[GIT PULL] x86 fixes

From: Ingo Molnar
Date: Sat Aug 26 2017 - 03:26:24 EST


Linus,

Please pull the latest x86-urgent-for-linus git tree from:

git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-urgent-for-linus

# HEAD: ccd5b3235180eef3cfec337df1c8554ab151b5cc x86/mm: Fix use-after-free of ldt_struct

Two fixes: one for an ldt_struct handling bug and a cherry-picked objtool fix.

Thanks,

Ingo

------------------>
Eric Biggers (1):
x86/mm: Fix use-after-free of ldt_struct

Josh Poimboeuf (1):
objtool: Fix '-mtune=atom' decoding support in objtool 2.0


arch/x86/include/asm/mmu_context.h | 4 +---
tools/objtool/arch/x86/decode.c | 26 +++++++++++++++++++++++++-
2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 265c907d7d4c..7a234be7e298 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -140,9 +140,7 @@ static inline int init_new_context(struct task_struct *tsk,
mm->context.execute_only_pkey = -1;
}
#endif
- init_new_context_ldt(tsk, mm);
-
- return 0;
+ return init_new_context_ldt(tsk, mm);
}
static inline void destroy_context(struct mm_struct *mm)
{
diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c
index a36c2eba64e7..4559a21a8de2 100644
--- a/tools/objtool/arch/x86/decode.c
+++ b/tools/objtool/arch/x86/decode.c
@@ -271,7 +271,7 @@ int arch_decode_instruction(struct elf *elf, struct section *sec,
case 0x8d:
if (rex == 0x48 && modrm == 0x65) {

- /* lea -disp(%rbp), %rsp */
+ /* lea disp(%rbp), %rsp */
*type = INSN_STACK;
op->src.type = OP_SRC_ADD;
op->src.reg = CFI_BP;
@@ -281,6 +281,30 @@ int arch_decode_instruction(struct elf *elf, struct section *sec,
break;
}

+ if (rex == 0x48 && (modrm == 0xa4 || modrm == 0x64) &&
+ sib == 0x24) {
+
+ /* lea disp(%rsp), %rsp */
+ *type = INSN_STACK;
+ op->src.type = OP_SRC_ADD;
+ op->src.reg = CFI_SP;
+ op->src.offset = insn.displacement.value;
+ op->dest.type = OP_DEST_REG;
+ op->dest.reg = CFI_SP;
+ break;
+ }
+
+ if (rex == 0x48 && modrm == 0x2c && sib == 0x24) {
+
+ /* lea (%rsp), %rbp */
+ *type = INSN_STACK;
+ op->src.type = OP_SRC_REG;
+ op->src.reg = CFI_SP;
+ op->dest.type = OP_DEST_REG;
+ op->dest.reg = CFI_BP;
+ break;
+ }
+
if (rex == 0x4c && modrm == 0x54 && sib == 0x24 &&
insn.displacement.value == 8) {