From mboxrd@z Thu Jan  1 00:00:00 1970
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754764AbeAJL2a (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 06:28:30 -0500
Received: from mail.skyhub.de ([5.9.137.197]:55188 "EHLO mail.skyhub.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751409AbeAJL23 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 06:28:29 -0500
Date: Wed, 10 Jan 2018 12:28:16 +0100
From: Borislav Petkov <bp@alien8.de>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        Andi Kleen <andi@firstfloor.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        the arch/x86 maintainers <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Paul Turner <pjt@google.com>,
        Andrew Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Jiri Kosina <jikos@kernel.org>, Andi Kleen <ak@linux.intel.com>
Subject: [PATCH] x86/alternatives: Fix optimize_nops() checking
Message-ID: <20180110112815.mgciyf5acwacphkq@pd.tnic>
References: <20180110003139.10531-1-andi@firstfloor.org>
 <CA+55aFzyVFEUKaLpqxfwh5E9QFgMjzr+wVoYGxqTHVDkGcFkOw@mail.gmail.com>
 <1515568506.22302.72.camel@infradead.org>
 <1515578735.22302.91.camel@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <1515578735.22302.91.camel@infradead.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

From: Borislav Petkov <bp@suse.de>
Date: Wed, 10 Jan 2018 12:14:07 +0100

We check only the first byte whether it is a NOP but if David Woodhouse
wants to do some crazy experiments with slapping NOPs in front of the
payload and having the actual instructions after it, this "optimized"
test breaks. :-)

Make sure we scan all bytes before we decide to optimize the NOPs in
there.

Reported-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: x86@kernel.org
---
 arch/x86/kernel/alternative.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 3344d3382e91..78932b283915 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -344,9 +344,11 @@ recompute_jump(struct alt_instr *a, u8 *orig_insn, u8 *repl_insn, u8 *insnbuf)
 static void __init_or_module noinline optimize_nops(struct alt_instr *a, u8 *instr)
 {
 	unsigned long flags;
+	int i;
 
-	if (instr[0] != 0x90)
-		return;
+	for (i = 0; i < a->padlen; i++)
+		if (instr[i] != 0x90)
+			return;
 
 	local_irq_save(flags);
 	add_nops(instr + (a->instrlen - a->padlen), a->padlen);
-- 
2.13.0


-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.