From patchwork Tue Aug 7 10:24:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joerg Roedel X-Patchwork-Id: 10558495 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A33D214E2 for ; Tue, 7 Aug 2018 10:24:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 91C3C2876D for ; Tue, 7 Aug 2018 10:24:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 85A2D295FC; Tue, 7 Aug 2018 10:24:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0452F2876D for ; Tue, 7 Aug 2018 10:24:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8DE766B0010; Tue, 7 Aug 2018 06:24:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8B8A36B0269; Tue, 7 Aug 2018 06:24:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72E4F6B026A; Tue, 7 Aug 2018 06:24:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by kanga.kvack.org (Postfix) with ESMTP id 10A446B0010 for ; Tue, 7 Aug 2018 06:24:41 -0400 (EDT) Received: by mail-ed1-f71.google.com with SMTP id h26-v6so5231716eds.14 for ; Tue, 07 Aug 2018 03:24:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=CgXuHB8EAyChjzpchaoLpHvByk+29my3cusk73ts4gs=; b=LRKpWAhUUygpi4xMjzJORs/IxK0uJPJJz96AunWvgaR0W+C5ddr55fieCN1d+xl8ti jNQ4t9poCDu3VOBHSM4vafc1K6i48Tk84/j91LPK1Hes6sbzb/91vv3aXkZWT3Gt/Y3q weQ3weUh/p/iV9J5rytx2IDxH7gYPUhuA0Mgc2H2kt47XnaMVxtE2hcoKzWApPHqaaIW 4r/JVnwWj5YD3IGA4gbgc3PCxWVfRCqcUHR6tBOZ7cJMWETQNZ3hhu0iTo13Hc7L/gcm x5Nws7AO3wcTYlIOYbaxMZXec367aRgkt6uZHgU+m7hExSBKaIfTtm/udldEFAnS8X+3 bVbA== X-Gm-Message-State: AOUpUlGzrEhSOiGTUFpQqlaWYV87q2OqdV6BQjFj1TNLwBbk4aO+6xfL +rfxc0UWdvvO95dbCysIiZRsa+ef1Zqug/In5WAbvnVn03ugg8gKgUgWVKKUpDVBXz08Y74DOdL Y31JXVKb1wE+2nwToddfnbAZ/jZIFUJ+MbbFqTqa/HSzV406nDG330fZsKxGOvSyO/g== X-Received: by 2002:a50:8a9b:: with SMTP id j27-v6mr22250953edj.36.1533637480577; Tue, 07 Aug 2018 03:24:40 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdt6SETBPjlxB4g4bd3clHrRTQs+kStWDgROJEK6Fxpt8iCLk5ydeVHvH0T/twmMI8i9xbN X-Received: by 2002:a50:8a9b:: with SMTP id j27-v6mr22250910edj.36.1533637479826; Tue, 07 Aug 2018 03:24:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533637479; cv=none; d=google.com; s=arc-20160816; b=WUJY+mntzEkDHKdouykz7Y9XB+QbQ7RVzKu0j3tUjax7Ka6hlBENrWpTS8wc851xgc pccqlF7fG4fB9mX4XI1ecQPNJgY0a9lqECyynwT89X4+NFG7EQJbPp65kEV4XbUjq/ok MI2e+tI3JZr+7FHok1991vPOeFxt1pYtxYOdwVEATFNApJOeauo4mv4U1KtYC5lgq/zT XH177L+sgwD7d8qmQazaLQLAl5EDwdTfOcFIXBuDvfKB0DMZfeX/2+Nb1cC2QzJyxuen jaIveSwjCmorsGGNc8prU+knGmvEiFWPYqq7L+Py8bQFeIUSHWIRxOxZSwA5hjhvSumM ucYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=CgXuHB8EAyChjzpchaoLpHvByk+29my3cusk73ts4gs=; b=YcICneMlbOGOOGlyDKRH92xUd6kFbRWNPSRLNr/4t5fI4HvmGtjxz1JTovAfXziLTp qQvz6funjwJ2/dHBHVfbZECjdaWnpEdbjzsQCWlHIq+v1mT+pu5jqkcdP88Q9dISXMNS AeaDyru/rtezVv8EtIbfhHSYGV90IYc4RJYamVH40TbORFhxKgmvsu77ScBYuvOWWDU4 2K7tDt1wRuQgxxXT/SBIFDPI/t7k2h8Ga91kS8GPZRt8elxuygtx1CRgGTzHZ4Cop8j/ CmfOH7rsKZiaokWw6teX204s+Ro83aca8susddO/lpDZbWv7h8S47S1qyA2pUl5aSHnn 5UcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b="VHlI/Dgv"; spf=pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: from theia.8bytes.org (8bytes.org. [81.169.241.247]) by mx.google.com with ESMTPS id e17-v6si1142776edd.409.2018.08.07.03.24.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Aug 2018 03:24:39 -0700 (PDT) Received-SPF: pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) client-ip=81.169.241.247; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b="VHlI/Dgv"; spf=pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: by theia.8bytes.org (Postfix, from userid 1000) id 3DE37104; Tue, 7 Aug 2018 12:24:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1533637473; bh=pP6jz/NH1jJ0hu79SobCkHNyMx40HjebERdE/5PdW6g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VHlI/DgvOQCLTd7lAb7YKFYn32xIdw+7LS20gUYhndOCcDGH6D5uFn/MIEloLZMYu Ebh1dAF2UkjGRBIvefLD+7+Ewie09E4anS30Vcvrtgj6t+SZ/4AmghbSVPPOFYcBsi xXK8iq6Qi/V30ICrkxlxHk327LF6UagNIwyAHogS0Qsb9Fp0/ub1zp9I0fLErUVo3W GMXDzgxM79cj3j8MIHM8beOVlBBxMpYJA4kGNl6uR1hliGGff5i9UaYwTabdbQq4um t6kgF8AIvQ1Us58vligIqp1nn0EBaFLlfSkQ8l7vQSplhnLZ63FYuMpb5mk9qraL0L Lz4s1gOqISh/A== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , "David H . Gutteridge" , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 1/3] x86/mm/pti: Fix 32 bit PCID check Date: Tue, 7 Aug 2018 12:24:29 +0200 Message-Id: <1533637471-30953-2-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1533637471-30953-1-git-send-email-joro@8bytes.org> References: <1533637471-30953-1-git-send-email-joro@8bytes.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Joerg Roedel The check uses the wrong operator and causes false positive warnings in the kernel log on some systems. Fixes: 5e8105950a8b3 ('x86/mm/pti: Add Warning when booting on a PCID capable CPU') Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index ef8db6f..113ba14 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -549,7 +549,7 @@ void __init pti_init(void) * supported on 32 bit anyway. To print the warning we need to * check with cpuid directly again. */ - if (cpuid_ecx(0x1) && BIT(17)) { + if (cpuid_ecx(0x1) & BIT(17)) { /* Use printk to work around pr_fmt() */ printk(KERN_WARNING "\n"); printk(KERN_WARNING "************************************************************\n"); From patchwork Tue Aug 7 10:24:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joerg Roedel X-Patchwork-Id: 10558491 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4DD3B14E2 for ; Tue, 7 Aug 2018 10:24:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 38E59287D1 for ; Tue, 7 Aug 2018 10:24:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2A379295FC; Tue, 7 Aug 2018 10:24:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B787F287D1 for ; Tue, 7 Aug 2018 10:24:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 893696B0005; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 86CD16B000D; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6DFBE6B000E; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by kanga.kvack.org (Postfix) with ESMTP id 11FFD6B0005 for ; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) Received: by mail-ed1-f72.google.com with SMTP id f8-v6so5227794eds.6 for ; Tue, 07 Aug 2018 03:24:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=wLQoCuaF7nZTHfLZjHSkGbSR0zX+AJkXtEJehuZZLS0=; b=hAkesIXN5de3ApS5RT7+0ky2JFhrHGyajRKvRx9pJ74PQXdFrpOIoB7aEsEAHErAHv 2WYe5D1Y+2JTtXzEcL6ZPlj51isuy3oRo2WqV6X3iTHV1W4ZpxzS34aXxu52Mh9FRzTv i+vr7mnZ9gR92h2FQKkNJov74EB4Vn8IBxuyIrqkKr2CZyNt82j+q0sYKEWKcucafcoE 7R3p35HcfRRJBuhhAZ8jwPwWrfxobKSHxs0wR06W81uQr53xSBjFXe1rNcYQLDghL6cF whj/v8S+AOI4PTMCeIUABSKSF5SVNhe4VE1MhPep5dCg/57xMjn6KRYfPYYYDC3pZevL SjDA== X-Gm-Message-State: AOUpUlHBXpMFF8GTMsNgGn5hm/+UbJ1e5AD7sXoXq0qvZZEB0l5o2qtI G6+IGhXCQD4RAUe7y3+1LL0i20D5wbO8pHTNDA3GnsqzfyMEKMMH+n6WlVxm6E72PjLGqh+8edk 1kvLkYTZqhaPto/9jaJkcHWJcYVvCjmfV+9B1fYbWq0Lg382rqTXL1vSIx2JT2aklog== X-Received: by 2002:a50:b613:: with SMTP id b19-v6mr22376405ede.255.1533637476564; Tue, 07 Aug 2018 03:24:36 -0700 (PDT) X-Google-Smtp-Source: AAOMgpckX5LeyC2Aekjx1w5fETl0tLZouevnDHWTWWLjE0H7SxsDlrujkXirzIWVgCgK1fvo7an5 X-Received: by 2002:a50:b613:: with SMTP id b19-v6mr22376336ede.255.1533637475458; Tue, 07 Aug 2018 03:24:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533637475; cv=none; d=google.com; s=arc-20160816; b=db02JON/LA3gFeTdmhG9qW33ZGvNxcTuQc8lxs7pfGeeTJYYlexBFQGiiX4aUDAqQp Vo3B+GWnnG0P22Osy5BLLKpMLl2eavrVvA1PULPYggoUn5VKhkfO/BsNPa4rU0mwalvY 9xyN88JL8d3EUlmWsQwbPXcdOW35z5naGm8wCWBYKs8FLPW62rysqPfY3OqHo4kjwZgF COVL7in4HXRSDspcZreEGr5/nn06aQnVOmshF76C71ClqFqk4uNgCZ/LP343zZOxxi1y mdGyDY1kpb9k+5o2NJt8zpWi8iDBdqBgwcF5S0Mu/6EaKbxieVhbtS5amPNjm3kNY2zY /tqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=wLQoCuaF7nZTHfLZjHSkGbSR0zX+AJkXtEJehuZZLS0=; b=Z70iF35dLDSWFQMy7FAF0aXuIqtF+e3neWU0RMf9HTVWM/nMsYu/VrNruDMONLQHWz O+tSmZMaWhQ29jZW2x9UIbwl0aoxpqcqBJFOzJ5+jcF36oXNwToWooNVOIf58lIp84fQ /PBz6VPlFT6Pt74OZ76J/U7eaOX2L/aYY1c7jQFtSLTavbKtfY/Anu+xoDAFpih8WPZk GR1O9jfpGWaGZ/tNRvDsIbT1SWgNoz+HqjB03udJ+VzHXpvDwVLN8knFRS3Zc789X7+x R/orD8MuitTDXtL4RzZ564z93CWEglIqEYhVjm82u4GVu158fZc/74RN4u8tzBNJ5Hc1 qLaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b=O36mKEnR; spf=pass (google.com: domain of joro@8bytes.org designates 2a01:238:4383:600:38bc:a715:4b6d:a889 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: from theia.8bytes.org (8bytes.org. [2a01:238:4383:600:38bc:a715:4b6d:a889]) by mx.google.com with ESMTPS id t18-v6si664794edf.80.2018.08.07.03.24.35 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Aug 2018 03:24:35 -0700 (PDT) Received-SPF: pass (google.com: domain of joro@8bytes.org designates 2a01:238:4383:600:38bc:a715:4b6d:a889 as permitted sender) client-ip=2a01:238:4383:600:38bc:a715:4b6d:a889; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b=O36mKEnR; spf=pass (google.com: domain of joro@8bytes.org designates 2a01:238:4383:600:38bc:a715:4b6d:a889 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: by theia.8bytes.org (Postfix, from userid 1000) id 997C32F5; Tue, 7 Aug 2018 12:24:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1533637473; bh=Hj+SU0Qi3gZNMXnmPL7TuoJ+PAqH5xoY7fEQcBwdn6M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O36mKEnRWyC79mRhCh+IPXmc77EAS47qmqWnud68YuK+bTATmtwKgih5zHkOixjf4 e9mVudDghe9YdMTU7R+8G2K+uP/n1rpu46WC2St5KwunHzxWiWDN1tCo8kuRBv4Mnd V0ibcAkf2cAjJMlVOSQUaHv/K4VV+UW6NKW4s8xi/BBE2S9cvfLiznD5wHXMw8q0l+ 3DdLOnQranBg0zwlJTGKzwLgZ78AtcLWCFz1OzgAm2CXNzhpmKihlOqLhzUOkNKpuZ oQri8X7dZhYpTP+MUQV1UU8vFehR9VsUb5dYI5mw66uWg2ShlJpZcGjBfaVrKgaITH blQRNyoL9YtmA== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , "David H . Gutteridge" , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 2/3] x86/mm/pti: Don't clear permissions in pti_clone_pmd() Date: Tue, 7 Aug 2018 12:24:30 +0200 Message-Id: <1533637471-30953-3-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1533637471-30953-1-git-send-email-joro@8bytes.org> References: <1533637471-30953-1-git-send-email-joro@8bytes.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Joerg Roedel The function sets the global-bit on cloned PMD entries, which only makes sense when the permissions are identical between the user and the kernel page-table. Further, only write-permissions are cleared for entry-text and kernel-text sections, which are not writeable anyway. Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 113ba14..5164c98 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -291,7 +291,7 @@ static void __init pti_setup_vsyscall(void) { } #endif static void -pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) +pti_clone_pmds(unsigned long start, unsigned long end) { unsigned long addr; @@ -352,7 +352,7 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) * tables will share the last-level page tables of this * address range */ - *target_pmd = pmd_clear_flags(*pmd, clear); + *target_pmd = *pmd; } } @@ -398,7 +398,7 @@ static void __init pti_clone_user_shared(void) start = CPU_ENTRY_AREA_BASE; end = start + (PAGE_SIZE * CPU_ENTRY_AREA_PAGES); - pti_clone_pmds(start, end, 0); + pti_clone_pmds(start, end); } #endif /* CONFIG_X86_64 */ @@ -418,8 +418,7 @@ static void __init pti_setup_espfix64(void) static void pti_clone_entry_text(void) { pti_clone_pmds((unsigned long) __entry_text_start, - (unsigned long) __irqentry_text_end, - _PAGE_RW); + (unsigned long) __irqentry_text_end); } /* @@ -501,7 +500,7 @@ static void pti_clone_kernel_text(void) * pti_set_kernel_image_nonglobal() did to clear the * global bit. */ - pti_clone_pmds(start, end_clone, _PAGE_RW); + pti_clone_pmds(start, end_clone); /* * pti_clone_pmds() will set the global bit in any PMDs From patchwork Tue Aug 7 10:24:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joerg Roedel X-Patchwork-Id: 10558493 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2D6B314E2 for ; Tue, 7 Aug 2018 10:24:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18E862876D for ; Tue, 7 Aug 2018 10:24:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0CF81295FC; Tue, 7 Aug 2018 10:24:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5A69C2876D for ; Tue, 7 Aug 2018 10:24:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DEC926B000C; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D219C6B000D; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE8296B000E; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by kanga.kvack.org (Postfix) with ESMTP id 5AD616B000C for ; Tue, 7 Aug 2018 06:24:37 -0400 (EDT) Received: by mail-ed1-f71.google.com with SMTP id i24-v6so5215933edq.16 for ; Tue, 07 Aug 2018 03:24:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references; bh=YS+GBQdU5JJOJDYsLMSyeVGhVWQEHkSmLOshkg+Lk1o=; b=QNoEg3Az7ZyUCV9LJPFFBS7+j8Vly9oSSonjEZ7b6Y7Cucl/3STm55XQ2u5+uhfl7W Meke67BSzx+OeUl3l2CnIroa+2CCXiAyKaIWfpia2bdbSK7Vg1BBDP9eqhTadWE0T3gx LDa0h22eQ2xiZwHpwvX8HAkLKlxIlO6Qn5Ylw5DFfUv5AwiiAXWaIDqtwwdU0/2x08Mo FZVZ2VTkmvTAzrMRagi7cTxx1oCqwFivXlQgOSoOsOxRauvpbhYa9XH2TnQfgMRxM9Tv 7ZxEeMqiZEW9+R56woTfGPqAjbeem1ljTt/VIlw6BGO3t+kHz6Wck5CL4/NODGK7w2Tp Ep3Q== X-Gm-Message-State: AOUpUlFkSRooHVlnnJEd/IJvF0Lb6r+6yNEKJcbxZBWKaY5X2XDAD/J+ kfZnEDni0bAhNkzzyPEWELroEzjIvJR6HyEeT7Jvs9suER9u2AJdt6iflBM9M/rvfpCbPH2Hymc 7mljTSFcuYCSoBzj6xhdqJx5rcKgjun5N09OCbEOw5/ZtbREFxazKhaVtZyfLJUHI8A== X-Received: by 2002:a50:f145:: with SMTP id z5-v6mr23066379edl.0.1533637476825; Tue, 07 Aug 2018 03:24:36 -0700 (PDT) X-Google-Smtp-Source: AAOMgpd9WhJKych7sgjz4oTmdiOGLW07AlqYCT1xsDYpsU63QGNhyZ00F06W5n5O6oeoz22BFeNW X-Received: by 2002:a50:f145:: with SMTP id z5-v6mr23066323edl.0.1533637475980; Tue, 07 Aug 2018 03:24:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533637475; cv=none; d=google.com; s=arc-20160816; b=Qtq3sh5LxCgDvIHziKFkqSeQrFMg1DJ0wpC6GDHiT0hwt1eP10QDClK8fxp19qGwMp gZYLR8XiGnpasZrHHNgF1bRU3gJPWYpWy/U0vpt8hCdzhR5wpibVyzh/BoydmXr9T+Lm VkDdHBRiQqPzOEQohcCH+qhJRUPF035yr6/gJCzzbvJaGmNRpCV8jNe9rL6AsrB8LJnt H09pvKsjLQBiZollvFo1FIroI9uVBYkt/rjKrgN2uWXZR0ETsTzerwSGhE/VZxp8RgkG ID9L7/tqpAMKDvpjeVep6EcEajPZ72nIxb/8Pw3hHQkpV0tTYMqYq6z6nH29CsMTztik ENFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=YS+GBQdU5JJOJDYsLMSyeVGhVWQEHkSmLOshkg+Lk1o=; b=ORUx5raXuwlQvjRTwZeZ02iW9Fafvw5wdAP1TLgBY3Ssvn2mni31JrxWJ+zSd6Kbct yiQyBgBlk/wdC9MFvdHrA6dTO+HhMjWsgd9m3wn1YZG/sDnlomhkbIqW3xckzVmQFD8Q vPBFKxXaS+g+jIOM8iTyjsTuGm0XKtSjg69tcFJ1ty6s4x7dI9agTUBWsaKV5xxp9r+j YQEdsB8e8uMkEhzHSitV/3JHFylq9oIeUNj/LFJY3eZK90CiHYfi9bagZ+WU2yqT2oNA cMW6hQOOEty9c6VhwC/9D/CTjbo0mPB7u7vDesgGb+ah4vgAcqmJQA9JELex/eD2ftgh nI+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b=YSEYQnF1; spf=pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: from theia.8bytes.org (8bytes.org. [81.169.241.247]) by mx.google.com with ESMTPS id i2-v6si578507edt.286.2018.08.07.03.24.35 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Aug 2018 03:24:35 -0700 (PDT) Received-SPF: pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) client-ip=81.169.241.247; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@8bytes.org header.s=mail-1 header.b=YSEYQnF1; spf=pass (google.com: domain of joro@8bytes.org designates 81.169.241.247 as permitted sender) smtp.mailfrom=joro@8bytes.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: by theia.8bytes.org (Postfix, from userid 1000) id C6F4F301; Tue, 7 Aug 2018 12:24:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1533637473; bh=yH8pfODF7JiPfNr3+5cXoh3BC/3nmtRH4rF1Of9Df6I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YSEYQnF1NEY3V04R9RQEy3euU+xgfCZJGx8eGq+F/UDYU82g2DAbNojf/CZxCz+jc 4IPBLIIYB33fWa14hJ2WhR87I2vpCsWIiP+oGaxOYiXMh0n7DtgnYMMY/usEtchbZu Rg+9YDxY/m/jIzkNYIFqrl82RY72tuwRGNBywKFlRR1fEq6WUfccfffXR8mfMgteGT KVO3OLq7caJSxVeBMOTV8nf9PUW9iQLEL7Y42CYxWJfigMdJzyG1tj2jeL7zooluqF pbq6yPq0qrHDnRBB0Exdxe4jy+Qo4+rL4ttio3EOXfQ0Km0cDSi02t3Dm3oNF07+dL JNNUvIh+lu9MA== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , "David H . Gutteridge" , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 3/3] x86/mm/pti: Clone kernel-image on PTE level for 32 bit Date: Tue, 7 Aug 2018 12:24:31 +0200 Message-Id: <1533637471-30953-4-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1533637471-30953-1-git-send-email-joro@8bytes.org> References: <1533637471-30953-1-git-send-email-joro@8bytes.org> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Joerg Roedel On 32 bit the kernel sections are not huge-page aligned. When we clone them on PMD-level we unevitably map some areas that are normal kernel memory and may contain secrets to user-space. To prevent that we need to clone the kernel-image on PTE-level for 32 bit. Also make the page-table cloning clode more general so that it can handle PMD and PTE level cloning. This can be generalized further in the future to also handle clones on the P4D-level. Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 140 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 99 insertions(+), 41 deletions(-) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 5164c98..1dc5c68 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -54,6 +54,16 @@ #define __GFP_NOTRACK 0 #endif +/* + * Define the page-table levels we clone for user-space on 32 + * and 64 bit. + */ +#ifdef CONFIG_X86_64 +#define PTI_LEVEL_KERNEL_IMAGE PTI_CLONE_PMD +#else +#define PTI_LEVEL_KERNEL_IMAGE PTI_CLONE_PTE +#endif + static void __init pti_print_if_insecure(const char *reason) { if (boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) @@ -228,7 +238,6 @@ static pmd_t *pti_user_pagetable_walk_pmd(unsigned long address) return pmd_offset(pud, address); } -#ifdef CONFIG_X86_VSYSCALL_EMULATION /* * Walk the shadow copy of the page tables (optionally) trying to allocate * page table pages on the way down. Does not support large pages. @@ -270,6 +279,7 @@ static __init pte_t *pti_user_pagetable_walk_pte(unsigned long address) return pte; } +#ifdef CONFIG_X86_VSYSCALL_EMULATION static void __init pti_setup_vsyscall(void) { pte_t *pte, *target_pte; @@ -290,8 +300,14 @@ static void __init pti_setup_vsyscall(void) static void __init pti_setup_vsyscall(void) { } #endif +enum pti_clone_level { + PTI_CLONE_PMD, + PTI_CLONE_PTE, +}; + static void -pti_clone_pmds(unsigned long start, unsigned long end) +pti_clone_pgtable(unsigned long start, unsigned long end, + enum pti_clone_level level) { unsigned long addr; @@ -299,7 +315,8 @@ pti_clone_pmds(unsigned long start, unsigned long end) * Clone the populated PMDs which cover start to end. These PMD areas * can have holes. */ - for (addr = start; addr < end; addr += PMD_SIZE) { + for (addr = start; addr < end;) { + pte_t *pte, *target_pte; pmd_t *pmd, *target_pmd; pgd_t *pgd; p4d_t *p4d; @@ -315,44 +332,84 @@ pti_clone_pmds(unsigned long start, unsigned long end) p4d = p4d_offset(pgd, addr); if (WARN_ON(p4d_none(*p4d))) return; + pud = pud_offset(p4d, addr); - if (pud_none(*pud)) + if (pud_none(*pud)) { + addr += PUD_SIZE; continue; + } + pmd = pmd_offset(pud, addr); - if (pmd_none(*pmd)) + if (pmd_none(*pmd)) { + addr += PMD_SIZE; continue; + } - target_pmd = pti_user_pagetable_walk_pmd(addr); - if (WARN_ON(!target_pmd)) - return; - - /* - * Only clone present PMDs. This ensures only setting - * _PAGE_GLOBAL on present PMDs. This should only be - * called on well-known addresses anyway, so a non- - * present PMD would be a surprise. - */ - if (WARN_ON(!(pmd_flags(*pmd) & _PAGE_PRESENT))) - return; - - /* - * Setting 'target_pmd' below creates a mapping in both - * the user and kernel page tables. It is effectively - * global, so set it as global in both copies. Note: - * the X86_FEATURE_PGE check is not _required_ because - * the CPU ignores _PAGE_GLOBAL when PGE is not - * supported. The check keeps consistentency with - * code that only set this bit when supported. - */ - if (boot_cpu_has(X86_FEATURE_PGE)) - *pmd = pmd_set_flags(*pmd, _PAGE_GLOBAL); - - /* - * Copy the PMD. That is, the kernelmode and usermode - * tables will share the last-level page tables of this - * address range - */ - *target_pmd = *pmd; + if (pmd_large(*pmd) || level == PTI_CLONE_PMD) { + target_pmd = pti_user_pagetable_walk_pmd(addr); + if (WARN_ON(!target_pmd)) + return; + + /* + * Only clone present PMDs. This ensures only setting + * _PAGE_GLOBAL on present PMDs. This should only be + * called on well-known addresses anyway, so a non- + * present PMD would be a surprise. + */ + if (WARN_ON(!(pmd_flags(*pmd) & _PAGE_PRESENT))) + return; + + /* + * Setting 'target_pmd' below creates a mapping in both + * the user and kernel page tables. It is effectively + * global, so set it as global in both copies. Note: + * the X86_FEATURE_PGE check is not _required_ because + * the CPU ignores _PAGE_GLOBAL when PGE is not + * supported. The check keeps consistentency with + * code that only set this bit when supported. + */ + if (boot_cpu_has(X86_FEATURE_PGE)) + *pmd = pmd_set_flags(*pmd, _PAGE_GLOBAL); + + /* + * Copy the PMD. That is, the kernelmode and usermode + * tables will share the last-level page tables of this + * address range + */ + *target_pmd = *pmd; + + addr += PMD_SIZE; + + } else if (level == PTI_CLONE_PTE) { + + /* Walk the page-table down to the pte level */ + pte = pte_offset_kernel(pmd, addr); + if (pte_none(*pte)) { + addr += PAGE_SIZE; + continue; + } + + /* Only clone present PTEs */ + if (WARN_ON(!(pte_flags(*pte) & _PAGE_PRESENT))) + return; + + /* Allocate PTE in the user page-table */ + target_pte = pti_user_pagetable_walk_pte(addr); + if (WARN_ON(!target_pte)) + return; + + /* Set GLOBAL bit in both PTEs */ + if (boot_cpu_has(X86_FEATURE_PGE)) + *pte = pte_set_flags(*pte, _PAGE_GLOBAL); + + /* Clone the PTE */ + *target_pte = *pte; + + addr += PAGE_SIZE; + + } else { + BUG(); + } } } @@ -398,7 +455,7 @@ static void __init pti_clone_user_shared(void) start = CPU_ENTRY_AREA_BASE; end = start + (PAGE_SIZE * CPU_ENTRY_AREA_PAGES); - pti_clone_pmds(start, end); + pti_clone_pgtable(start, end, PTI_CLONE_PMD); } #endif /* CONFIG_X86_64 */ @@ -417,8 +474,9 @@ static void __init pti_setup_espfix64(void) */ static void pti_clone_entry_text(void) { - pti_clone_pmds((unsigned long) __entry_text_start, - (unsigned long) __irqentry_text_end); + pti_clone_pgtable((unsigned long) __entry_text_start, + (unsigned long) __irqentry_text_end, + PTI_CLONE_PMD); } /* @@ -500,10 +558,10 @@ static void pti_clone_kernel_text(void) * pti_set_kernel_image_nonglobal() did to clear the * global bit. */ - pti_clone_pmds(start, end_clone); + pti_clone_pgtable(start, end_clone, PTI_LEVEL_KERNEL_IMAGE); /* - * pti_clone_pmds() will set the global bit in any PMDs + * pti_clone_pgtable() will set the global bit in any PMDs * that it clones, but we also need to get any PTEs in * the last level for areas that are not huge-page-aligned. */