On Mon, 17 Sep 2018, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
x86/kexec: Allocate 8k PGDs for PTIto the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: x86-kexec-allocate-8k-pgds-for-pti.patch and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
I believe this commit is an example of the auto-selector being too eager, and this should not be in *any* of the stable trees. As the commit message indicates, it's a fix by Joerg for his PTI-x86-32 implementation - which has not been backported to any of the stable trees (yet), has it?
In several of the recent stable trees, I think this will not do any actual harm; but it looks as if it will prevent relevant x86-32 configs from building on 3.18 (I see no definition of PGD_ALLOCATION_ORDER in linux-3.18.y - you preferred not to have any PTI in that tree), and I haven't checked whether its definition in older backports will build correctly here or not.
Hugh
From foo@baz Mon Sep 17 11:45:57 CEST 2018 From: Joerg Roedel jroedel@suse.de Date: Wed, 25 Jul 2018 17:48:03 +0200 Subject: x86/kexec: Allocate 8k PGDs for PTI
From: Joerg Roedel jroedel@suse.de
[ Upstream commit ca38dc8f2724d101038b1205122c93a1c7f38f11 ]
Fuzzing the PTI-x86-32 code with trinity showed unhandled kernel paging request oops-messages that looked a lot like silent data corruption.
Lot's of debugging and testing lead to the kexec-32bit code, which is still allocating 4k PGDs when PTI is enabled. But since it uses native_set_pud() to build the page-table, it will unevitably call into __pti_set_user_pgtbl(), which writes beyond the allocated 4k page.
Use PGD_ALLOCATION_ORDER to allocate PGDs in the kexec code to fix the issue.
Signed-off-by: Joerg Roedel jroedel@suse.de Signed-off-by: Thomas Gleixner tglx@linutronix.de Tested-by: David H. Gutteridge dhgutteridge@sympatico.ca Cc: "H . Peter Anvin" hpa@zytor.com Cc: linux-mm@kvack.org Cc: Linus Torvalds torvalds@linux-foundation.org Cc: Andy Lutomirski luto@kernel.org Cc: Dave Hansen dave.hansen@intel.com Cc: Josh Poimboeuf jpoimboe@redhat.com Cc: Juergen Gross jgross@suse.com Cc: Peter Zijlstra peterz@infradead.org Cc: Borislav Petkov bp@alien8.de Cc: Jiri Kosina jkosina@suse.cz Cc: Boris Ostrovsky boris.ostrovsky@oracle.com Cc: Brian Gerst brgerst@gmail.com Cc: David Laight David.Laight@aculab.com Cc: Denys Vlasenko dvlasenk@redhat.com Cc: Eduardo Valentin eduval@amazon.com Cc: Greg KH gregkh@linuxfoundation.org Cc: Will Deacon will.deacon@arm.com Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli aarcange@redhat.com Cc: Waiman Long llong@redhat.com Cc: Pavel Machek pavel@ucw.cz Cc: Arnaldo Carvalho de Melo acme@kernel.org Cc: Alexander Shishkin alexander.shishkin@linux.intel.com Cc: Jiri Olsa jolsa@redhat.com Cc: Namhyung Kim namhyung@kernel.org Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1532533683-5988-4-git-send-email-joro@8bytes.org Signed-off-by: Sasha Levin alexander.levin@microsoft.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
arch/x86/kernel/machine_kexec_32.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/x86/kernel/machine_kexec_32.c +++ b/arch/x86/kernel/machine_kexec_32.c @@ -69,7 +69,7 @@ static void load_segments(void) static void machine_kexec_free_page_tables(struct kimage *image) {
- free_page((unsigned long)image->arch.pgd);
- free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER); image->arch.pgd = NULL;
#ifdef CONFIG_X86_PAE free_page((unsigned long)image->arch.pmd0); @@ -85,7 +85,8 @@ static void machine_kexec_free_page_tabl static int machine_kexec_alloc_page_tables(struct kimage *image) {
- image->arch.pgd = (pgd_t *)get_zeroed_page(GFP_KERNEL);
- image->arch.pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
PGD_ALLOCATION_ORDER);#ifdef CONFIG_X86_PAE image->arch.pmd0 = (pmd_t *)get_zeroed_page(GFP_KERNEL); image->arch.pmd1 = (pmd_t *)get_zeroed_page(GFP_KERNEL);
Patches currently in stable-queue which might be from jroedel@suse.de are
queue-3.18/x86-kexec-allocate-8k-pgds-for-pti.patch queue-3.18/x86-mm-remove-in_nmi-warning-from-vmalloc_fault.patch
On Mon, Sep 17, 2018 at 12:33:47PM -0700, Hugh Dickins wrote:
On Mon, 17 Sep 2018, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
x86/kexec: Allocate 8k PGDs for PTIto the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: x86-kexec-allocate-8k-pgds-for-pti.patch and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
I believe this commit is an example of the auto-selector being too eager, and this should not be in *any* of the stable trees. As the commit message indicates, it's a fix by Joerg for his PTI-x86-32 implementation - which has not been backported to any of the stable trees (yet), has it?
In several of the recent stable trees, I think this will not do any actual harm; but it looks as if it will prevent relevant x86-32 configs from building on 3.18 (I see no definition of PGD_ALLOCATION_ORDER in linux-3.18.y - you preferred not to have any PTI in that tree), and I haven't checked whether its definition in older backports will build correctly here or not.
Ah, you are right, I just got a build failure report from the 4.4.y tree with this exact error.
Thanks for letting me know, I'll go drop this from all of the stable tree queues right now.
greg k-h
On Mon, Sep 17, 2018 at 12:33:47PM -0700, Hugh Dickins wrote:
In several of the recent stable trees, I think this will not do any actual harm; but it looks as if it will prevent relevant x86-32 configs from building on 3.18 (I see no definition of PGD_ALLOCATION_ORDER in linux-3.18.y - you preferred not to have any PTI in that tree), and I haven't checked whether its definition in older backports will build correctly here or not.
Right, thanks for pointing that out. I should have added a Fixes:-tag to the patch to make clear what the fix it for, sorry for that.
Joerg
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Hugh Dickins -
Joerg Roedel