mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 14:19:16 +00:00
dd853fd216
A negative number can be specified in the cmdline which will be used as
setup_clear_cpu_cap() argument. With that we can clear/set some bit in
memory predceeding boot_cpu_data/cpu_caps_cleared which may cause kernel
to misbehave. This patch adds lower bound check to setup_disablecpuid().
Boris Petkov reproduced a crash:
[ 1.234575] BUG: unable to handle kernel paging request at ffffffff858bd540
[ 1.236535] IP: memcpy_erms+0x6/0x10
Signed-off-by: Lukasz Odzioba <lukasz.odzioba@intel.com>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: andi.kleen@intel.com
Cc: bp@alien8.de
Cc: dave.hansen@linux.intel.com
Cc: luto@kernel.org
Cc: slaoub@gmail.com
Fixes:
|
||
---|---|---|
.. | ||
mcheck | ||
microcode | ||
mtrr | ||
.gitignore | ||
amd.c | ||
bugs.c | ||
centaur.c | ||
common.c | ||
cpu.h | ||
cyrix.c | ||
hypervisor.c | ||
intel.c | ||
intel_cacheinfo.c | ||
intel_rdt.c | ||
intel_rdt_rdtgroup.c | ||
intel_rdt_schemata.c | ||
Makefile | ||
match.c | ||
mkcapflags.sh | ||
mshyperv.c | ||
perfctr-watchdog.c | ||
powerflags.c | ||
proc.c | ||
rdrand.c | ||
scattered.c | ||
topology.c | ||
transmeta.c | ||
umc.c | ||
vmware.c |