From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CD64C43387 for ; Fri, 11 Jan 2019 15:04:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E7F9221848 for ; Fri, 11 Jan 2019 15:04:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547219061; bh=sL27qDBXpdMClx4vlWMvVCPWP+xP0FVw1IYbAL6O5Zc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=1ygZnrjtFA11FAE0mH8696OyypkfiL6fyiWgqA9cWAjWXHU9bCFJXNR2JEDbg7tKq nkpYepjkYPeLvaLDzE/TfRwmfZIJVtS70LofSbEMv3rjeA44yCgfauJrJg7WRDaZ8n GGL1OQX5n8y1k9XZ39zOPhnQbU8syYWAE/IfBfDo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391866AbfAKPET (ORCPT ); Fri, 11 Jan 2019 10:04:19 -0500 Received: from mail.kernel.org ([198.145.29.99]:49892 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388975AbfAKOae (ORCPT ); Fri, 11 Jan 2019 09:30:34 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 568CF2063F; Fri, 11 Jan 2019 14:30:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547217034; bh=sL27qDBXpdMClx4vlWMvVCPWP+xP0FVw1IYbAL6O5Zc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=v+LPO2IW7D1o1PnBkiJ/KWA6zcLnpSovgHfmV6QJtsEVCWzafvvoygdYvzivOhZTF XCKu7kqUSe5QsL8MUKAf0bRhdnGiTihauphYFRPGYGdgV3oO7k3rLlG4duuw8109P4 3ZoetcOKIA3li/TAbVxGRbshWwxw2hH/qvD7Tf+0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hans van Kranenburg , "Kirill A. Shutemov" , Thomas Gleixner , Juergen Gross , bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, boris.ostrovsky@oracle.com, bhe@redhat.com, linux-mm@kvack.org, xen-devel@lists.xenproject.org, Sasha Levin Subject: [PATCH 4.14 018/105] x86/mm: Fix guard hole handling Date: Fri, 11 Jan 2019 15:13:49 +0100 Message-Id: <20190111131104.761109114@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190111131102.899065735@linuxfoundation.org> References: <20190111131102.899065735@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 16877a5570e0c5f4270d5b17f9bab427bcae9514 ] There is a guard hole at the beginning of the kernel address space, also used by hypervisors. It occupies 16 PGD entries. This reserved range is not defined explicitely, it is calculated relative to other entities: direct mapping and user space ranges. The calculation got broken by recent changes of the kernel memory layout: LDT remap range is now mapped before direct mapping and makes the calculation invalid. The breakage leads to crash on Xen dom0 boot[1]. Define the reserved range explicitely. It's part of kernel ABI (hypervisors expect it to be stable) and must not depend on changes in the rest of kernel memory layout. [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging") Reported-by: Hans van Kranenburg Signed-off-by: Kirill A. Shutemov Signed-off-by: Thomas Gleixner Tested-by: Hans van Kranenburg Reviewed-by: Juergen Gross Cc: bp@alien8.de Cc: hpa@zytor.com Cc: dave.hansen@linux.intel.com Cc: luto@kernel.org Cc: peterz@infradead.org Cc: boris.ostrovsky@oracle.com Cc: bhe@redhat.com Cc: linux-mm@kvack.org Cc: xen-devel@lists.xenproject.org Link: https://lkml.kernel.org/r/20181130202328.65359-2-kirill.shutemov@linux.intel.com Signed-off-by: Sasha Levin --- arch/x86/include/asm/pgtable_64_types.h | 5 +++++ arch/x86/mm/dump_pagetables.c | 8 ++++---- arch/x86/xen/mmu_pv.c | 11 ++++++----- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 7764617b8f9c..bf6d2692fc60 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -94,6 +94,11 @@ typedef struct { pteval_t pte; } pte_t; # define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) #endif +#define GUARD_HOLE_PGD_ENTRY -256UL +#define GUARD_HOLE_SIZE (16UL << PGDIR_SHIFT) +#define GUARD_HOLE_BASE_ADDR (GUARD_HOLE_PGD_ENTRY << PGDIR_SHIFT) +#define GUARD_HOLE_END_ADDR (GUARD_HOLE_BASE_ADDR + GUARD_HOLE_SIZE) + #define LDT_PGD_ENTRY -240UL #define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 2a4849e92831..cf403e057f3f 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -465,11 +465,11 @@ static inline bool is_hypervisor_range(int idx) { #ifdef CONFIG_X86_64 /* - * ffff800000000000 - ffff87ffffffffff is reserved for - * the hypervisor. + * A hole in the beginning of kernel address space reserved + * for a hypervisor. */ - return (idx >= pgd_index(__PAGE_OFFSET) - 16) && - (idx < pgd_index(__PAGE_OFFSET)); + return (idx >= pgd_index(GUARD_HOLE_BASE_ADDR)) && + (idx < pgd_index(GUARD_HOLE_END_ADDR)); #else return false; #endif diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c index b33fa127a613..7631e6130d44 100644 --- a/arch/x86/xen/mmu_pv.c +++ b/arch/x86/xen/mmu_pv.c @@ -614,19 +614,20 @@ static int __xen_pgd_walk(struct mm_struct *mm, pgd_t *pgd, unsigned long limit) { int i, nr, flush = 0; - unsigned hole_low, hole_high; + unsigned hole_low = 0, hole_high = 0; /* The limit is the last byte to be touched */ limit--; BUG_ON(limit >= FIXADDR_TOP); +#ifdef CONFIG_X86_64 /* * 64-bit has a great big hole in the middle of the address - * space, which contains the Xen mappings. On 32-bit these - * will end up making a zero-sized hole and so is a no-op. + * space, which contains the Xen mappings. */ - hole_low = pgd_index(USER_LIMIT); - hole_high = pgd_index(PAGE_OFFSET); + hole_low = pgd_index(GUARD_HOLE_BASE_ADDR); + hole_high = pgd_index(GUARD_HOLE_END_ADDR); +#endif nr = pgd_index(limit) + 1; for (i = 0; i < nr; i++) { -- 2.19.1 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: [PATCH 4.14 018/105] x86/mm: Fix guard hole handling Date: Fri, 11 Jan 2019 15:13:49 +0100 Message-ID: <20190111131104.761109114@linuxfoundation.org> References: <20190111131102.899065735@linuxfoundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ghxpT-0004Ju-5i for xen-devel@lists.xenproject.org; Fri, 11 Jan 2019 14:30:35 +0000 In-Reply-To: <20190111131102.899065735@linuxfoundation.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: linux-kernel@vger.kernel.org Cc: Juergen Gross , Sasha Levin , bhe@redhat.com, peterz@infradead.org, Greg Kroah-Hartman , dave.hansen@linux.intel.com, stable@vger.kernel.org, linux-mm@kvack.org, bp@alien8.de, luto@kernel.org, hpa@zytor.com, xen-devel@lists.xenproject.org, Thomas Gleixner , Hans van Kranenburg , boris.ostrovsky@oracle.com, "Kirill A. Shutemov" List-Id: xen-devel@lists.xenproject.org NC4xNC1zdGFibGUgcmV2aWV3IHBhdGNoLiAgSWYgYW55b25lIGhhcyBhbnkgb2JqZWN0aW9ucywg cGxlYXNlIGxldCBtZSBrbm93LgoKLS0tLS0tLS0tLS0tLS0tLS0tCgpbIFVwc3RyZWFtIGNvbW1p dCAxNjg3N2E1NTcwZTBjNWY0MjcwZDViMTdmOWJhYjQyN2JjYWU5NTE0IF0KClRoZXJlIGlzIGEg Z3VhcmQgaG9sZSBhdCB0aGUgYmVnaW5uaW5nIG9mIHRoZSBrZXJuZWwgYWRkcmVzcyBzcGFjZSwg YWxzbwp1c2VkIGJ5IGh5cGVydmlzb3JzLiBJdCBvY2N1cGllcyAxNiBQR0QgZW50cmllcy4KClRo aXMgcmVzZXJ2ZWQgcmFuZ2UgaXMgbm90IGRlZmluZWQgZXhwbGljaXRlbHksIGl0IGlzIGNhbGN1 bGF0ZWQgcmVsYXRpdmUKdG8gb3RoZXIgZW50aXRpZXM6IGRpcmVjdCBtYXBwaW5nIGFuZCB1c2Vy IHNwYWNlIHJhbmdlcy4KClRoZSBjYWxjdWxhdGlvbiBnb3QgYnJva2VuIGJ5IHJlY2VudCBjaGFu Z2VzIG9mIHRoZSBrZXJuZWwgbWVtb3J5IGxheW91dDoKTERUIHJlbWFwIHJhbmdlIGlzIG5vdyBt YXBwZWQgYmVmb3JlIGRpcmVjdCBtYXBwaW5nIGFuZCBtYWtlcyB0aGUKY2FsY3VsYXRpb24gaW52 YWxpZC4KClRoZSBicmVha2FnZSBsZWFkcyB0byBjcmFzaCBvbiBYZW4gZG9tMCBib290WzFdLgoK RGVmaW5lIHRoZSByZXNlcnZlZCByYW5nZSBleHBsaWNpdGVseS4gSXQncyBwYXJ0IG9mIGtlcm5l bCBBQkkgKGh5cGVydmlzb3JzCmV4cGVjdCBpdCB0byBiZSBzdGFibGUpIGFuZCBtdXN0IG5vdCBk ZXBlbmQgb24gY2hhbmdlcyBpbiB0aGUgcmVzdCBvZgprZXJuZWwgbWVtb3J5IGxheW91dC4KClsx XSBodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL2FyY2hpdmVzL2h0bWwveGVuLWRldmVsLzIw MTgtMTEvbXNnMDMzMTMuaHRtbAoKRml4ZXM6IGQ1Mjg4OGFhMjc1MyAoIng4Ni9tbTogTW92ZSBM RFQgcmVtYXAgb3V0IG9mIEtBU0xSIHJlZ2lvbiBvbiA1LWxldmVsIHBhZ2luZyIpClJlcG9ydGVk LWJ5OiBIYW5zIHZhbiBLcmFuZW5idXJnIDxoYW5zLnZhbi5rcmFuZW5idXJnQG1lbmRpeC5jb20+ ClNpZ25lZC1vZmYtYnk6IEtpcmlsbCBBLiBTaHV0ZW1vdiA8a2lyaWxsLnNodXRlbW92QGxpbnV4 LmludGVsLmNvbT4KU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdsZWl4bmVyIDx0Z2x4QGxpbnV0cm9u aXguZGU+ClRlc3RlZC1ieTogSGFucyB2YW4gS3JhbmVuYnVyZyA8aGFucy52YW4ua3JhbmVuYnVy Z0BtZW5kaXguY29tPgpSZXZpZXdlZC1ieTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29t PgpDYzogYnBAYWxpZW44LmRlCkNjOiBocGFAenl0b3IuY29tCkNjOiBkYXZlLmhhbnNlbkBsaW51 eC5pbnRlbC5jb20KQ2M6IGx1dG9Aa2VybmVsLm9yZwpDYzogcGV0ZXJ6QGluZnJhZGVhZC5vcmcK Q2M6IGJvcmlzLm9zdHJvdnNreUBvcmFjbGUuY29tCkNjOiBiaGVAcmVkaGF0LmNvbQpDYzogbGlu dXgtbW1Aa3ZhY2sub3JnCkNjOiB4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcKTGluazog aHR0cHM6Ly9sa21sLmtlcm5lbC5vcmcvci8yMDE4MTEzMDIwMjMyOC42NTM1OS0yLWtpcmlsbC5z aHV0ZW1vdkBsaW51eC5pbnRlbC5jb20KU2lnbmVkLW9mZi1ieTogU2FzaGEgTGV2aW4gPHNhc2hh bEBrZXJuZWwub3JnPgotLS0KIGFyY2gveDg2L2luY2x1ZGUvYXNtL3BndGFibGVfNjRfdHlwZXMu aCB8ICA1ICsrKysrCiBhcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYyAgICAgICAgICAgfCAg OCArKysrLS0tLQogYXJjaC94ODYveGVuL21tdV9wdi5jICAgICAgICAgICAgICAgICAgIHwgMTEg KysrKysrLS0tLS0KIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5cGVz LmggYi9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5cGVzLmgKaW5kZXggNzc2NDYx N2I4ZjljLi5iZjZkMjY5MmZjNjAgMTAwNjQ0Ci0tLSBhL2FyY2gveDg2L2luY2x1ZGUvYXNtL3Bn dGFibGVfNjRfdHlwZXMuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5 cGVzLmgKQEAgLTk0LDYgKzk0LDExIEBAIHR5cGVkZWYgc3RydWN0IHsgcHRldmFsX3QgcHRlOyB9 IHB0ZV90OwogIyBkZWZpbmUgX19WTUVNTUFQX0JBU0UJCV9BQygweGZmZmZlYTAwMDAwMDAwMDAs IFVMKQogI2VuZGlmCiAKKyNkZWZpbmUgR1VBUkRfSE9MRV9QR0RfRU5UUlkJLTI1NlVMCisjZGVm aW5lIEdVQVJEX0hPTEVfU0laRQkJKDE2VUwgPDwgUEdESVJfU0hJRlQpCisjZGVmaW5lIEdVQVJE X0hPTEVfQkFTRV9BRERSCShHVUFSRF9IT0xFX1BHRF9FTlRSWSA8PCBQR0RJUl9TSElGVCkKKyNk ZWZpbmUgR1VBUkRfSE9MRV9FTkRfQUREUgkoR1VBUkRfSE9MRV9CQVNFX0FERFIgKyBHVUFSRF9I T0xFX1NJWkUpCisKICNkZWZpbmUgTERUX1BHRF9FTlRSWQkJLTI0MFVMCiAjZGVmaW5lIExEVF9C QVNFX0FERFIJCShMRFRfUEdEX0VOVFJZIDw8IFBHRElSX1NISUZUKQogCmRpZmYgLS1naXQgYS9h cmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYyBiL2FyY2gveDg2L21tL2R1bXBfcGFnZXRhYmxl cy5jCmluZGV4IDJhNDg0OWU5MjgzMS4uY2Y0MDNlMDU3ZjNmIDEwMDY0NAotLS0gYS9hcmNoL3g4 Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYworKysgYi9hcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMu YwpAQCAtNDY1LDExICs0NjUsMTEgQEAgc3RhdGljIGlubGluZSBib29sIGlzX2h5cGVydmlzb3Jf cmFuZ2UoaW50IGlkeCkKIHsKICNpZmRlZiBDT05GSUdfWDg2XzY0CiAJLyoKLQkgKiBmZmZmODAw MDAwMDAwMDAwIC0gZmZmZjg3ZmZmZmZmZmZmZiBpcyByZXNlcnZlZCBmb3IKLQkgKiB0aGUgaHlw ZXJ2aXNvci4KKwkgKiBBIGhvbGUgaW4gdGhlIGJlZ2lubmluZyBvZiBrZXJuZWwgYWRkcmVzcyBz cGFjZSByZXNlcnZlZAorCSAqIGZvciBhIGh5cGVydmlzb3IuCiAJICovCi0JcmV0dXJuCShpZHgg Pj0gcGdkX2luZGV4KF9fUEFHRV9PRkZTRVQpIC0gMTYpICYmCi0JCShpZHggPCAgcGdkX2luZGV4 KF9fUEFHRV9PRkZTRVQpKTsKKwlyZXR1cm4JKGlkeCA+PSBwZ2RfaW5kZXgoR1VBUkRfSE9MRV9C QVNFX0FERFIpKSAmJgorCQkoaWR4IDwgIHBnZF9pbmRleChHVUFSRF9IT0xFX0VORF9BRERSKSk7 CiAjZWxzZQogCXJldHVybiBmYWxzZTsKICNlbmRpZgpkaWZmIC0tZ2l0IGEvYXJjaC94ODYveGVu L21tdV9wdi5jIGIvYXJjaC94ODYveGVuL21tdV9wdi5jCmluZGV4IGIzM2ZhMTI3YTYxMy4uNzYz MWU2MTMwZDQ0IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni94ZW4vbW11X3B2LmMKKysrIGIvYXJjaC94 ODYveGVuL21tdV9wdi5jCkBAIC02MTQsMTkgKzYxNCwyMCBAQCBzdGF0aWMgaW50IF9feGVuX3Bn ZF93YWxrKHN0cnVjdCBtbV9zdHJ1Y3QgKm1tLCBwZ2RfdCAqcGdkLAogCQkJICB1bnNpZ25lZCBs b25nIGxpbWl0KQogewogCWludCBpLCBuciwgZmx1c2ggPSAwOwotCXVuc2lnbmVkIGhvbGVfbG93 LCBob2xlX2hpZ2g7CisJdW5zaWduZWQgaG9sZV9sb3cgPSAwLCBob2xlX2hpZ2ggPSAwOwogCiAJ LyogVGhlIGxpbWl0IGlzIHRoZSBsYXN0IGJ5dGUgdG8gYmUgdG91Y2hlZCAqLwogCWxpbWl0LS07 CiAJQlVHX09OKGxpbWl0ID49IEZJWEFERFJfVE9QKTsKIAorI2lmZGVmIENPTkZJR19YODZfNjQK IAkvKgogCSAqIDY0LWJpdCBoYXMgYSBncmVhdCBiaWcgaG9sZSBpbiB0aGUgbWlkZGxlIG9mIHRo ZSBhZGRyZXNzCi0JICogc3BhY2UsIHdoaWNoIGNvbnRhaW5zIHRoZSBYZW4gbWFwcGluZ3MuICBP biAzMi1iaXQgdGhlc2UKLQkgKiB3aWxsIGVuZCB1cCBtYWtpbmcgYSB6ZXJvLXNpemVkIGhvbGUg YW5kIHNvIGlzIGEgbm8tb3AuCisJICogc3BhY2UsIHdoaWNoIGNvbnRhaW5zIHRoZSBYZW4gbWFw cGluZ3MuCiAJICovCi0JaG9sZV9sb3cgPSBwZ2RfaW5kZXgoVVNFUl9MSU1JVCk7Ci0JaG9sZV9o aWdoID0gcGdkX2luZGV4KFBBR0VfT0ZGU0VUKTsKKwlob2xlX2xvdyA9IHBnZF9pbmRleChHVUFS RF9IT0xFX0JBU0VfQUREUik7CisJaG9sZV9oaWdoID0gcGdkX2luZGV4KEdVQVJEX0hPTEVfRU5E X0FERFIpOworI2VuZGlmCiAKIAluciA9IHBnZF9pbmRleChsaW1pdCkgKyAxOwogCWZvciAoaSA9 IDA7IGkgPCBucjsgaSsrKSB7Ci0tIAoyLjE5LjEKCgoKCl9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVs QGxpc3RzLnhlbnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1h bi9saXN0aW5mby94ZW4tZGV2ZWw=