From patchwork Tue Apr 26 18:17:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kamal Mostafa <kamal@canonical.com>
X-Patchwork-Id: 8942511
Return-Path: <xen-devel-bounces@lists.xen.org>
X-Original-To: patchwork-xen-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 37623BF29F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 18:23:16 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 86FA52013A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 18:23:10 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id E70AA20103
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 18:23:05 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1av7bI-0001mj-13; Tue, 26 Apr 2016 18:20:44 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <kamal@canonical.com>) id 1av7bG-0001md-78
	for xen-devel@lists.xenproject.org; Tue, 26 Apr 2016 18:20:42 +0000
Received: from [85.158.139.211] by server-13.bemta-5.messagelabs.com id
	A9/58-28710-971BF175; Tue, 26 Apr 2016 18:20:41 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrMLMWRWlGSWpSXmKPExsUSvTeyQLdio3y
	4wfl7Whbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8b0TbeYCr6KVvSv0mxgXCXcxcjFISTwg1Hi
	7uE7LBDOJEaJ0x9+AzmcHGwCmhKv921gBLFFBCIkmrZOZQcpYhbYyyqxeeFXNpCEsICPROviq
	WBFLAKqEjennAFr5hVwkTjyvgcsLiEgJ3HzXCcziM0JFP99fSWYLSTgLPHyz102iBoxiaXrXj
	FPYORZwMiwilGjOLWoLLVI19BAL6koMz2jJDcxMwfIM9XLTS0uTkxPzUlMKtZLzs/dxAj0PAM
	Q7GBcM9X5EKMkB5OSKG/sOvlwIb6k/JTKjMTijPii0pzU4kOMMhwcShK8ohuAcoJFqempFWmZ
	OcAQhElLcPAoifBuWQ+U5i0uSMwtzkyHSJ1iVJQS5xUB6RMASWSU5sG1wcL+EqOslDAvI9AhQ
	jwFqUW5mSWo8q8YxTkYlYR5rUCm8GTmlcBNfwW0mAlo8eVDsiCLSxIRUlINjI0hrVyG3cdULd
	7MZDv3eVN/2TPGu6GzhfL0ZlawlH8yvHhktzVD9NK/Peu/buXaUTXvCWfn957TaZrL54S9W6d
	ZsHjH6/xnHV6cKYVJdQt+St2fs/e8mFfRgwm9a+tklohsbAhc9dfcQO3Bf5a76seSmHuW5KQ4
	cJ2/yrhsw+dF1zfFnLjSfU6JpTgj0VCLuag4EQDMwng/dgIAAA==
X-Env-Sender: kamal@canonical.com
X-Msg-Ref: server-10.tower-206.messagelabs.com!1461694840!19358745!1
X-Originating-IP: [91.189.89.112]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.34; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 48766 invoked from network); 26 Apr 2016 18:20:40 -0000
Received: from youngberry.canonical.com (HELO youngberry.canonical.com)
	(91.189.89.112)
	by server-10.tower-206.messagelabs.com with AES256-SHA encrypted SMTP;
	26 Apr 2016 18:20:40 -0000
Received: from 1.general.kamal.us.vpn ([10.172.68.52] helo=fourier)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kamal@canonical.com>)
	id 1av7Zp-0001Gk-M3; Tue, 26 Apr 2016 18:19:14 +0000
Received: from kamal by fourier with local (Exim 4.86_2)
	(envelope-from <kamal@whence.com>)
	id 1av7Zm-0007om-Uo; Tue, 26 Apr 2016 11:19:10 -0700
From: Kamal Mostafa <kamal@canonical.com>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	kernel-team@lists.ubuntu.com
Date: Tue, 26 Apr 2016 11:17:17 -0700
Message-Id: <1461694653-29506-78-git-send-email-kamal@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1461694653-29506-1-git-send-email-kamal@canonical.com>
References: <1461694653-29506-1-git-send-email-kamal@canonical.com>
X-Extended-Stable: 4.2
Cc: Juergen Gross <JGross@suse.com>, Denys Vlasenko <dvlasenk@redhat.com>,
	xen-devel <xen-devel@lists.xenproject.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Peter Zijlstra <peterz@infradead.org>, Brian Gerst <brgerst@gmail.com>,
	"Luis R . Rodriguez" <mcgrof@suse.com>,
	Ingo Molnar <mingo@kernel.org>, Kamal Mostafa <kamal@canonical.com>,
	Andy Lutomirski <luto@amacapital.net>, Borislav Petkov <bp@alien8.de>,
	David Vrabel <david.vrabel@citrix.com>, Jan Beulich <jbeulich@suse.com>,
	"H . Peter Anvin" <hpa@zytor.com>, Toshi Kani <toshi.kani@hp.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: [Xen-devel] [PATCH 4.2.y-ckt 77/93] x86/mm/xen: Suppress hugetlbfs
	in PV guests
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, UNPARSEABLE_RELAY
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

4.2.8-ckt9 -stable review patch.  If anyone has any objections, please let me know.

---8<------------------------------------------------------------

From: Jan Beulich <JBeulich@suse.com>

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <JGross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 arch/x86/include/asm/hugetlb.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h
index f8a29d2..e6a8613 100644
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,