linux/arch/x86/mm
Colin Ian King 5ccd35287e x86/fault: Fix sign-extend unintended sign extension
show_ldttss() shifts desc.base2 by 24 bit, but base2 is 8 bits of a
bitfield in a u16.

Due to the really great idea of integer promotion in C99 base2 is promoted
to an int, because that's the standard defined behaviour when all values
which can be represented by base2 fit into an int.

Now if bit 7 is set in desc.base2 the result of the shift left by 24 makes
the resulting integer negative and the following conversion to unsigned
long legitmately sign extends first causing the upper bits 32 bits to be
set in the result.

Fix this by casting desc.base2 to unsigned long before the shift.

Detected by CoverityScan, CID#1475635 ("Unintended sign extension")

[ tglx: Reworded the changelog a bit as I actually had to lookup
  	the standard (again) to decode the original one. ]

Fixes: a1a371c468 ("x86/fault: Decode page fault OOPSes better")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: kernel-janitors@vger.kernel.org
Link: https://lkml.kernel.org/r/20181222191116.21831-1-colin.king@canonical.com
2019-01-29 21:58:59 +01:00
..
amdtopology.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
cpu_entry_area.c x86/pti/64: Remove the SYSCALL64 entry trampoline 2018-09-12 21:33:53 +02:00
debug_pagetables.c x86/mm/dump_pagetables: Use DEFINE_SHOW_ATTRIBUTE() 2018-12-18 13:05:54 +01:00
dump_pagetables.c kasan: rename kasan_zero_page to kasan_early_shadow_page 2018-12-28 12:11:43 -08:00
extable.c x86/mm: Fix typo in comment 2018-10-03 16:14:05 +02:00
fault.c x86/fault: Fix sign-extend unintended sign extension 2019-01-29 21:58:59 +01:00
highmem_32.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
hugetlbpage.c x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT 2018-11-01 12:59:25 +01:00
ident_map.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
init_32.c mm, memory_hotplug: add nid parameter to arch_remove_memory 2018-12-28 12:11:49 -08:00
init_64.c mm, memory_hotplug: add nid parameter to arch_remove_memory 2018-12-28 12:11:49 -08:00
init.c mm: make free_reserved_area() return "const char *" 2018-12-28 12:11:48 -08:00
iomap_32.c x86/mm: Do not auto-massage page protections 2018-04-12 09:04:22 +02:00
ioremap.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
kasan_init_64.c kasan: rename kasan_zero_page to kasan_early_shadow_page 2018-12-28 12:11:43 -08:00
kaslr.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
kmmio.c x86/mm/kmmio: Make the tracer robust against L1TF 2018-08-08 22:28:34 +02:00
Makefile x86/mm/sme: Disable stack protection for mem_encrypt_identity.c 2018-02-28 15:24:12 +01:00
mem_encrypt_boot.S x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() 2018-02-21 09:05:04 +01:00
mem_encrypt_identity.c x86/mm/mem_encrypt: Fix erroneous sizeof() 2019-01-15 11:41:58 +01:00
mem_encrypt.c dma-direct: merge swiotlb_dma_ops into the dma_direct code 2018-12-13 21:06:17 +01:00
mm_internal.h x86/mm/cpa: Optimize cpa_flush_array() TLB invalidation 2018-12-17 18:54:26 +01:00
mmap.c x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT 2018-11-01 12:59:25 +01:00
mmio-mod.c x86: do not use print_symbol() 2018-01-05 15:23:01 +01:00
mpx.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
numa_32.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_64.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_emulation.c Merge branch 'core/urgent' into x86/urgent, to pick up objtool fix 2018-11-03 23:42:16 +01:00
numa_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
numa.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
pageattr-test.c x86/mm/cpa: Simplify the code after making cpa->vaddr invariant 2018-12-17 18:54:25 +01:00
pageattr.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-12-26 18:08:18 -08:00
pat_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pat_rbtree.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pat.c x86/mm: Fix decoy address handling vs 32-bit builds 2018-12-11 18:28:20 -08:00
pf_in.c
pf_in.h
pgtable_32.c x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() 2018-02-15 01:15:52 +01:00
pgtable.c mm: treewide: remove unused address argument from pte_alloc functions 2019-01-04 13:13:47 -08:00
physaddr.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
physaddr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pkeys.c x86/pkeys: Make init_pkru_value static 2018-12-03 19:10:18 +01:00
pti.c x86/pti/64: Remove the SYSCALL64 entry trampoline 2018-09-12 21:33:53 +02:00
setup_nx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
srat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
testmmiotrace.c
tlb.c x86/mm/cpa: Optimize cpa_flush_array() TLB invalidation 2018-12-17 18:54:26 +01:00