| Message ID | 1296579135-768-2-git-send-email-apw@canonical.com |
|---|---|
| State | Accepted |
| Commit | aee247401bd9a9413c712b8404fa2599ea7d05b2 |
| Headers | show |
On 02/01/2011 09:52 AM, Andy Whitcroft wrote: > From: Thomas Gleixner<tglx@linutronix.de> > > The exception fixup for the futex macros __futex_atomic_op1/2 and > futex_atomic_cmpxchg_inatomic() is missing an entry when the lock > prefix is replaced by a NOP via SMP alternatives. > > Chuck Ebert tracked this down from the information provided in: > https://bugzilla.redhat.com/show_bug.cgi?id=429412 > > A possible solution would be to add another fixup after the > LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the > exception table, but it's not really worth the trouble. > > Simply replace LOCK_PREFIX with lock and keep those untouched by SMP > alternatives. > > Signed-off-by: Thomas Gleixner<tglx@linutronix.de> > Signed-off-by: Ingo Molnar<mingo@elte.hu> > [cebbert@redhat.com: backport to 2.6.24] > Signed-off-by: Chris Wright<chrisw@sous-sol.org> > Signed-off-by: Greg Kroah-Hartman<gregkh@suse.de> > Signed-off-by: Stefan Bader<stefan.bader@canonical.com> > > CVE-2010-3086 > BugLink: http://bugs.launchpad.net/bugs/706060 > (backported from commit 9d55b9923a1b7ea8193b8875c57ec940dc2ff027 upstream) > Signed-off-by: Andy Whitcroft<apw@canonical.com> > --- > include/asm-i386/futex.h | 4 ++-- > include/asm-x86_64/futex.h | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/include/asm-i386/futex.h b/include/asm-i386/futex.h > index e7a271d..33b574d 100644 > --- a/include/asm-i386/futex.h > +++ b/include/asm-i386/futex.h > @@ -28,7 +28,7 @@ > "1: movl %2, %0\n\ > movl %0, %3\n" \ > insn "\n" \ > -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ > +"2: lock ; cmpxchgl %3, %2\n\ > jnz 1b\n\ > 3: .section .fixup,\"ax\"\n\ > 4: mov %5, %1\n\ > @@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) > #endif > switch (op) { > case FUTEX_OP_ADD: > - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, > + __futex_atomic_op1("lock ; xaddl %0, %2", ret, > oldval, uaddr, oparg); > break; > case FUTEX_OP_OR: > diff --git a/include/asm-x86_64/futex.h b/include/asm-x86_64/futex.h > index 8602c09..d74be2a 100644 > --- a/include/asm-x86_64/futex.h > +++ b/include/asm-x86_64/futex.h > @@ -27,7 +27,7 @@ > "1: movl %2, %0\n\ > movl %0, %3\n" \ > insn "\n" \ > -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ > +"2: lock ; cmpxchgl %3, %2\n\ > jnz 1b\n\ > 3: .section .fixup,\"ax\"\n\ > 4: mov %5, %1\n\ > @@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) > __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); > break; > case FUTEX_OP_ADD: > - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval, > + __futex_atomic_op1("lock ; xaddl %0, %2", ret, oldval, > uaddr, oparg); > break; > case FUTEX_OP_OR: Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 02/01/2011 05:52 PM, Andy Whitcroft wrote: > From: Thomas Gleixner <tglx@linutronix.de> > > The exception fixup for the futex macros __futex_atomic_op1/2 and > futex_atomic_cmpxchg_inatomic() is missing an entry when the lock > prefix is replaced by a NOP via SMP alternatives. > > Chuck Ebert tracked this down from the information provided in: > https://bugzilla.redhat.com/show_bug.cgi?id=429412 > > A possible solution would be to add another fixup after the > LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the > exception table, but it's not really worth the trouble. > > Simply replace LOCK_PREFIX with lock and keep those untouched by SMP > alternatives. > > Signed-off-by: Thomas Gleixner <tglx@linutronix.de> > Signed-off-by: Ingo Molnar <mingo@elte.hu> > [cebbert@redhat.com: backport to 2.6.24] > Signed-off-by: Chris Wright <chrisw@sous-sol.org> > Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> > Signed-off-by: Stefan Bader <stefan.bader@canonical.com> > > CVE-2010-3086 > BugLink: http://bugs.launchpad.net/bugs/706060 > (backported from commit 9d55b9923a1b7ea8193b8875c57ec940dc2ff027 upstream) > Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > include/asm-i386/futex.h | 4 ++-- > include/asm-x86_64/futex.h | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/include/asm-i386/futex.h b/include/asm-i386/futex.h > index e7a271d..33b574d 100644 > --- a/include/asm-i386/futex.h > +++ b/include/asm-i386/futex.h > @@ -28,7 +28,7 @@ > "1: movl %2, %0\n\ > movl %0, %3\n" \ > insn "\n" \ > -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ > +"2: lock ; cmpxchgl %3, %2\n\ > jnz 1b\n\ > 3: .section .fixup,\"ax\"\n\ > 4: mov %5, %1\n\ > @@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) > #endif > switch (op) { > case FUTEX_OP_ADD: > - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, > + __futex_atomic_op1("lock ; xaddl %0, %2", ret, > oldval, uaddr, oparg); > break; > case FUTEX_OP_OR: > diff --git a/include/asm-x86_64/futex.h b/include/asm-x86_64/futex.h > index 8602c09..d74be2a 100644 > --- a/include/asm-x86_64/futex.h > +++ b/include/asm-x86_64/futex.h > @@ -27,7 +27,7 @@ > "1: movl %2, %0\n\ > movl %0, %3\n" \ > insn "\n" \ > -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ > +"2: lock ; cmpxchgl %3, %2\n\ > jnz 1b\n\ > 3: .section .fixup,\"ax\"\n\ > 4: mov %5, %1\n\ > @@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) > __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); > break; > case FUTEX_OP_ADD: > - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval, > + __futex_atomic_op1("lock ; xaddl %0, %2", ret, oldval, > uaddr, oparg); > break; > case FUTEX_OP_OR:
diff --git a/include/asm-i386/futex.h b/include/asm-i386/futex.h index e7a271d..33b574d 100644 --- a/include/asm-i386/futex.h +++ b/include/asm-i386/futex.h @@ -28,7 +28,7 @@ "1: movl %2, %0\n\ movl %0, %3\n" \ insn "\n" \ -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ +"2: lock ; cmpxchgl %3, %2\n\ jnz 1b\n\ 3: .section .fixup,\"ax\"\n\ 4: mov %5, %1\n\ @@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) #endif switch (op) { case FUTEX_OP_ADD: - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, + __futex_atomic_op1("lock ; xaddl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_OR: diff --git a/include/asm-x86_64/futex.h b/include/asm-x86_64/futex.h index 8602c09..d74be2a 100644 --- a/include/asm-x86_64/futex.h +++ b/include/asm-x86_64/futex.h @@ -27,7 +27,7 @@ "1: movl %2, %0\n\ movl %0, %3\n" \ insn "\n" \ -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ +"2: lock ; cmpxchgl %3, %2\n\ jnz 1b\n\ 3: .section .fixup,\"ax\"\n\ 4: mov %5, %1\n\ @@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_ADD: - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval, + __futex_atomic_op1("lock ; xaddl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_OR: