From: Jiri Pirko <jpirko@redhat.com> Date: Thu, 14 Oct 2010 16:05:05 -0400 Subject: [misc] futex: replace LOCK_PREFIX in futex.h Message-id: <20101014160505.GB2629@psychotron.redhat.com> Patchwork-id: 4491 O-Subject: [kernel team] [RHEL5] futex: replace LOCK_PREFIX in futex.h Bugzilla: 633176 CVE: CVE-2010-3086 RH-Acked-by: Eugene Teo <eugene@redhat.com> RH-Acked-by: Gleb Natapov <gleb@redhat.com> RH-Acked-by: Petr Matousek <pmatouse@redhat.com> RH-Acked-by: Amerigo Wang <amwang@redhat.com> RH-Acked-by: Prarit Bhargava <prarit@redhat.com> RH-Acked-by: Larry Woodman <lwoodman@redhat.com> This is for CVE-2010-3086 rhel-5.6 [#633176:NEW]. Please review. diff --git a/include/asm-i386/futex.h b/include/asm-i386/futex.h index 946d97c..d84e60f 100644 --- a/include/asm-i386/futex.h +++ b/include/asm-i386/futex.h @@ -28,7 +28,7 @@ "1: movl %2, %0\n\ movl %0, %3\n" \ insn "\n" \ -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ +"2: lock cmpxchgl %3, %2\n\ jnz 1b\n\ 3: .section .fixup,\"ax\"\n\ 4: mov %5, %1\n\ @@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) #endif switch (op) { case FUTEX_OP_ADD: - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, + __futex_atomic_op1("lock xaddl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_OR: @@ -111,7 +111,7 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval) return -EFAULT; __asm__ __volatile__( - "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n" + "1: lock cmpxchgl %3, %1 \n" "2: .section .fixup, \"ax\" \n" "3: mov %2, %0 \n" diff --git a/include/asm-i386/msr.h b/include/asm-i386/msr.h index 249b0c7..869e75a 100644 --- a/include/asm-i386/msr.h +++ b/include/asm-i386/msr.h @@ -301,6 +301,7 @@ void wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h); int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h); int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h); #else /* CONFIG_SMP */ +#include <asm/errno.h> static inline void rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h) { rdmsr(msr_no, *l, *h); diff --git a/include/asm-x86_64/futex.h b/include/asm-x86_64/futex.h index 9804bf0..2c51565 100644 --- a/include/asm-x86_64/futex.h +++ b/include/asm-x86_64/futex.h @@ -27,7 +27,7 @@ "1: movl %2, %0\n\ movl %0, %3\n" \ insn "\n" \ -"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\ +"2: lock cmpxchgl %3, %2\n\ jnz 1b\n\ 3: .section .fixup,\"ax\"\n\ 4: mov %5, %1\n\ @@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_ADD: - __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval, + __futex_atomic_op1("lock xaddl %0, %2", ret, oldval, uaddr, oparg); break; case FUTEX_OP_OR: @@ -101,7 +101,7 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval) return -EFAULT; __asm__ __volatile__( - "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n" + "1: lock cmpxchgl %3, %1 \n" "2: .section .fixup, \"ax\" \n" "3: mov %2, %0 \n"