merge branch 'akpm' (patches from Andrew) 2019-03-12 10:39:53 -07:00
early_printk.c efi/x86: Convert x86 EFI earlyprintk into generic earlycon implementation 2019-02-04 08:27:30 +01:00
early-quirks.c On GEM side: 2018-07-20 12:29:24 +10:00
ebda.c
eisa.c x86/EISA: Don't probe EISA bus for Xen PV guests 2018-09-11 23:36:50 +02:00
espfix_64.c x86/espfix: Document use of _PAGE_GLOBAL 2018-04-09 18:27:33 +02:00
ftrace_32.S
ftrace_64.S x86/ftrace: Do not call function graph from dynamic trampolines 2018-12-19 22:43:37 -05:00
ftrace.c The biggest change for this release is in the histogram code. 2019-03-11 17:01:32 -07:00
head32.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head64.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head_32.S x86/pgtable/32: Allocate 8k page-tables when PTI is enabled 2018-07-20 01:11:41 +02:00
head_64.S xen/pvh: Split CONFIG_XEN_PVH into CONFIG_PVH and CONFIG_XEN_PVH 2018-12-13 13:41:49 -05:00
hpet.c x86/hpet: Prevent potential NULL pointer dereference 2019-03-21 12:24:38 +01:00
hw_breakpoint.c x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error 2019-03-22 17:08:17 +01:00
i8237.c x86/i8237: Register device based on FADT legacy boot flag 2018-04-27 16:44:29 +02:00
i8253.c
i8259.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
idt.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
ima_arch.c x86/ima: retry detecting secure boot mode 2018-12-11 07:19:45 -05:00
io_delay.c
ioport.c x86/ioport: add ksys_ioperm() helper; remove in-kernel calls to sys_ioperm() 2018-04-02 20:16:12 +02:00
irq_32.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irq_64.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irq_work.c
irq.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
irqflags.S x86/paravirt: Make native_save_fl() extern inline 2018-07-03 10:56:27 +02:00
irqinit.c x86: Don't include linux/irq.h from asm/hardirq.h 2018-08-05 09:53:13 +02:00
itmt.c
jailhouse.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
jump_label.c jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
kdebugfs.c
kexec-bzimage64.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-03-10 17:32:04 -07:00
kgdb.c x86/kernel: Mark expected switch-case fall-throughs 2019-01-26 11:19:13 +01:00
ksysfs.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
kvm.c KVM: x86: WARN_ONCE if sending a PV IPI returns a fatal error 2019-01-25 19:11:33 +01:00
kvmclock.c x86: kvmguest: use TSC clocksource if invariant TSC is exposed 2019-02-20 22:48:52 +01:00
ldt.c x86/ldt: Remove unused variable in map_ldt_struct() 2018-11-06 21:35:11 +01:00
livepatch.c
machine_kexec_32.c x86/kexec: Allocate 8k PGDs for PTI 2018-07-30 13:53:48 +02:00
machine_kexec_64.c x86/kdump: Export the SME mask to vmcoreinfo 2019-01-11 16:09:25 +01:00
Makefile jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
mmconf-fam10h_64.c
module.c x86: Add support for 64-bit place relative relocations 2018-09-27 17:56:47 +02:00
mpparse.c x86/mm: Don't leak kernel addresses 2019-03-19 12:10:56 +01:00
msr.c x86: Clean up 'sizeof x' => 'sizeof(x)' 2018-10-29 07:13:28 +01:00
nmi_selftest.c
nmi.c
paravirt_patch_32.c x86/paravirt: Remove bogus extern declarations 2019-04-25 11:35:55 +02:00
paravirt_patch_64.c x86/paravirt: Remove bogus extern declarations 2019-04-25 11:35:55 +02:00
paravirt-spinlocks.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
paravirt.c x86/paravirt: Detect over-sized patching bugs in paravirt_patch_insns() 2019-04-25 12:00:31 +02:00
pci-calgary_64.c x86/calgary: remove the mapping_error dma_map_ops method 2018-12-06 06:56:46 -08:00
pci-dma.c dma-mapping: bypass indirect calls for dma-direct 2018-12-13 21:06:18 +01:00
pci-iommu_table.c x86/iommu: Use NULL instead of 0 2018-08-02 14:33:19 +02:00
pci-swiotlb.c dma-direct: merge swiotlb_dma_ops into the dma_direct code 2018-12-13 21:06:17 +01:00
pcspeaker.c x86/platform/pcspeaker: Use PTR_ERR_OR_ZERO() to fix ptr_ret.cocci warning 2018-07-24 09:46:42 +02:00
perf_regs.c perf/x86: Store user space frame-pointer value on a sample 2018-05-25 08:11:12 +02:00
platform-quirks.c x86/i8237: Register device based on FADT legacy boot flag 2018-04-27 16:44:29 +02:00
pmem.c
probe_roms.c
process_32.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 17:37:51 -08:00
process_64.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 18:08:18 -08:00
process.c x86/speculation: Prevent deadlock on ssb_state::lock 2019-04-14 23:05:52 +02:00
process.h x86/speculation: Change misspelled STIPB to STIBP 2018-12-06 11:49:15 +01:00
ptrace.c x86/fsgsbase/64: Fix the base write helper functions 2018-12-18 14:26:09 +01:00
pvclock.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
quirks.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
reboot_fixups_32.c
reboot.c x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T 2019-04-16 10:01:24 +02:00
relocate_kernel_32.S
relocate_kernel_64.S
resource.c
rtc.c x86: Convert x86_platform_ops to timespec64 2018-05-19 14:03:14 +02:00
setup_percpu.c memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
setup.c Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-01-05 13:25:58 -08:00
signal_compat.c signal: Add TRAP_UNK si_code for undiagnosted trap exceptions 2018-04-25 10:40:56 -05:00
signal.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
smp.c x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d 2018-08-05 09:53:13 +02:00
smpboot.c Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-07 16:36:57 -08:00
stacktrace.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
step.c
sys_x86_64.c x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT 2018-11-01 12:59:25 +01:00
sysfb_efi.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
sysfb_simplefb.c
sysfb.c
tboot.c iommu/vtd: Cleanup dma_remapping.h header 2018-11-12 14:22:56 +01:00
tce_64.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
time.c Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 19:07:25 +01:00
tls.c
tls.h
topology.c x86/xen: Disable CPU0 hotplug for Xen PV 2018-09-12 21:15:02 +02:00
trace_clock.c
tracepoint.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
traps.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-07 17:09:28 -08:00
tsc_msr.c x86/cpu: Sanitize FAM6_ATOM naming 2018-10-02 10:14:32 +02:00
tsc_sync.c
tsc.c x86/tsc: Make calibration refinement more robust 2018-11-06 21:53:15 +01:00
umip.c signal/x86: Use force_sig_fault where appropriate 2018-09-21 15:30:54 +02:00
unwind_frame.c x86/unwind: Handle NULL pointer calls better in frame unwinder 2019-03-06 23:03:26 +01:00
unwind_guess.c
unwind_orc.c x86/unwind: Add hardcoded ORC entry for NULL 2019-03-06 23:03:26 +01:00
uprobes.c x86/kernel: Mark expected switch-case fall-throughs 2019-01-26 11:19:13 +01:00
verify_cpu.S
vm86_32.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
vmlinux.lds.S x86/build/lto: Fix truncated .bss with -fdata-sections 2019-04-16 08:20:55 +02:00
vsmp_64.c x86/vsmp: Remove dependency on pv_irq_ops 2018-11-06 21:35:11 +01:00
x86_init.c x86/acpi, x86/boot: Take RSDP address for boot params if available 2018-10-10 10:44:22 +02:00