Unverified Commit 518d7451 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!2086 fix CVE-2023-20588 

Merge Pull Request from: @ci-robot 
 
PR sync from: Jialin Zhang <zhangjialin11@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F56WNYSLTWN3QGUNX2VTGWCFBYGMJY4Q/ 
Borislav Petkov (AMD) (2):
  x86/CPU/AMD: Do not leak quotient data after a division by 0
  x86/CPU/AMD: Fix the DIV(0) initial fix attempt


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I7WY4J 
 
Link:https://gitee.com/openeuler/kernel/pulls/2086

 

Reviewed-by: default avatarWei Li <liwei391@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 4bba4dd1 d0767beb

arch/x86/include/asm/cpufeatures.h

+1 −0
Original line number Diff line number Diff line
@@ -478,5 +478,6 @@ 
#define X86_BUG_EIBRS_PBRSB		X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */

#define X86_BUG_SMT_RSB			X86_BUG(29) /* CPU is vulnerable to Cross-Thread Return Address Predictions */

#define X86_BUG_GDS			X86_BUG(30) /* CPU is affected by Gather Data Sampling */

#define X86_BUG_DIV0			X86_BUG(31) /* AMD DIV0 speculation bug */



#endif /* _ASM_X86_CPUFEATURES_H */

arch/x86/include/asm/entry-common.h

+1 −0
Original line number Diff line number Diff line
@@ -94,6 +94,7 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs, 
static __always_inline void arch_exit_to_user_mode(void)

{

	mds_user_clear_cpu_buffers();

	amd_clear_divider();

}

#define arch_exit_to_user_mode arch_exit_to_user_mode

arch/x86/include/asm/processor.h

+2 −0
Original line number Diff line number Diff line
@@ -834,9 +834,11 @@ extern u16 get_llc_id(unsigned int cpu); 
#ifdef CONFIG_CPU_SUP_AMD

extern u16 amd_get_nb_id(int cpu);

extern u32 amd_get_nodes_per_socket(void);

extern void amd_clear_divider(void);

#else

static inline u16 amd_get_nb_id(int cpu)		{ return 0; }

static inline u32 amd_get_nodes_per_socket(void)	{ return 0; }

static inline void amd_clear_divider(void)		{ }

#endif



static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)

arch/x86/kernel/cpu/amd.c

+20 −0
Original line number Diff line number Diff line
@@ -77,6 +77,10 @@ static const int amd_zenbleed[] = 
			   AMD_MODEL_RANGE(0x17, 0x90, 0x0, 0x91, 0xf),

			   AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));



static const int amd_div0[] =

	AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x00, 0x0, 0x2f, 0xf),

			   AMD_MODEL_RANGE(0x17, 0x50, 0x0, 0x5f, 0xf));



static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)

{

	int osvw_id = *erratum++;
@@ -1160,6 +1164,11 @@ static void init_amd(struct cpuinfo_x86 *c) 
	check_null_seg_clears_base(c);



	zenbleed_check(c);



	if (cpu_has_amd_erratum(c, amd_div0)) {

		pr_notice_once("AMD Zen1 DIV0 bug detected. Disable SMT for full protection.\n");

		setup_force_cpu_bug(X86_BUG_DIV0);

	}

}



#ifdef CONFIG_X86_32
@@ -1285,3 +1294,14 @@ void amd_check_microcode(void) 
{

	on_each_cpu(zenbleed_check_cpu, NULL, 1);

}



/*

 * Issue a DIV 0/1 insn to clear any division data from previous DIV

 * operations.

 */

void noinstr amd_clear_divider(void)

{

	asm volatile(ALTERNATIVE("", "div %2\n\t", X86_BUG_DIV0)

		     :: "a" (0), "d" (0), "r" (1));

}

EXPORT_SYMBOL_GPL(amd_clear_divider);

arch/x86/kvm/svm/svm.c

+1 −0
Original line number Diff line number Diff line
@@ -3379,6 +3379,7 @@ static void svm_flush_tlb_gva(struct kvm_vcpu *vcpu, gva_t gva) 


static void svm_prepare_guest_switch(struct kvm_vcpu *vcpu)

{

	amd_clear_divider();

}



static inline void sync_cr8_to_lapic(struct kvm_vcpu *vcpu)