CVE-2014-1438 x86: exceptions are not cleared in AMD FXSAVE workaround (rhbz 1053599 1052914)
This commit is contained in:
Josh Boyer
parent
9c8545ae3e
commit
f617e6188b
|
|
@ -763,6 +763,9 @@ Patch25182: Input-ALPS-add-support-for-Dolphin-devices.patch
|
|||
#rhbz 1040128
|
||||
Patch25183: ipv6-route-cache-expiration.patch
|
||||
|
||||
#CVE-2014-1438 rhbz 1053599 1052914
|
||||
Patch25184: x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1465,6 +1468,9 @@ ApplyPatch Input-ALPS-add-support-for-Dolphin-devices.patch
|
|||
#rhbz 1040128
|
||||
ApplyPatch ipv6-route-cache-expiration.patch
|
||||
|
||||
#CVE-2014-1438 rhbz 1053599 1052914
|
||||
ApplyPatch x86-fpu-amd-clear-exceptions-in-amd-fxsave-workaround.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2277,6 +2283,9 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Wed Jan 15 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2014-1438 x86: exceptions are not cleared in AMD FXSAVE workaround (rhbz 1053599 1052914)
|
||||
|
||||
* Tue Jan 14 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Fix k-m-e Provides to be explicit to only the package flavor (rhbz 1046246)
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
Bugzilla: 1053599
|
||||
Upstream-status: 3.13 and 3.12.8
|
||||
|
||||
From 26bef1318adc1b3a530ecc807ef99346db2aa8b0 Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Sat, 11 Jan 2014 19:15:52 -0800
|
||||
Subject: x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
|
||||
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
|
||||
commit 26bef1318adc1b3a530ecc807ef99346db2aa8b0 upstream.
|
||||
|
||||
Before we do an EMMS in the AMD FXSAVE information leak workaround we
|
||||
need to clear any pending exceptions, otherwise we trap with a
|
||||
floating-point exception inside this code.
|
||||
|
||||
Reported-by: halfdog <me@halfdog.net>
|
||||
Tested-by: Borislav Petkov <bp@suse.de>
|
||||
Link: http://lkml.kernel.org/r/CA%2B55aFxQnY_PCG_n4=0w-VG=YLXL-yr7oMxyy0WU2gCBAf3ydg@mail.gmail.com
|
||||
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
|
||||
---
|
||||
arch/x86/include/asm/fpu-internal.h | 13 +++++++------
|
||||
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/arch/x86/include/asm/fpu-internal.h
|
||||
+++ b/arch/x86/include/asm/fpu-internal.h
|
||||
@@ -293,12 +293,13 @@ static inline int restore_fpu_checking(s
|
||||
/* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
|
||||
is pending. Clear the x87 state here by setting it to fixed
|
||||
values. "m" is a random variable that should be in L1 */
|
||||
- alternative_input(
|
||||
- ASM_NOP8 ASM_NOP2,
|
||||
- "emms\n\t" /* clear stack tags */
|
||||
- "fildl %P[addr]", /* set F?P to defined value */
|
||||
- X86_FEATURE_FXSAVE_LEAK,
|
||||
- [addr] "m" (tsk->thread.fpu.has_fpu));
|
||||
+ if (unlikely(static_cpu_has(X86_FEATURE_FXSAVE_LEAK))) {
|
||||
+ asm volatile(
|
||||
+ "fnclex\n\t"
|
||||
+ "emms\n\t"
|
||||
+ "fildl %P[addr]" /* set F?P to defined value */
|
||||
+ : : [addr] "m" (tsk->thread.fpu.has_fpu));
|
||||
+ }
|
||||
|
||||
return fpu_restore_checking(&tsk->thread.fpu);
|
||||
}
|
||||
Loading…
Reference in New Issue