From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Alexander Popov <alpopov@ptsecurity.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Konovalov <adech.fo@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Alexander Kuleshov <kuleshovmail@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables
Date: Fri, 19 Jun 2015 14:49:19 +0300 [thread overview]
Message-ID: <558401BF.3040809@samsung.com> (raw)
In-Reply-To: <20150618163846.GF1385@pd.tnic>
On 06/18/2015 07:38 PM, Borislav Petkov wrote:
> On Thu, Jun 18, 2015 at 07:05:04PM +0300, Andrey Ryabinin wrote:
>> What qemu version do you use and how you run it (qemu's command line
>> options)?
>
> Here it is:
> -cpu Opteron_G5
I guess that AMD cpus is more strict (unlike Intel) about violation
of reserved/unused bits in page table entries.
Please, try with this patch.
---
From: Andrey Ryabinin <a.ryabinin@samsung.com>
Subject: [PATCH] x86_64: kasan: one more fix for KASan zero shadow page
tables.
While populating zero shadow wrong bits in upper level page tables
used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has
_PAGE_BIT_GLOBAL set. Global bit is present only in the lowest
level of the page translation hierarchy (ptes), and it should be zero
in upper levels.
This bug seems doesn't cause any troubles on Intel cpus, while on AMDs
it crashes kernel.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
---
arch/x86/mm/kasan_init_64.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
index 5d26642..9a54dbe 100644
--- a/arch/x86/mm/kasan_init_64.c
+++ b/arch/x86/mm/kasan_init_64.c
@@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr,
while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) {
WARN_ON(!pmd_none(*pmd));
set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PMD_SIZE;
pmd = pmd_offset(pud, addr);
}
@@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr,
while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) {
WARN_ON(!pud_none(*pud));
set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PUD_SIZE;
pud = pud_offset(pgd, addr);
}
@@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end)
while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) {
WARN_ON(!pgd_none(*pgd));
set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PGDIR_SIZE;
pgd = pgd_offset_k(addr);
}
--
2.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-06-19 11:49 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-18 7:36 [PATCH v6 1/1] x86_64: fix KASan shadow region page tables Alexander Popov
2015-06-18 9:08 ` Borislav Petkov
2015-06-18 12:22 ` Andrey Ryabinin
2015-06-18 14:55 ` Borislav Petkov
2015-06-18 16:05 ` Andrey Ryabinin
2015-06-18 16:38 ` Borislav Petkov
2015-06-19 11:49 ` Andrey Ryabinin [this message]
2015-06-19 12:06 ` Borislav Petkov
2015-06-19 13:36 ` Andrey Ryabinin
2015-06-19 14:00 ` Ingo Molnar
2015-06-19 14:06 ` Borislav Petkov
2015-06-19 14:16 ` Andrey Ryabinin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=558401BF.3040809@samsung.com \
--to=a.ryabinin@samsung.com \
--cc=adech.fo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alpopov@ptsecurity.com \
--cc=bp@alien8.de \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kuleshovmail@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.