From patchwork Mon Nov 26 10:51:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 10697975 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 46CBE13BB for ; Mon, 26 Nov 2018 11:05:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3503329757 for ; Mon, 26 Nov 2018 11:05:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 280D529820; Mon, 26 Nov 2018 11:05:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 39AAA297E3 for ; Mon, 26 Nov 2018 11:05:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 32CDE6B41D3; Mon, 26 Nov 2018 06:05:24 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 2DB946B41D4; Mon, 26 Nov 2018 06:05:24 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 17CA96B41D5; Mon, 26 Nov 2018 06:05:24 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id C76A06B41D3 for ; Mon, 26 Nov 2018 06:05:23 -0500 (EST) Received: by mail-pf1-f200.google.com with SMTP id h86-v6so11133857pfd.2 for ; Mon, 26 Nov 2018 03:05:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=Yf6T7i31koyUzRgcNsi/y4Ywu8I6DjKGtQfO4KuWuAI=; b=TQTiEWXr1qs+YPwq7wx6Wzp8aretszNWRaH7pv4H5o/B7IAvGjhzNqqd2edjFYpx6W mclvMzjFyf/lndZIACCV9pQwyenG8Hkvn1iOZ7DOf5Yv/LwqUQB9GQaY6UY9jaX7RDdJ jiKWeOP3+yyyhX9um3uNuA9Rq5wv8Diuyl7m8Qct8r0rwtdSVJdqQuQLYALYNMOP1+12 cq2acn+U6UeSWZawa8xtb5n/3Cc0rXd49n1SfzR9lLdB6oTJXk0s1VdXgVBFa2qXnetl viQPTBNfGLDOMnwCrTkOBhEMrmf8gTODUiz8OoYs3GOIgVKTBg+wWRSPb9lI87sRGpxS 8Fgw== X-Gm-Message-State: AA+aEWavjAt2cZV/PIWdG+i9iAzSntNnpvXdR/m/AJx/rWfgCLa9mGmF LmsLuPxnEvpfxDpiMredW/3EDZ3aDuO4QfnJxWCmG8aztnjMyOn5FoApEtRlIgLfvXp9h70kZkp wWrBXudU3VLq1ojRM7qj0BJ/B7E/R2cuFE7Dod9ONlrOUvq2XqQvnSgkXl+Q/B7A= X-Received: by 2002:a17:902:d01:: with SMTP id 1mr27539802plu.127.1543230323410; Mon, 26 Nov 2018 03:05:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/VKe5ZirmZT7wISFSzh2KsX0Rva7Y14W6Ghhd3AC5RTjuvIOcfmwFCPUA8G0HPKi9bixp7y X-Received: by 2002:a17:902:d01:: with SMTP id 1mr27539699plu.127.1543230322297; Mon, 26 Nov 2018 03:05:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543230322; cv=none; d=google.com; s=arc-20160816; b=bSrvMixG66vnGLB5ItH9JLpxqOg14A+iXxwa65JgjMuzyug77vPOl0WfngWFoa0Edb hY6VSLXUmeNjqHVgZO7Gw+drPPECnIzFMJb2o0LXoB1zvaPdpl/zFGb1dsYKYdYFM5Lk aEZDpD4ciBEr9b2Ajx9KGJmxsWDSPLKzCET+GffuwqYf0/aosTmPGftfIByqgAwiF1Pk Ug3kwn/ZQ9SbbIczCVhhjY5oEMytCZq9iVP1Q/8siTvUe8qpEEN0yMglCvRRnGmUQCTq 7pF4e9chSv8rQLEG82C55vJCrx4c8TeRzYcB7Bz1f60QlSjAwd2oIYPmtSNHtJ1mcKxV R57A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Yf6T7i31koyUzRgcNsi/y4Ywu8I6DjKGtQfO4KuWuAI=; b=b+ubKuCtgRVBeTL80rlKugbOfnpig/Q4TwVFRXIZIOqHblHIrpKOK3j2ssBxm2MBuZ jR8ZQSwIxrK6OX8xhtxDl5as+lkQc7sjeyj48rngE98qPVlEHM7k37/Rr0yCgYFrB2qf DgUUvlnhdJJSLMJ2RInSwaKIf3LH8fOdX6/VRuo2WvxykqXDhA4IFw4sfkkv/OkUTmCE WUzUEQTFY4f1BaB7vneA3z3Jj2n32PB5pGjWKt/zLncLC6S2J7F9biOBxKEfGucHG9G+ jlHBp/qLFgwil07sJpEnC92bgc7lkP89KT3C2t09jcnn64du8Ysyy8HjvSTPlGHmOoBB rpdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SsQ4HjAv; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from mail.kernel.org (mail.kernel.org. [198.145.29.99]) by mx.google.com with ESMTPS id e9si50886969plt.330.2018.11.26.03.05.22 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Nov 2018 03:05:22 -0800 (PST) Received-SPF: pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) client-ip=198.145.29.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SsQ4HjAv; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4E9C320989; Mon, 26 Nov 2018 11:05:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543230321; bh=xo8DVLNL1MDifjmNe+9laNtRvnosxSNaa0yrEcyrUGA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SsQ4HjAvIxilLNDeFE7pehtGRmt8uLiJ4NEouq/WGTzNlbI+1sVK6nFWyKzeYoU4i hWhrXFEIPAgRhQcaNXaIo1z62s+oh0wogFKzbwN0G85rMRC9p8VqN5c9vRwZr4P6TN 6SRzZgrZxSKuqJaZ0vz5v5I/EOtlkF7aWsA/GR68= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Kirill A. Shutemov" , Thomas Gleixner , Andy Lutomirski , bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, peterz@infradead.org, boris.ostrovsky@oracle.com, jgross@suse.com, bhe@redhat.com, willy@infradead.org, linux-mm@kvack.org, Sasha Levin Subject: [PATCH 4.19 092/118] x86/mm: Move LDT remap out of KASLR region on 5-level paging Date: Mon, 26 Nov 2018 11:51:26 +0100 Message-Id: <20181126105105.393471598@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181126105059.832485122@linuxfoundation.org> References: <20181126105059.832485122@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ commit d52888aa2753e3063a9d3a0c9f72f94aa9809c15 upstream On 5-level paging the LDT remap area is placed in the middle of the KASLR randomization region and it can overlap with the direct mapping, the vmalloc or the vmap area. The LDT mapping is per mm, so it cannot be moved into the P4D page table next to the CPU_ENTRY_AREA without complicating PGD table allocation for 5-level paging. The 4 PGD slot gap just before the direct mapping is reserved for hypervisors, so it cannot be used. Move the direct mapping one slot deeper and use the resulting gap for the LDT remap area. The resulting layout is the same for 4 and 5 level paging. [ tglx: Massaged changelog ] Fixes: f55f0501cbf6 ("x86/pti: Put the LDT in its own PGD if PTI is on") Signed-off-by: Kirill A. Shutemov Signed-off-by: Thomas Gleixner Reviewed-by: Andy Lutomirski Cc: bp@alien8.de Cc: hpa@zytor.com Cc: dave.hansen@linux.intel.com Cc: peterz@infradead.org Cc: boris.ostrovsky@oracle.com Cc: jgross@suse.com Cc: bhe@redhat.com Cc: willy@infradead.org Cc: linux-mm@kvack.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181026122856.66224-2-kirill.shutemov@linux.intel.com Signed-off-by: Sasha Levin --- Documentation/x86/x86_64/mm.txt | 10 ++++++---- arch/x86/include/asm/page_64_types.h | 12 +++++++----- arch/x86/include/asm/pgtable_64_types.h | 4 +--- arch/x86/xen/mmu_pv.c | 6 +++--- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt index 5432a96d31ff..05ef53d83a41 100644 --- a/Documentation/x86/x86_64/mm.txt +++ b/Documentation/x86/x86_64/mm.txt @@ -4,8 +4,9 @@ Virtual memory map with 4 level page tables: 0000000000000000 - 00007fffffffffff (=47 bits) user space, different per mm hole caused by [47:63] sign extension ffff800000000000 - ffff87ffffffffff (=43 bits) guard hole, reserved for hypervisor -ffff880000000000 - ffffc7ffffffffff (=64 TB) direct mapping of all phys. memory -ffffc80000000000 - ffffc8ffffffffff (=40 bits) hole +ffff880000000000 - ffff887fffffffff (=39 bits) LDT remap for PTI +ffff888000000000 - ffffc87fffffffff (=64 TB) direct mapping of all phys. memory +ffffc88000000000 - ffffc8ffffffffff (=39 bits) hole ffffc90000000000 - ffffe8ffffffffff (=45 bits) vmalloc/ioremap space ffffe90000000000 - ffffe9ffffffffff (=40 bits) hole ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) @@ -30,8 +31,9 @@ Virtual memory map with 5 level page tables: 0000000000000000 - 00ffffffffffffff (=56 bits) user space, different per mm hole caused by [56:63] sign extension ff00000000000000 - ff0fffffffffffff (=52 bits) guard hole, reserved for hypervisor -ff10000000000000 - ff8fffffffffffff (=55 bits) direct mapping of all phys. memory -ff90000000000000 - ff9fffffffffffff (=52 bits) LDT remap for PTI +ff10000000000000 - ff10ffffffffffff (=48 bits) LDT remap for PTI +ff11000000000000 - ff90ffffffffffff (=55 bits) direct mapping of all phys. memory +ff91000000000000 - ff9fffffffffffff (=3840 TB) hole ffa0000000000000 - ffd1ffffffffffff (=54 bits) vmalloc/ioremap space (12800 TB) ffd2000000000000 - ffd3ffffffffffff (=49 bits) hole ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB) diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h index 6afac386a434..b99d497e342d 100644 --- a/arch/x86/include/asm/page_64_types.h +++ b/arch/x86/include/asm/page_64_types.h @@ -33,12 +33,14 @@ /* * Set __PAGE_OFFSET to the most negative possible address + - * PGDIR_SIZE*16 (pgd slot 272). The gap is to allow a space for a - * hypervisor to fit. Choosing 16 slots here is arbitrary, but it's - * what Xen requires. + * PGDIR_SIZE*17 (pgd slot 273). + * + * The gap is to allow a space for LDT remap for PTI (1 pgd slot) and space for + * a hypervisor (16 slots). Choosing 16 slots for a hypervisor is arbitrary, + * but it's what Xen requires. */ -#define __PAGE_OFFSET_BASE_L5 _AC(0xff10000000000000, UL) -#define __PAGE_OFFSET_BASE_L4 _AC(0xffff880000000000, UL) +#define __PAGE_OFFSET_BASE_L5 _AC(0xff11000000000000, UL) +#define __PAGE_OFFSET_BASE_L4 _AC(0xffff888000000000, UL) #ifdef CONFIG_DYNAMIC_MEMORY_LAYOUT #define __PAGE_OFFSET page_offset_base diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 04edd2d58211..84bd9bdc1987 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -111,9 +111,7 @@ extern unsigned int ptrs_per_p4d; */ #define MAXMEM (1UL << MAX_PHYSMEM_BITS) -#define LDT_PGD_ENTRY_L4 -3UL -#define LDT_PGD_ENTRY_L5 -112UL -#define LDT_PGD_ENTRY (pgtable_l5_enabled() ? LDT_PGD_ENTRY_L5 : LDT_PGD_ENTRY_L4) +#define LDT_PGD_ENTRY -240UL #define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) #define LDT_END_ADDR (LDT_BASE_ADDR + PGDIR_SIZE) diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c index dd461c0167ef..2c84c6ad8b50 100644 --- a/arch/x86/xen/mmu_pv.c +++ b/arch/x86/xen/mmu_pv.c @@ -1897,7 +1897,7 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) init_top_pgt[0] = __pgd(0); /* Pre-constructed entries are in pfn, so convert to mfn */ - /* L4[272] -> level3_ident_pgt */ + /* L4[273] -> level3_ident_pgt */ /* L4[511] -> level3_kernel_pgt */ convert_pfn_mfn(init_top_pgt); @@ -1917,8 +1917,8 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) addr[0] = (unsigned long)pgd; addr[1] = (unsigned long)l3; addr[2] = (unsigned long)l2; - /* Graft it onto L4[272][0]. Note that we creating an aliasing problem: - * Both L4[272][0] and L4[511][510] have entries that point to the same + /* Graft it onto L4[273][0]. Note that we creating an aliasing problem: + * Both L4[273][0] and L4[511][510] have entries that point to the same * L2 (PMD) tables. Meaning that if you modify it in __va space * it will be also modified in the __ka space! (But if you just * modify the PMD table to point to other PTE's or none, then you From patchwork Mon Nov 26 10:51:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 10697977 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A573013BB for ; Mon, 26 Nov 2018 11:05:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9393329757 for ; Mon, 26 Nov 2018 11:05:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8718829820; Mon, 26 Nov 2018 11:05:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6B1A29757 for ; Mon, 26 Nov 2018 11:05:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A0E986B41D5; Mon, 26 Nov 2018 06:05:28 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 944406B41D6; Mon, 26 Nov 2018 06:05:28 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 749676B41D7; Mon, 26 Nov 2018 06:05:28 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id 30E036B41D5 for ; Mon, 26 Nov 2018 06:05:28 -0500 (EST) Received: by mail-pl1-f200.google.com with SMTP id a10so399070plp.14 for ; Mon, 26 Nov 2018 03:05:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=jeJRpuU0LIrXRKkFCh8a/d/dsAje5ppZqlJuyojSLr0=; b=XXMqURuk6sece3HFP/yzTORaxRafO64uKnrRpcBptumCm0/1QUQ6Z9TCSHgWKhFuVl FD4kXCRQmkPZ/i0ETrAg7pmJVkraCfXSs/BQwu3THD2BV5bJyD3onThJ4IH9gSeCYQrK Ra03PwkJzGv8jVehpbnoz/P+NlOQ1NcwM7lodS513f6+jO0dTJoOmCYXn56Y8CIDFATi qhJvV2pPdlqLwaR3GPf++xIYZE/sxVE/Plj8WkDP+fBh/nfcnbnFxw6E+PcxwqpbQEd4 HgES3WMdEqF+qQwhRVkayJ6Eozx9xvbNYZd08JFVX4EoYbAPln7Jck9DMWPepn5BxzFj 9oDw== X-Gm-Message-State: AA+aEWbTuIgRe1OoXJyGEzWvf4I0ni14KU/QbNq5h48a84TSgxMwNSFK QVq9IX+7hAnqkXroI8UrT0pHU0+I0hvP82dG3D6ogHEpWCyGFz8FoNoqM/gXHeC1+ennmGjlR9B DzzMuevURpSxBwsga1wTpxXGGJE+ZULRmd3HRyL2Vq9wnqUclT4p5+MyTBdupN5s= X-Received: by 2002:a63:a30a:: with SMTP id s10mr22900209pge.234.1543230327834; Mon, 26 Nov 2018 03:05:27 -0800 (PST) X-Google-Smtp-Source: AFSGD/UGY3z0Iyrmk3tyuCucHr80r5hHEt4+5DJFL2kRSnvTsWTUrOlB9AvMQZ9pB+dplYdLM7rW X-Received: by 2002:a63:a30a:: with SMTP id s10mr22900139pge.234.1543230327016; Mon, 26 Nov 2018 03:05:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543230326; cv=none; d=google.com; s=arc-20160816; b=DGmMSoweIURQLPTf7+x4LafrF/5LIvKQJr8YA1mJ9064bqSKBLELAREDxfxt3oNU6s irzkhv7cVsHceDa7aocYJ39Q+w4Vkm5YvRwoBfkjzTF7LtAz3Dpzhu+sQaYO4vo4IlNo YTJKJKaJA6WfuwGXZwPIuRy4mw51GWnxaia6Efm2cPg2XgrgaiWC2tdSMN5lSw7HI3Bg kDPZaXYlzWehiaySBAzYfY+fS43VdPbAtTYD/FOFyxvNYbIn4l95ww+zhQm/oLrv4N5I daX0X0VFZY/48249FgXoZGA/MibuvXXV3ld2PSJV9xo+ukArBK73p0kmmmOwdZ1Qgw2Q oU5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=jeJRpuU0LIrXRKkFCh8a/d/dsAje5ppZqlJuyojSLr0=; b=d4M4EpRAIZKNOZIgzpMjiVJ+Uf06OqHUh1MT3ehQ9nMSAMrnm7Re7NAPwG5v/CjN4g RG7lCW/CTerH4q7TG8vlRNs5X0SzudugQopE0OgEJt/vJ2i7IYRHFykd5mEl0w6kfZPR 57oy365brKhcxfsu8A36RVERjUicuNgSglC3tNJDQ3Xvo/RSWHw35Mnt1rByRKmvRrhx K+LRzNlmzHSWWcrol2+v9tsMcr+CF6I2u3kJJb772SBrnL6HN5K7KvupDQM6FbRiGeVl 71BY9yiyuDGJ5hnuUDMNnhz5TVK3NNhJsxjiC/Rfw3XXNAcNe6G9m+fnqvzn9SGZnYr+ M7MQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kPIbGTp+; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from mail.kernel.org (mail.kernel.org. [198.145.29.99]) by mx.google.com with ESMTPS id x4si34869882plv.56.2018.11.26.03.05.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Nov 2018 03:05:26 -0800 (PST) Received-SPF: pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) client-ip=198.145.29.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kPIbGTp+; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3A4E32148E; Mon, 26 Nov 2018 11:05:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543230326; bh=ZcEDSMIrPnoU2m3JySg0/V/qQPSEolhn0xPfZ36jBmw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kPIbGTp+AXyR+AK3wnRSFmwrYCqFprX89NWJZiGEBAaqPkm1ol1Z6KRIkGGr7WThB y69n8tKEgpNpy3rR/jrDrmcT2WaGLEgP3K4bw0VleIQNKLMTqpEPgLZsxUpwZ8YG45 uY46wpWx+98NQiUW/5xKpMr6jFFxo5uqnZyzupNM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Kirill A. Shutemov" , Thomas Gleixner , bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, boris.ostrovsky@oracle.com, jgross@suse.com, bhe@redhat.com, willy@infradead.org, linux-mm@kvack.org, Sasha Levin Subject: [PATCH 4.19 093/118] x86/ldt: Unmap PTEs for the slot before freeing LDT pages Date: Mon, 26 Nov 2018 11:51:27 +0100 Message-Id: <20181126105105.431465354@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181126105059.832485122@linuxfoundation.org> References: <20181126105059.832485122@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ commit a0e6e0831c516860fc7f9be1db6c081fe902ebcf upstream modify_ldt(2) leaves the old LDT mapped after switching over to the new one. The old LDT gets freed and the pages can be re-used. Leaving the mapping in place can have security implications. The mapping is present in the userspace page tables and Meltdown-like attacks can read these freed and possibly reused pages. It's relatively simple to fix: unmap the old LDT and flush TLB before freeing the old LDT memory. This further allows to avoid flushing the TLB in map_ldt_struct() as the slot is unmapped and flushed by unmap_ldt_struct() or has never been mapped at all. [ tglx: Massaged changelog and removed the needless line breaks ] Fixes: f55f0501cbf6 ("x86/pti: Put the LDT in its own PGD if PTI is on") Signed-off-by: Kirill A. Shutemov Signed-off-by: Thomas Gleixner Cc: bp@alien8.de Cc: hpa@zytor.com Cc: dave.hansen@linux.intel.com Cc: luto@kernel.org Cc: peterz@infradead.org Cc: boris.ostrovsky@oracle.com Cc: jgross@suse.com Cc: bhe@redhat.com Cc: willy@infradead.org Cc: linux-mm@kvack.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181026122856.66224-3-kirill.shutemov@linux.intel.com Signed-off-by: Sasha Levin --- arch/x86/kernel/ldt.c | 51 ++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index 733e6ace0fa4..2a71ded9b13e 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -199,14 +199,6 @@ static void sanity_check_ldt_mapping(struct mm_struct *mm) /* * If PTI is enabled, this maps the LDT into the kernelmode and * usermode tables for the given mm. - * - * There is no corresponding unmap function. Even if the LDT is freed, we - * leave the PTEs around until the slot is reused or the mm is destroyed. - * This is harmless: the LDT is always in ordinary memory, and no one will - * access the freed slot. - * - * If we wanted to unmap freed LDTs, we'd also need to do a flush to make - * it useful, and the flush would slow down modify_ldt(). */ static int map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) @@ -214,8 +206,8 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) unsigned long va; bool is_vmalloc; spinlock_t *ptl; + int i, nr_pages; pgd_t *pgd; - int i; if (!static_cpu_has(X86_FEATURE_PTI)) return 0; @@ -238,7 +230,9 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) is_vmalloc = is_vmalloc_addr(ldt->entries); - for (i = 0; i * PAGE_SIZE < ldt->nr_entries * LDT_ENTRY_SIZE; i++) { + nr_pages = DIV_ROUND_UP(ldt->nr_entries * LDT_ENTRY_SIZE, PAGE_SIZE); + + for (i = 0; i < nr_pages; i++) { unsigned long offset = i << PAGE_SHIFT; const void *src = (char *)ldt->entries + offset; unsigned long pfn; @@ -272,13 +266,39 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) /* Propagate LDT mapping to the user page-table */ map_ldt_struct_to_user(mm); - va = (unsigned long)ldt_slot_va(slot); - flush_tlb_mm_range(mm, va, va + LDT_SLOT_STRIDE, 0); - ldt->slot = slot; return 0; } +static void unmap_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt) +{ + unsigned long va; + int i, nr_pages; + + if (!ldt) + return; + + /* LDT map/unmap is only required for PTI */ + if (!static_cpu_has(X86_FEATURE_PTI)) + return; + + nr_pages = DIV_ROUND_UP(ldt->nr_entries * LDT_ENTRY_SIZE, PAGE_SIZE); + + for (i = 0; i < nr_pages; i++) { + unsigned long offset = i << PAGE_SHIFT; + spinlock_t *ptl; + pte_t *ptep; + + va = (unsigned long)ldt_slot_va(ldt->slot) + offset; + ptep = get_locked_pte(mm, va, &ptl); + pte_clear(mm, va, ptep); + pte_unmap_unlock(ptep, ptl); + } + + va = (unsigned long)ldt_slot_va(ldt->slot); + flush_tlb_mm_range(mm, va, va + nr_pages * PAGE_SIZE, 0); +} + #else /* !CONFIG_PAGE_TABLE_ISOLATION */ static int @@ -286,6 +306,10 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) { return 0; } + +static void unmap_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt) +{ +} #endif /* CONFIG_PAGE_TABLE_ISOLATION */ static void free_ldt_pgtables(struct mm_struct *mm) @@ -524,6 +548,7 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } install_ldt(mm, new_ldt); + unmap_ldt_struct(mm, old_ldt); free_ldt_struct(old_ldt); error = 0; From patchwork Mon Nov 26 10:51:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 10697979 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 96D6817D5 for ; Mon, 26 Nov 2018 11:05:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 860F129757 for ; Mon, 26 Nov 2018 11:05:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 77EB629820; Mon, 26 Nov 2018 11:05:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ED63E29757 for ; Mon, 26 Nov 2018 11:05:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E80CD6B41D6; Mon, 26 Nov 2018 06:05:30 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DBE176B41D7; Mon, 26 Nov 2018 06:05:30 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B91BA6B41D8; Mon, 26 Nov 2018 06:05:30 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 74B926B41D6 for ; Mon, 26 Nov 2018 06:05:30 -0500 (EST) Received: by mail-pf1-f200.google.com with SMTP id s14so11073478pfk.16 for ; Mon, 26 Nov 2018 03:05:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:from:to:cc:subject:date :message-id:in-reply-to:references:user-agent:mime-version :content-transfer-encoding; bh=FewCBDGFhmaJiIdgkfQ6VZUWTxzXWSxx8X5R3TwWDHQ=; b=c01RiHXjCPWt1fqlnhSOS5lDhlcQkr3iHuLeByRAuLuxRvSqTWNPBj2A6ABXYxMEZY Y+QPbW/jIRDKQgSKB4FOsdVNBVJUBq26T9DXyOlP7wb/kHYEpM0hBjGF79yjIFI8/1rD grHeMAwaS6uAoG37sNOfbu/chZJwilDmX/jN0N1Pg6A+Ok5LhSx6BQQVy8DIR6FvulSx uHGSue9ZKx7XFWKVbHLDVEGYqsvT3mqy9qrdvyJGu7liIQ0nv8sCRrUGvFtuGMfrQcPb Kgcv4R8/vEpJ6AklymsmQiM7qqcSav5ZRaBsjcAbZfXFRclIhZNfEUxFBK1so8Umocro 0aIg== X-Gm-Message-State: AA+aEWZxJ2dgAMNwbxEyZ+/p2B5z/PWJNsrG84jgNiYybrA0T4GuWc/8 s+v2rjYnsdlGMRskOm9GwoLT5L7TihJk3eZBWcGu82jeSGLceTkaa6YVXCWTaYV+O5UrXsx07ut F9aJ6f06Ts17seUIxJravsRZl8L1vuWf4Wni35gHUR3BOxrI5Mn96YWmGjRtm86M= X-Received: by 2002:a63:6302:: with SMTP id x2mr24249043pgb.183.1543230330092; Mon, 26 Nov 2018 03:05:30 -0800 (PST) X-Google-Smtp-Source: AFSGD/UhdHMvjjVGfutohiLQXWO60Z0OCGFnkSZRtDMfyxjCOK9OcKEQClGvAqmoUJlIBC8PucY1 X-Received: by 2002:a63:6302:: with SMTP id x2mr24248990pgb.183.1543230329440; Mon, 26 Nov 2018 03:05:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543230329; cv=none; d=google.com; s=arc-20160816; b=EghlSaaglCT3NyDMzTvxs9cCojUslUJliuWL1y0BDfweBG1BpsqkYreNYX8lkqi39O N/xx9PlSqydG7UlDVx8qnPPhf9RIonOg7mGZ74N23b4EeZJuDlHyRsdWCjsAPToN7HvS XyO2ZTSBmSBRHhF34n41Vjh/u+pIQfpreYAl/6pPDoPK/5mUULA8pDwLDuyhSIQ59Fsa O7JEPdsq4AAkj8Em2QGaoalEtkZMHTJ+O2dU8Q4SW7imTFJOJCDZsunuNAbryGH6koXD z2osdoh9mH2FGrZJhhWK0XYVoDo+j7Oa3VkU1XPVZqdPZOoo48nhA3nP2K7jw4WexAjz vNUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=FewCBDGFhmaJiIdgkfQ6VZUWTxzXWSxx8X5R3TwWDHQ=; b=LyO/Gv0MBPkaqRWva46Bc6p4Ih+YRGf3joWsjzjl6hTTn0zmQV5QF7D/m10bH+T9lF wf8UoTrQ7ZRG/UmvoJSZeEeY+WDetbV/GE/KV80YR08b8yxhQ9sdnLaDWECaU0S2J0JE Z3aLbmp52Iv0oAq6Z59r2qhh+VBmi8SaKRnC4q53bLGlbGXEjQ+2r+/mOTHXqziRtxxA g2kG13E5kVMRplCEHDbmZU89Ir11PIRFU93cEPRzbG3fjN+K0QLngpqvcadk+NyfPxe2 zcVaUg66xJDVxeydMCtvTbBDo45zLqGbs5+4Xi1PCAvIz0mqsO+gv6nHbTFN8xRZfSoL aSKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="mpYZcl/2"; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from mail.kernel.org (mail.kernel.org. [198.145.29.99]) by mx.google.com with ESMTPS id d12si20401600pla.351.2018.11.26.03.05.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Nov 2018 03:05:29 -0800 (PST) Received-SPF: pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) client-ip=198.145.29.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="mpYZcl/2"; spf=pass (google.com: domain of srs0=uhmk=of=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom="SRS0=UhMK=OF=linuxfoundation.org=gregkh@kernel.org" Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 80CAB21479; Mon, 26 Nov 2018 11:05:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543230329; bh=99Jz98kxONQsk5T+TYP8sQqleGggScHd8CpMM+dDOG0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mpYZcl/2U6OxblTeCdTUKAm5G84mmALpQjqy3md1LX6H4TRrGcZdxc2lSTwSBPjhF 8Alvrrh0gywLDA1gFUaU8MkA1y1kmGh5U9/2MaQI4Jz8YTCYulstrpHpNB7FLb/DWP P27Nb8vlWo9RulWnQN8q3YIdlMh178W0WS4Xk/5o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Kirill A. Shutemov" , Thomas Gleixner , Andy Lutomirski , bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, peterz@infradead.org, boris.ostrovsky@oracle.com, jgross@suse.com, bhe@redhat.com, willy@infradead.org, linux-mm@kvack.org, Sasha Levin Subject: [PATCH 4.19 094/118] x86/ldt: Remove unused variable in map_ldt_struct() Date: Mon, 26 Nov 2018 11:51:28 +0100 Message-Id: <20181126105105.473322783@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181126105059.832485122@linuxfoundation.org> References: <20181126105059.832485122@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ commit b082f2dd80612015cd6d9d84e52099734ec9a0e1 upstream Splitting out the sanity check in map_ldt_struct() moved page table syncing into a separate function, which made the pgd variable unused. Remove it. [ tglx: Massaged changelog ] Fixes: 9bae3197e15d ("x86/ldt: Split out sanity check in map_ldt_struct()") Signed-off-by: Kirill A. Shutemov Signed-off-by: Thomas Gleixner Reviewed-by: Andy Lutomirski Cc: bp@alien8.de Cc: hpa@zytor.com Cc: dave.hansen@linux.intel.com Cc: peterz@infradead.org Cc: boris.ostrovsky@oracle.com Cc: jgross@suse.com Cc: bhe@redhat.com Cc: willy@infradead.org Cc: linux-mm@kvack.org Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20181026122856.66224-4-kirill.shutemov@linux.intel.com Signed-off-by: Sasha Levin --- arch/x86/kernel/ldt.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index 2a71ded9b13e..65590eee6289 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -207,7 +207,6 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) bool is_vmalloc; spinlock_t *ptl; int i, nr_pages; - pgd_t *pgd; if (!static_cpu_has(X86_FEATURE_PTI)) return 0; @@ -221,13 +220,6 @@ map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) /* Check if the current mappings are sane */ sanity_check_ldt_mapping(mm); - /* - * Did we already have the top level entry allocated? We can't - * use pgd_none() for this because it doens't do anything on - * 4-level page table kernels. - */ - pgd = pgd_offset(mm, LDT_BASE_ADDR); - is_vmalloc = is_vmalloc_addr(ldt->entries); nr_pages = DIV_ROUND_UP(ldt->nr_entries * LDT_ENTRY_SIZE, PAGE_SIZE);