linux-stable/arch/x86/kernel/cpu
Zhang Zixun de768416b2 x86/mce/inject: Avoid out-of-bounds write when setting flags
A contrived zero-length write, for example, by using write(2):

  ...
  ret = write(fd, str, 0);
  ...

to the "flags" file causes:

  BUG: KASAN: stack-out-of-bounds in flags_write
  Write of size 1 at addr ffff888019be7ddf by task writefile/3787

  CPU: 4 PID: 3787 Comm: writefile Not tainted 5.16.0-rc7+ #12
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014

due to accessing buf one char before its start.

Prevent such out-of-bounds access.

  [ bp: Productize into a proper patch. Link below is the next best
    thing because the original mail didn't get archived on lore. ]

Fixes: 0451d14d05 ("EDAC, mce_amd_inj: Modify flags attribute to use string arguments")
Signed-off-by: Zhang Zixun <zhang133010@icloud.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/linux-edac/YcnePfF1OOqoQwrX@zn.tnic/
2021-12-28 11:45:36 +01:00
..
mce x86/mce/inject: Avoid out-of-bounds write when setting flags 2021-12-28 11:45:36 +01:00
microcode x86/microcode: Use the firmware_loader built-in API 2021-10-22 14:13:50 +02:00
mtrr x86/mtrr: Replace deprecated CPU-hotplug functions. 2021-08-10 14:46:27 +02:00
resctrl x86/resctrl: Fix kfree() of the wrong type in domain_add_cpu() 2021-10-06 18:45:27 +02:00
sgx x86/sgx/virt: implement SGX_IOC_VEPC_REMOVE ioctl 2021-10-22 08:32:12 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
acrn.c x86/acrn: Introduce acrn_cpuid_base() and hypervisor feature bits 2021-02-09 10:58:18 +01:00
amd.c x86/cpu: Fix migration safety with X86_BUG_NULL_SEL 2021-10-21 20:49:16 +02:00
aperfmperf.c x86/cpu: Avoid cpuinfo-induced IPIing of idle CPUs 2020-11-06 16:59:11 -08:00
bugs.c seccomp updates for v5.16-rc1 2021-11-01 17:25:09 -07:00
cacheinfo.c sched: Add cluster scheduler level for x86 2021-10-15 11:25:16 +02:00
centaur.c x86/cpu/centaur: Add Centaur family >=7 CPUs initialization support 2020-09-11 10:53:19 +02:00
common.c - Start checking a CPUID bit on AMD Zen3 which states that the CPU 2021-11-01 15:33:54 -07:00
cpu.h x86/cpu: Fix migration safety with X86_BUG_NULL_SEL 2021-10-21 20:49:16 +02:00
cpuid-deps.c x86/fpu: Optimize out sigframe xfeatures when in init state 2021-11-03 22:42:35 +01:00
cyrix.c x86: Fix various typos in comments 2021-03-18 15:31:53 +01:00
feat_ctl.c x86/cpu/intel: Allow SGX virtualization without Launch Control support 2021-04-06 09:43:41 +02:00
hygon.c x86/cpu: Fix migration safety with X86_BUG_NULL_SEL 2021-10-21 20:49:16 +02:00
hypervisor.c x86/paravirt: Remove const mark from x86_hyper_xen_hvm variable 2019-07-17 08:09:59 +02:00
intel.c Changes in this cycle were: 2021-06-28 13:30:02 -07:00
intel_epb.c
intel_pconfig.c
Makefile x86/CPU: Add support for Vortex CPUs 2021-10-21 15:49:07 +02:00
match.c x86/cpu: Add a steppings field to struct x86_cpu_id 2020-04-20 12:19:21 +02:00
mkcapflags.sh x86/cpu: Print VMX flags in /proc/cpuinfo using VMX_FEATURES_* 2020-01-13 18:36:02 +01:00
mshyperv.c x86/hyperv: Initialize shared memory boundary in the Isolation VM. 2021-10-28 10:47:52 +00:00
perfctr-watchdog.c x86/nmi_watchdog: Fix old-style NMI watchdog regression on old Intel CPUs 2021-06-10 10:04:40 +02:00
powerflags.c
proc.c x86/cpu: Print VMX flags in /proc/cpuinfo using VMX_FEATURES_* 2020-01-13 18:36:02 +01:00
rdrand.c x86/rdrand: Sanity-check RDRAND output 2019-10-01 19:55:32 +02:00
scattered.c x86/cpufeatures: Add SGX1 and SGX2 sub-features 2021-03-25 17:33:11 +01:00
topology.c x86: Fix various typos in comments 2021-03-18 15:31:53 +01:00
transmeta.c
tsx.c x86/tsx: Clear CPUID bits when TSX always force aborts 2021-06-15 17:46:48 +02:00
umc.c
umwait.c KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL 2020-06-22 20:54:57 -04:00
vmware.c Have vmware guests skip the refined TSC calibration when the TSC 2021-04-26 09:13:43 -07:00
vortex.c x86/CPU: Add support for Vortex CPUs 2021-10-21 15:49:07 +02:00
zhaoxin.c x86/cpu: Reinitialize IA32_FEAT_CTL MSR on BSP during wakeup 2020-06-15 14:18:37 +02:00