1. 09 Jun, 2020 2 commits
    • Oleg Nesterov's avatar
      uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned · 013b2deb
      Oleg Nesterov authored
      uprobe_write_opcode() must not cross page boundary; prepare_uprobe()
      relies on arch_uprobe_analyze_insn() which should validate "vaddr" but
      some architectures (csky, s390, and sparc) don't do this.
      
      We can remove the BUG_ON() check in prepare_uprobe() and validate the
      offset early in __uprobe_register(). The new IS_ALIGNED() check matches
      the alignment check in arch_prepare_kprobe() on supported architectures,
      so I think that all insns must be aligned to UPROBE_SWBP_INSN_SIZE.
      
      Another problem is __update_ref_ctr() which was wrong from the very
      beginning, it can read/write outside of kmap'ed page unless "vaddr" is
      aligned to sizeof(short), __uprobe_register() should check this too.
      Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reviewed-by: default avatarSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Tested-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      013b2deb
    • Linus Torvalds's avatar
      Merge branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8b4d37db
      Linus Torvalds authored
      Pull x86 srbds fixes from Thomas Gleixner:
       "The 9th episode of the dime novel "The performance killer" with the
        subtitle "Slow Randomizing Boosts Denial of Service".
      
        SRBDS is an MDS-like speculative side channel that can leak bits from
        the random number generator (RNG) across cores and threads. New
        microcode serializes the processor access during the execution of
        RDRAND and RDSEED. This ensures that the shared buffer is overwritten
        before it is released for reuse. This is equivalent to a full bus
        lock, which means that many threads running the RNG instructions in
        parallel have the same effect as the same amount of threads issuing a
        locked instruction targeting an address which requires locking of two
        cachelines at once.
      
        The mitigation support comes with the usual pile of unpleasant
        ingredients:
      
         - command line options
      
         - sysfs file
      
         - microcode checks
      
         - a list of vulnerable CPUs identified by model and stepping this
           time which requires stepping match support for the cpu match logic.
      
         - the inevitable slowdown of affected CPUs"
      
      * branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/speculation: Add Ivy Bridge to affected list
        x86/speculation: Add SRBDS vulnerability and mitigation documentation
        x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
        x86/cpu: Add 'table' argument to cpu_matches()
      8b4d37db
  2. 08 Jun, 2020 38 commits