torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
0d60fd5032
linux/arch/x86/kernel
History
Florent Revest e3e89178a9 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes 
Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their
CPU masks and unconditionally accesses per-CPU data for the first CPU of each
mask.

According to Documentation/admin-guide/mm/numaperf.rst:

  "Some memory may share the same node as a CPU, and others are provided as
  memory only nodes."

Therefore, some node CPU masks may be empty and wouldn't have a "first CPU".

On a machine with far memory (and therefore CPU-less NUMA nodes):
- cpumask_of_node(nid) is 0
- cpumask_first(0) is CONFIG_NR_CPUS
- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an
  index that is 1 out of bounds

This does not have any security implications since flashing microcode is
a privileged operation but I believe this has reliability implications by
potentially corrupting memory while flashing a microcode update.

When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes
a microcode update. I get the following splat:

  UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y
  index 512 is out of range for type 'unsigned long[512]'
  [...]
  Call Trace:
   dump_stack
   __ubsan_handle_out_of_bounds
   load_microcode_amd
   request_microcode_amd
   reload_store
   kernfs_fop_write_iter
   vfs_write
   ksys_write
   do_syscall_64
   entry_SYSCALL_64_after_hwframe

Change the loop to go over only NUMA nodes which have CPUs before determining
whether the first CPU on the respective node needs microcode update.

  [ bp: Massage commit message, fix typo. ]

Fixes: 7ff6edf4fe ("x86/microcode/AMD: Fix mixed steppings support")
Signed-off-by: Florent Revest <revest@chromium.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250310144243.861978-1-revest@chromium.org
2025-03-10 16:02:54 +01:00
..
acpi ACPI fixes for 6.14-rc1 2025-01-30 15:22:18 -08:00
apic The various patchsets are summarized below. Plus of course many 2025-01-26 18:36:23 -08:00
cpu x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes 2025-03-10 16:02:54 +01:00
fpu - Remove the less generic CPU matching infra around struct x86_cpu_desc and 2025-01-21 09:30:59 -08:00
kprobes x86/kprobes: Cleanup kprobes on ftrace code 2024-11-07 01:16:59 +09:00
.gitignore
alternative.c Merge branch 'linus' into x86/mm, to pick up fixes 2024-12-20 10:25:44 +01:00
amd_gart_64.c change alloc_pages name in dma_map_ops to avoid name conflicts 2024-04-25 20:55:53 -07:00
amd_nb.c x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() 2025-03-07 13:28:31 +01:00
amd_node.c x86/amd_node: Use defines for SMN register offsets 2025-01-08 11:02:28 +01:00
aperture_64.c x86/pci: Use PCI_HEADER_TYPE_* instead of literals 2023-12-01 15:00:43 -06:00
apm_32.c x86/apm_32: Remove dead function apm_get_battery_status() 2024-02-21 19:38:03 +01:00
asm-offsets_32.c
asm-offsets_64.c x86: Fixup asm-offsets duplicate 2022-10-17 16:41:06 +02:00
asm-offsets.c x86/bugs: Rename CONFIG_CALL_DEPTH_TRACKING => CONFIG_MITIGATION_CALL_DEPTH_TRACKING 2024-01-10 10:52:28 +01:00
audit_64.c x86/audit: Fix -Wmissing-variable-declarations warning for ia32_xyz_class 2023-08-30 10:11:16 +02:00
bootflag.c
callthunks.c x86/boot changes for v6.14: 2025-01-24 05:54:26 -08:00
cet.c x86/fred: Clear WFE in missing-ENDBRANCH #CPs 2024-12-29 10:18:10 +01:00
cfi.c cfi: Flip headers 2023-12-15 16:25:55 -08:00
check.c
cpuid.c x86/cpuid: make cpuid_class a static const structure 2023-08-05 08:31:41 +02:00
crash_dump_32.c
crash_dump_64.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
crash.c x86/mm: Add callbacks to prepare encrypted memory for kexec 2024-06-17 17:46:02 +02:00
devicetree.c x86/of: Don't use DTB for SMP setup if ACPI is enabled 2025-02-25 22:13:02 +01:00
doublefault_32.c x86: Avoid missing-prototype warnings for doublefault code 2023-05-18 11:56:18 -07:00
dumpstack_32.c x86/percpu: Move irq_stack variables next to current_task 2022-10-17 16:41:05 +02:00
dumpstack_64.c x86/percpu: Move irq_stack variables next to current_task 2022-10-17 16:41:05 +02:00
dumpstack.c x86/dumpstack: Use uniform "Oops: " prefix for die() messages 2024-03-27 08:45:19 +01:00
e820.c mm/memblock: add memblock_alloc_or_panic interface 2025-01-25 20:22:38 -08:00
early_printk.c
early-quirks.c drm/intel/pciids: rename i915_pciids.h to just pciids.h 2024-10-29 16:14:04 +02:00
ebda.c
eisa.c x86/EISA: Dereference memory directly instead of using readl() 2024-08-29 15:57:09 +02:00
espfix_64.c x86/fred: No ESPFIX needed when FRED is enabled 2024-01-31 22:01:51 +01:00
fred.c x86/fred: Fix the FRED RSP0 MSR out of sync with its per-CPU cache 2025-01-14 14:16:36 -08:00
ftrace_32.S fgraph: Replace fgraph_ret_regs with ftrace_regs 2024-12-26 10:50:02 -05:00
ftrace_64.S fgraph: Replace fgraph_ret_regs with ftrace_regs 2024-12-26 10:50:02 -05:00
ftrace.c fgraph: Pass ftrace_regs to entryfunc 2024-12-26 10:50:02 -05:00
head32.c x86/microcode/32: Move early loading after paging enable 2023-10-18 22:15:01 +02:00
head64.c x86/boot/64: Fix spurious undefined reference when CONFIG_X86_5LEVEL=n, on GCC-12 2024-12-10 11:16:32 +01:00
head_32.S x86/cleanups changes for v6.10: 2024-05-13 18:21:24 -07:00
head_64.S x86/boot/64: Determine VA/PA offset before entering C code 2024-12-05 13:18:54 +01:00
hpet.c RTC for 6.13 2025-01-30 17:50:02 -08:00
hw_breakpoint.c x86/amd: Cache debug register values in percpu variables 2023-01-31 20:09:26 +01:00
i8237.c
i8253.c x86/i8253: Disable PIT timer 0 when not in use 2024-08-02 18:27:05 +02:00
i8259.c x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility 2023-10-27 20:36:49 +02:00
ibt_selftest.S x86/ibt: Convert IBT selftest to asm 2023-08-17 17:07:09 +02:00
idt.c x86/irq: Install posted MSI notification handler 2024-04-30 00:54:42 +02:00
io_delay.c
ioport.c
irq_32.c x86/percpu: Move irq_stack variables next to current_task 2022-10-17 16:41:05 +02:00
irq_64.c fix missing vmalloc.h includes 2024-04-25 20:55:49 -07:00
irq_work.c x86/apic: Wrap IPI calls into helper functions 2023-08-09 12:00:55 -07:00
irq.c x86/irq: Define trace events conditionally 2025-02-25 22:44:35 +01:00
irqflags.S x86/headers: Replace #include <asm/export.h> with #include <linux/export.h> 2023-10-03 10:38:07 +02:00
irqinit.c x86/fred: Invoke FRED initialization code to enable FRED 2024-01-31 22:03:36 +01:00
itmt.c x86/itmt: Move the "sched_itmt_enabled" sysctl to debugfs 2025-01-13 14:10:24 +01:00
jailhouse.c xen: allow mapping ACPI data using a different physical address 2024-09-12 08:25:07 +02:00
jump_label.c
kdebugfs.c
kexec-bzimage64.c - Sumanth Korikkar has taught s390 to allocate hotplug-time page frames 2024-03-14 17:43:30 -07:00
kgdb.c x86/kgdb: Fix a kerneldoc warning when build with W=1 2023-09-24 11:00:13 +02:00
ksysfs.c x86/sysfs: Constify 'struct bin_attribute' 2024-12-06 11:06:14 +01:00
kvm.c x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() 2024-12-06 20:06:52 +01:00
kvmclock.c kvmclock: Unexport kvmclock clocksource 2024-02-07 17:05:21 +01:00
ldt.c x86/bugs: Rename CONFIG_PAGE_TABLE_ISOLATION => CONFIG_MITIGATION_PAGE_TABLE_ISOLATION 2024-01-10 10:52:28 +01:00
machine_kexec_32.c x86/kexec: Use typedef for relocate_kernel_fn function prototype 2025-01-14 13:09:08 +01:00
machine_kexec_64.c x86/kexec: Use typedef for relocate_kernel_fn function prototype 2025-01-14 13:09:08 +01:00
Makefile x86: Start moving AMD node functionality out of AMD_NB 2025-01-08 10:47:36 +01:00
mmconf-fam10h_64.c xen: allow mapping ACPI data using a different physical address 2024-09-12 08:25:07 +02:00
module.c x86/module: prepare module loading for ROX allocations of text 2024-11-07 14:25:16 -08:00
mpparse.c x86/mpparse: Cleanup apic_printk()s 2024-08-07 18:13:28 +02:00
msr.c x86/MSR: make msr_class a static const structure 2023-08-05 08:31:42 +02:00
nmi_selftest.c x86/apic: Wrap IPI calls into helper functions 2023-08-09 12:00:55 -07:00
nmi.c x86/nmi: Upgrade NMI backtrace stall checks & messages 2024-03-26 10:07:59 +01:00
paravirt-spinlocks.c
paravirt.c The various patchsets are summarized below. Plus of course many 2025-01-26 18:36:23 -08:00
pci-dma.c Documentation: Merge x86-specific boot options doc into kernel-parameters.txt 2024-12-10 18:25:40 +01:00
pcspeaker.c
perf_regs.c
platform-quirks.c x86/quirks: Include linux/pnp.h for arch_pnpbios_disabled() 2023-05-18 11:56:18 -07:00
pmem.c
probe_roms.c x86/sev: Skip ROM range scans and validation for SEV-SNP guests 2024-03-26 15:22:35 +01:00
process_32.c x86/fpu: Clean up FPU switching in the middle of task switching 2023-10-20 11:24:22 +02:00
process_64.c x86/mm: Cleanup prctl_enable_tagged_addr() nr_bits error checking 2024-07-02 11:33:44 -07:00
process.c Objtool changes for v6.14: 2025-01-21 10:13:11 -08:00
process.h
ptrace.c x86: Add PTRACE interface for shadow stack 2023-08-02 15:01:51 -07:00
pvclock.c locking/atomic: treewide: use raw_atomic*_<op>() 2023-06-05 09:57:20 +02:00
quirks.c
reboot_fixups_32.c
reboot.c x86: Convert unreachable() to BUG() 2024-12-02 12:01:43 +01:00
relocate_kernel_32.S
relocate_kernel_64.S x86/boot changes for v6.14: 2025-01-24 05:54:26 -08:00
resource.c x86/PCI: Tidy E820 removal messages 2022-12-10 10:33:11 -06:00
rethook.c
rtc.c x86/rtc: Remove unused intel-mid.h 2024-04-03 08:24:48 -07:00
setup_percpu.c x86/asm: Add DB flag to 32-bit percpu GDT entry 2023-12-20 10:57:51 +01:00
setup.c mm/early_ioremap: add null pointer checks to prevent NULL-pointer dereference 2025-01-13 22:40:59 -08:00
sev_verify_cbit.S x86/boot: Use 32-bit XOR to clear registers 2024-03-01 12:47:37 +01:00
shstk.c uprobe: Add uretprobe syscall to speed up return probe 2024-06-12 08:44:28 +09:00
signal_32.c x86/syscall/compat: Remove ia32_unistd.h 2024-03-22 09:37:09 +01:00
signal_64.c x86/pkeys: Restore altstack access in sigreturn() 2024-08-02 14:12:21 +02:00
signal.c x86/pkeys: Update PKRU to enable all pkeys before XSAVE 2024-08-02 14:12:21 +02:00
smp.c - Sumanth Korikkar has taught s390 to allocate hotplug-time page frames 2024-03-14 17:43:30 -07:00
smpboot.c Scheduler enhancements for v6.14: 2025-01-21 11:32:36 -08:00
stacktrace.c
static_call.c x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 2025-01-02 17:11:29 +01:00
step.c x86/msr: Prepare for including <linux/percpu.h> into <asm/msr.h> 2024-03-04 12:01:39 +01:00
sys_ia32.c
sys_x86_64.c arch/x86: teach arch_get_unmapped_area_vmflags to handle hugetlb mappings 2024-11-06 20:11:10 -08:00
tboot.c
time.c x86: stop playing stack games in profile_pc() 2024-06-28 14:27:22 -07:00
tls.c x86/gsseg: Move load_gs_index() to its own new header file 2023-01-12 13:06:36 +01:00
tls.h
trace_clock.c
trace.c
tracepoint.c
traps.c x86/traps: move kmsan check after instrumentation_begin 2024-10-28 21:40:39 -07:00
tsc_msr.c x86/tsc_msr: Switch to new Intel CPU model defines 2024-04-29 10:31:34 +02:00
tsc_sync.c x86/tsc: Trust initial offset in architectural TSC-adjust MSRs 2024-04-29 23:27:16 +02:00
tsc.c - Remove the less generic CPU matching infra around struct x86_cpu_desc and 2025-01-21 09:30:59 -08:00
umip.c
unwind_frame.c
unwind_guess.c
unwind_orc.c x86/unwind/orc: Fix unwind for newly forked tasks 2024-10-17 15:13:07 -07:00
uprobes.c uprobe: Add uretprobe syscall to speed up return probe 2024-06-12 08:44:28 +09:00
verify_cpu.S
vm86_32.c arch: remove get_task_comm() and print task comm directly 2025-01-12 20:21:15 -08:00
vmcore_info_32.c crash: split vmcoreinfo exporting code out from crash_core.c 2024-02-23 17:48:22 -08:00
vmcore_info_64.c crash: split vmcoreinfo exporting code out from crash_core.c 2024-02-23 17:48:22 -08:00
vmlinux.lds.S x86/boot changes for v6.14: 2025-01-24 05:54:26 -08:00
vsmp_64.c x86/apic: Remove unused phys_pkg_id() callback 2024-02-15 22:07:38 +01:00
x86_init.c xen: allow mapping ACPI data using a different physical address 2024-09-12 08:25:07 +02:00