CVE-2021-47430

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n<br /> <br /> Commit<br /> <br /> 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks")<br /> <br /> added a warning if AC is set when in the kernel.<br /> <br /> Commit<br /> <br /> 662a0221893a3d ("x86/entry: Fix AC assertion")<br /> <br /> changed the warning to only fire if the CPU supports SMAP.<br /> <br /> However, the warning can still trigger on a machine that supports SMAP<br /> but where it&amp;#39;s disabled in the kernel config and when running the<br /> syscall_nt selftest, for example:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 0 PID: 49 at irqentry_enter_from_user_mode<br /> CPU: 0 PID: 49 Comm: init Tainted: G T 5.15.0-rc4+ #98 e6202628ee053b4f310759978284bd8bb0ce6905<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014<br /> RIP: 0010:irqentry_enter_from_user_mode<br /> ...<br /> Call Trace:<br /> ? irqentry_enter<br /> ? exc_general_protection<br /> ? asm_exc_general_protection<br /> ? asm_exc_general_protectio<br /> <br /> IS_ENABLED(CONFIG_X86_SMAP) could be added to the warning condition, but<br /> even this would not be enough in case SMAP is disabled at boot time with<br /> the "nosmap" parameter.<br /> <br /> To be consistent with "nosmap" behaviour, clear X86_FEATURE_SMAP when<br /> !CONFIG_X86_SMAP.<br /> <br /> Found using entry-fuzz + satrandconfig.<br /> <br /> [ bp: Massage commit message. ]