From patchwork Mon Jun 13 18:36:37 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Hutchings <ben@decadent.org.uk>
X-Patchwork-Id: 9173757
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8CDDD6048C for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Jun 2016 18:41:38 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8445822230
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Jun 2016 18:41:38 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 78828265B9; Mon, 13 Jun 2016 18:41:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CF4F322230
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 13 Jun 2016 18:41:37 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1bCWkm-000752-5r; Mon, 13 Jun 2016 18:38:28 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <ben@decadent.org.uk>) id 1bCWkk-00074w-Hc
	for xen-devel@lists.xenproject.org; Mon, 13 Jun 2016 18:38:26 +0000
Received: from [85.158.139.211] by server-4.bemta-5.messagelabs.com id
	8E/97-11823-1ADFE575; Mon, 13 Jun 2016 18:38:25 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRWlGSWpSXmKPExsUSkcBYp7vwb1y
	4weoPXBbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8bZjwfZC06JVHxZsZutgbFLqIuRi0NIoJlJ
	Ysbm02wQzkRGiZnnPjJ2MXJyMAtoSrRu/83excgBZEtLLP/HARGWl2jeOpsZxOYVEJQ4OfMJC
	4jNBlK+Yw5Yq4iAhcTFNwuYQWYyC3xglZjWvYUJJMEioCrxd+9fVohmM4nWrmXsILaEgLbEjK
	PNYM3CAp4SXV+XgdVzCphLtC6+zApyg4SAlcSkHfYQ5RoS12duZoOwQyS+7VvANIFRcBaSq2c
	hXD0LydWzkFy9gJFlFaN6cWpRWWqRroVeUlFmekZJbmJmjq6hgalebmpxcWJ6ak5iUrFecn7u
	JkZgKDMAwQ7Gg83OhxglOZiURHllf8aFC/El5adUZiQWZ8QXleakFh9ilOHgUJLgjfgDlBMsS
	k1PrUjLzAFGFUxagoNHSYTXHyTNW1yQmFucmQ6ROsWoKCXOqwOSEABJZJTmwbXBIvkSo6yUMC
	8j0CFCPAWpRbmZJajyrxjFORiVhHlbQKbwZOaVwE1/BbSYCWgxx75okMUliQgpqQbGma/DpLX
	tCt5Mb3o4I3VZ0YatDmzLdgUnfPg4+eN1xaxL2Y4uXzXeS64W56qMXXCsK33aUsYFBSc5Duw9
	fvHl0dwf7Os+r17Yu+HtzwOL1l6tdY5Mfx/Df6ZI6Muz3sKYfVVXBWQ9N+5+UrNP44NIdZP1+
	2q2J5pLDdZwZS4+80po34s1Vyayz1diKc5INNRiLipOBACfulSk3wIAAA==
X-Env-Sender: ben@decadent.org.uk
X-Msg-Ref: server-12.tower-206.messagelabs.com!1465843104!8265107!1
X-Originating-IP: [88.96.1.126]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 60556 invoked from network); 13 Jun 2016 18:38:25 -0000
Received: from shadbolt.e.decadent.org.uk (HELO shadbolt.e.decadent.org.uk)
	(88.96.1.126)
	by server-12.tower-206.messagelabs.com with AES128-GCM-SHA256
	encrypted SMTP; 13 Jun 2016 18:38:25 -0000
Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye)
	by shadbolt.decadent.org.uk with esmtps
	(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
	(envelope-from <ben@decadent.org.uk>)
	id 1bCWjm-0007VW-DL; Mon, 13 Jun 2016 19:37:26 +0100
Received: from ben by deadeye with local (Exim 4.87)
	(envelope-from <ben@decadent.org.uk>)
	id 1bCWjl-000591-UB; Mon, 13 Jun 2016 19:37:25 +0100
Content-Disposition: inline
MIME-Version: 1.0
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Date: Mon, 13 Jun 2016 19:36:37 +0100
Message-ID: <lsq.1465842997.880918923@decadent.org.uk>
X-Mailer: LinuxStableQueue (scripts by bwh)
In-Reply-To: <lsq.1465842997.838358341@decadent.org.uk>
X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332
X-SA-Exim-Mail-From: ben@decadent.org.uk
X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk);
	SAEximRunCond expanded to false
Cc: Juergen Gross <JGross@suse.com>, Denys Vlasenko <dvlasenk@redhat.com>,
	xen-devel <xen-devel@lists.xenproject.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Brian Gerst <brgerst@gmail.com>,
	"Luis R. Rodriguez" <mcgrof@suse.com>, Ingo Molnar <mingo@kernel.org>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Borislav Petkov <bp@alien8.de>, David Vrabel <david.vrabel@citrix.com>,
	Jan Beulich <jbeulich@suse.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Toshi Kani <toshi.kani@hp.com>, akpm@linux-foundation.org,
	Andy Lutomirski <luto@amacapital.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: [Xen-devel] [PATCH 3.16 041/114] x86/mm/xen: Suppress hugetlbfs in
	PV guests
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

3.16.36-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Beulich <JBeulich@suse.com>

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <JGross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 arch/x86/include/asm/hugetlb.h | 1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,