From cadc2f2a1021d7f8dff3c44e09a5fa0cac24936b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 27 Dec 2021 12:37:27 +0100 Subject: [PATCH] 4.14-stable patches added patches: x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch --- queue-4.14/series | 1 + ...undefined-behaviour-with-pkru_wd_bit.patch | 52 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 queue-4.14/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch diff --git a/queue-4.14/series b/queue-4.14/series index d90f4b4e2de..82786f250f6 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -15,3 +15,4 @@ hwmon-lm90-fix-usage-of-config2-register-in-detect-f.patch alsa-jack-check-the-return-value-of-kstrdup.patch alsa-drivers-opl3-fix-incorrect-use-of-vp-state.patch input-atmel_mxt_ts-fix-double-free-in-mxt_read_info_block.patch +x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch diff --git a/queue-4.14/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch b/queue-4.14/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch new file mode 100644 index 00000000000..36a5d8d45e5 --- /dev/null +++ b/queue-4.14/x86-pkey-fix-undefined-behaviour-with-pkru_wd_bit.patch @@ -0,0 +1,52 @@ +From 57690554abe135fee81d6ac33cc94d75a7e224bb Mon Sep 17 00:00:00 2001 +From: Andrew Cooper +Date: Thu, 16 Dec 2021 00:08:56 +0000 +Subject: x86/pkey: Fix undefined behaviour with PKRU_WD_BIT + +From: Andrew Cooper + +commit 57690554abe135fee81d6ac33cc94d75a7e224bb upstream. + +Both __pkru_allows_write() and arch_set_user_pkey_access() shift +PKRU_WD_BIT (a signed constant) by up to 30 bits, hitting the +sign bit. + +Use unsigned constants instead. + +Clearly pkey 15 has not been used in combination with UBSAN yet. + +Noticed by code inspection only. I can't actually provoke the +compiler into generating incorrect logic as far as this shift is +concerned. + +[ + dhansen: add stable@ tag, plus minor changelog massaging, + + For anyone doing backports, these #defines were in + arch/x86/include/asm/pgtable.h before 784a46618f6. +] + +Fixes: 33a709b25a76 ("mm/gup, x86/mm/pkeys: Check VMAs and PTEs for protection keys") +Signed-off-by: Andrew Cooper +Signed-off-by: Dave Hansen +Signed-off-by: Borislav Petkov +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20211216000856.4480-1-andrew.cooper3@citrix.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/pgtable.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/include/asm/pgtable.h ++++ b/arch/x86/include/asm/pgtable.h +@@ -1220,8 +1220,8 @@ static inline pmd_t pmd_swp_clear_soft_d + #endif + #endif + +-#define PKRU_AD_BIT 0x1 +-#define PKRU_WD_BIT 0x2 ++#define PKRU_AD_BIT 0x1u ++#define PKRU_WD_BIT 0x2u + #define PKRU_BITS_PER_PKEY 2 + + static inline bool __pkru_allows_read(u32 pkru, u16 pkey) -- 2.47.2