x86/mpx: Fix instruction decoder condition

MPX decodes instructions in order to tell which bounds register was violated. Part of this decoding involves looking at the "REX prefix" which is a special instrucion prefix used to retrofit support for new registers in to old instructions. The X86_REX_*() macros are defined to return actual bit values: #define X86_REX_R(rex) ((rex) & 4) *not* boolean values. However, the MPX code was checking for them like they were booleans. This might have led to us mis-decoding the "REX prefix" and giving false information out to userspace about bounds violations. X86_REX_B() actually is bit 1, so this is really only broken for the X86_REX_X() case. Fix the conditionals up to tolerate the non-boolean values. Fixes: fcc7ffd67991 "x86, mpx: Decode MPX instruction to get bound violation information" Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: x86@kernel.org Cc: Dave Hansen <dave@sr71.net> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20151201003113.D800C1E0@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
author: Dave Hansen <dave.hansen@linux.intel.com> 2015-11-30 19:31:13 -0500
committer: Thomas Gleixner <tglx@linutronix.de> 2015-12-05 12:52:14 -0500
commit: 8e8efe0379bd93e8219ca0fc6fa80b5dd85b09cb (patch)
tree: cafd4b6681fb012104320c9b0a63494566746b63 /arch
parent: 70f1528747651b20c7769d3516ade369f9963237 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
index 1202d5ca2fb5..b2fd67da1701 100644
--- a/arch/x86/mm/mpx.c
+++ b/arch/x86/mm/mpx.c
@@ -101,19 +101,19 @@ static int get_reg_offset(struct insn *insn, struct pt_regs *regs,
        switch (type) {
        case REG_TYPE_RM:
                regno = X86_MODRM_RM(insn->modrm.value);
-                if (X86_REX_B(insn->rex_prefix.value) == 1)
+                if (X86_REX_B(insn->rex_prefix.value))
                        regno += 8;
                break;
        case REG_TYPE_INDEX:
                regno = X86_SIB_INDEX(insn->sib.value);
-                if (X86_REX_X(insn->rex_prefix.value) == 1)
+                if (X86_REX_X(insn->rex_prefix.value))
                        regno += 8;
                break;
        case REG_TYPE_BASE:
                regno = X86_SIB_BASE(insn->sib.value);
-                if (X86_REX_B(insn->rex_prefix.value) == 1)
+                if (X86_REX_B(insn->rex_prefix.value))
                        regno += 8;
                break;
author	Dave Hansen <dave.hansen@linux.intel.com>	2015-11-30 19:31:13 -0500
committer	Thomas Gleixner <tglx@linutronix.de>	2015-12-05 12:52:14 -0500
commit	8e8efe0379bd93e8219ca0fc6fa80b5dd85b09cb (patch)
tree	cafd4b6681fb012104320c9b0a63494566746b63 /arch
parent	70f1528747651b20c7769d3516ade369f9963237 (diff)

diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c index 1202d5ca2fb5..b2fd67da1701 100644 --- a/arch/x86/mm/mpx.c +++ b/arch/x86/mm/mpx.c
@@ -101,19 +101,19 @@ static int get_reg_offset(struct insn insn, struct pt_regs regs,
101	switch (type) {	101	switch (type) {
102	case REG_TYPE_RM:	102	case REG_TYPE_RM:
103	regno = X86_MODRM_RM(insn->modrm.value);	103	regno = X86_MODRM_RM(insn->modrm.value);
104	if (X86_REX_B(insn->rex_prefix.value) == 1)	104	if (X86_REX_B(insn->rex_prefix.value))
105	regno += 8;	105	regno += 8;
106	break;	106	break;
107		107
108	case REG_TYPE_INDEX:	108	case REG_TYPE_INDEX:
109	regno = X86_SIB_INDEX(insn->sib.value);	109	regno = X86_SIB_INDEX(insn->sib.value);
110	if (X86_REX_X(insn->rex_prefix.value) == 1)	110	if (X86_REX_X(insn->rex_prefix.value))
111	regno += 8;	111	regno += 8;
112	break;	112	break;
113		113
114	case REG_TYPE_BASE:	114	case REG_TYPE_BASE:
115	regno = X86_SIB_BASE(insn->sib.value);	115	regno = X86_SIB_BASE(insn->sib.value);
116	if (X86_REX_B(insn->rex_prefix.value) == 1)	116	if (X86_REX_B(insn->rex_prefix.value))
117	regno += 8;	117	regno += 8;
118	break;	118	break;
119		119