From patchwork Tue Apr 26 20:24:44 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kamal Mostafa <kamal@canonical.com>
X-Patchwork-Id: 8944961
Return-Path: <xen-devel-bounces@lists.xen.org>
X-Original-To: patchwork-xen-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id E051BBF29F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 20:29:22 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id D6C1F2010F
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 20:29:16 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 89AE9200D6
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 26 Apr 2016 20:29:15 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1av9Zd-0004En-2e; Tue, 26 Apr 2016 20:27:09 +0000
Received: from mail6.bemta6.messagelabs.com ([85.158.143.247])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <kamal@canonical.com>) id 1av9Zc-0004Ef-5z
	for xen-devel@lists.xenproject.org; Tue, 26 Apr 2016 20:27:08 +0000
Received: from [85.158.143.35] by server-2.bemta-6.messagelabs.com id
	69/69-09532-B1FCF175; Tue, 26 Apr 2016 20:27:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrILMWRWlGSWpSXmKPExsUSvTeyQFfqvHy
	4wYIDZhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0bjOdaC76IVF5b3szQwrhHuYuTkEBL4wSjx
	oyG2i5ELyJ7EKHFgwzsmkASbgKbE630bGEFsEYEIiaatU9lBipgF9rJKbF74lQ0kISzgK3GrZ
	ScriM0ioCrx7eUhdhCbV8BZ4svctWBxCQE5iZvnOplBbE6g+KlZc9ghNjtJXN3ezg5RIy4xre
	ES0wRGngWMDKsY1YtTi8pSi3SN9JKKMtMzSnITM3N0DQ3M9HJTi4sT01NzEpOK9ZLzczcxAr3
	OAAQ7GJf9dTrEKMnBpCTKG7tOPlyILyk/pTIjsTgjvqg0J7X4EKMMB4eSBK/xOaCcYFFqempF
	WmYOMPxg0hIcPEoivCfPAqV5iwsSc4sz0yFSpxgVpcR5H4IkBEASGaV5cG2wkL/EKCslzMsId
	IgQT0FqUW5mCar8K0ZxDkYlYV4PkO08mXklcNNfAS1mAlp8+ZAsyOKSRISUVANj+6vwJ6dmGW
	49+dNcL/dPqYFs+0xm09uK+3+8+s3Cclrxg/6B7yuWvs32jls96b6EM0P2mYSTMz7Plji0fNl
	5McPVtZnVXzIcWw/9kPhqOC+SNYNfIflzOvcC3o6HB2qMusvdGq2ElL5V35eyatYNFmHXDNRc
	LXtp67l5S7e/DQq5dqaBtUdaiaU4I9FQi7moOBEAPB+RD3QCAAA=
X-Env-Sender: kamal@canonical.com
X-Msg-Ref: server-13.tower-21.messagelabs.com!1461702426!11519742!1
X-Originating-IP: [91.189.89.112]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.34; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 50638 invoked from network); 26 Apr 2016 20:27:06 -0000
Received: from youngberry.canonical.com (HELO youngberry.canonical.com)
	(91.189.89.112)
	by server-13.tower-21.messagelabs.com with AES256-SHA encrypted SMTP;
	26 Apr 2016 20:27:06 -0000
Received: from 1.general.kamal.us.vpn ([10.172.68.52] helo=fourier)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <kamal@canonical.com>)
	id 1av9Ya-0002DR-PH; Tue, 26 Apr 2016 20:26:05 +0000
Received: from kamal by fourier with local (Exim 4.86_2)
	(envelope-from <kamal@whence.com>)
	id 1av9YY-00027s-2w; Tue, 26 Apr 2016 13:26:02 -0700
From: Kamal Mostafa <kamal@canonical.com>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
	kernel-team@lists.ubuntu.com
Date: Tue, 26 Apr 2016 13:24:44 -0700
Message-Id: <1461702297-7792-54-git-send-email-kamal@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1461702297-7792-1-git-send-email-kamal@canonical.com>
References: <1461702297-7792-1-git-send-email-kamal@canonical.com>
X-Extended-Stable: 3.19
Cc: Juergen Gross <JGross@suse.com>, Denys Vlasenko <dvlasenk@redhat.com>,
	xen-devel <xen-devel@lists.xenproject.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Peter Zijlstra <peterz@infradead.org>, Brian Gerst <brgerst@gmail.com>,
	"Luis R . Rodriguez" <mcgrof@suse.com>,
	Ingo Molnar <mingo@kernel.org>, Kamal Mostafa <kamal@canonical.com>,
	Andy Lutomirski <luto@amacapital.net>, Borislav Petkov <bp@alien8.de>,
	David Vrabel <david.vrabel@citrix.com>, Jan Beulich <jbeulich@suse.com>,
	"H . Peter Anvin" <hpa@zytor.com>, Toshi Kani <toshi.kani@hp.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: [Xen-devel] [PATCH 3.19.y-ckt 53/66] x86/mm/xen: Suppress hugetlbfs
	in PV guests
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, UNPARSEABLE_RELAY
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

3.19.8-ckt20 -stable review patch.  If anyone has any objections, please let me know.

---8<------------------------------------------------------------

From: Jan Beulich <JBeulich@suse.com>

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Juergen Gross <JGross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 arch/x86/include/asm/hugetlb.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h
index 68c0539..7aadd3c 100644
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,