From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Joerg Roedel <jroedel@suse.de>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@intel.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Juergen Gross <jgross@suse.com>,
Peter Zijlstra <peterz@infradead.org>,
Borislav Petkov <bp@alien8.de>, Jiri Kosina <jkosina@suse.cz>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Brian Gerst <brgerst@gmail.com>,
David Laight <David.Laight@aculab.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Eduardo Valentin <eduval@amazon.com>,
Greg KH <gregkh@linuxfoundation.org>,
Will Deacon <will.deacon@arm.com>,
"aliguori@amazon.com" <aliguori@amazon.com>,
Daniel Gruss <daniel.gruss@iaik.tugraz.at>,
"hughd@google.com" <hughd@google.com>,
"keescook@google.com" <keescook@google.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Waiman Long <llong@redhat.com>, Pavel Machek <pavel@ucw.cz>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
"joro@8bytes.org" <joro@8bytes.org>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.9 28/62] x86/kexec: Allocate 8k PGDs for PTI
Date: Sun, 2 Sep 2018 13:14:39 +0000 [thread overview]
Message-ID: <20180902131411.183978-18-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180902131411.183978-1-alexander.levin@microsoft.com>
From: Joerg Roedel <jroedel@suse.de>
[ Upstream commit ca38dc8f2724d101038b1205122c93a1c7f38f11 ]
Fuzzing the PTI-x86-32 code with trinity showed unhandled
kernel paging request oops-messages that looked a lot like
silent data corruption.
Lot's of debugging and testing lead to the kexec-32bit code,
which is still allocating 4k PGDs when PTI is enabled. But
since it uses native_set_pud() to build the page-table, it
will unevitably call into __pti_set_user_pgtbl(), which
writes beyond the allocated 4k page.
Use PGD_ALLOCATION_ORDER to allocate PGDs in the kexec code
to fix the issue.
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: David H. Gutteridge <dhgutteridge@sympatico.ca>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: linux-mm@kvack.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Waiman Long <llong@redhat.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: joro@8bytes.org
Link: https://lkml.kernel.org/r/1532533683-5988-4-git-send-email-joro@8bytes.org
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/x86/kernel/machine_kexec_32.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index fd7e9937ddd6..e9359272c5cb 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -70,7 +70,7 @@ static void load_segments(void)
static void machine_kexec_free_page_tables(struct kimage *image)
{
- free_page((unsigned long)image->arch.pgd);
+ free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER);
image->arch.pgd = NULL;
#ifdef CONFIG_X86_PAE
free_page((unsigned long)image->arch.pmd0);
@@ -86,7 +86,8 @@ static void machine_kexec_free_page_tables(struct kimage *image)
static int machine_kexec_alloc_page_tables(struct kimage *image)
{
- image->arch.pgd = (pgd_t *)get_zeroed_page(GFP_KERNEL);
+ image->arch.pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+ PGD_ALLOCATION_ORDER);
#ifdef CONFIG_X86_PAE
image->arch.pmd0 = (pmd_t *)get_zeroed_page(GFP_KERNEL);
image->arch.pmd1 = (pmd_t *)get_zeroed_page(GFP_KERNEL);
--
2.17.1
next prev parent reply other threads:[~2018-09-02 13:15 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-02 13:14 [PATCH AUTOSEL 4.9 11/62] uio: potential double frees if __uio_register_device() fails Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 12/62] tty: rocket: Fix possible buffer overwrite on register_PCI Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 13/62] f2fs: do not set free of current section Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 14/62] perf tools: Allow overriding MAX_NR_CPUS at compile time Sasha Levin
2018-09-02 13:14 ` Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 15/62] NFSv4.0 fix client reference leak in callback Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 16/62] fbdev/core: Disable console-lock warnings when fb.lockless_register_fb is set Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 17/62] macintosh/via-pmu: Add missing mmio accessors Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 18/62] ath9k: report tx status on EOSP Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 19/62] ath9k_hw: fix channel maximum power level test Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 20/62] ath10k: prevent active scans on potential unusable channels Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 21/62] wlcore: Set rx_status boottime_ns field on rx Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 22/62] MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 23/62] ata: libahci: Correct setting of DEVSLP register Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 24/62] scsi: 3ware: fix return 0 on the error path of probe Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 25/62] ath10k: disable bundle mgmt tx completion event support Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 26/62] Bluetooth: hidp: Fix handling of strncpy for hid->name information Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 27/62] x86/mm: Remove in_nmi() warning from vmalloc_fault() Sasha Levin
2018-09-02 13:14 ` Sasha Levin [this message]
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 29/62] gpio: ml-ioh: Fix buffer underwrite on probe error path Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 30/62] net: mvneta: fix mtu change on port without link Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 31/62] f2fs: try grabbing node page lock aggressively in sync scenario Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 32/62] f2fs: fix to skip GC if type in SSA and SIT is inconsistent Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 33/62] tpm_tis_spi: Pass the SPI IRQ down to the driver Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 34/62] tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 35/62] f2fs: fix to do sanity check with reserved blkaddr of inline inode Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 36/62] MIPS: Octeon: add missing of_node_put() Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 37/62] MIPS: generic: fix " Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 38/62] iio: ad9523: Fix return value for ad952x_store() Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 39/62] net: dcb: For wild-card lookups, use priority -1, not 0 Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 40/62] Input: atmel_mxt_ts - only use first T9 instance Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 41/62] iommu/dma: Respect bus DMA limit for IOVAs Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 42/62] media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 43/62] partitions/aix: append null character to print data from disk Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 44/62] partitions/aix: fix usage of uninitialized lv_info and lvname structures Sasha Levin
2018-09-02 13:14 ` [PATCH AUTOSEL 4.9 45/62] media: helene: fix xtal frequency setting at power on Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 46/62] f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 47/62] media: em28xx: Fix DualHD disconnect oops Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 48/62] iommu/ipmmu-vmsa: Fix allocation in atomic context Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 49/62] mfd: ti_am335x_tscadc: Fix struct clk memory leak Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 50/62] f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 51/62] ALSA: riptide: Properly endian notations Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 52/62] ALSA: wss: Fix sparse warning wrt PCM format type Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 53/62] ALSA: sb: Fix PCM format bit calculation Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 54/62] ALSA: asihpi: Fix PCM format notations Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 55/62] ALSA: ad1816a: Fix sparse warning wrt PCM format type Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 56/62] ALSA: hda: Fix implicit PCM format type conversion Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 57/62] ALSA: au88x0: Fix sparse warning wrt PCM format type Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 58/62] ALSA: sb: " Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 59/62] NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 60/62] MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 61/62] RDMA/cma: Do not ignore net namespace for unbound cm_id Sasha Levin
2018-09-02 13:15 ` [PATCH AUTOSEL 4.9 62/62] fuse: Add missed unlock_page() to fuse_readpages_fill() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180902131411.183978-18-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=David.Laight@aculab.com \
--cc=aarcange@redhat.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=aliguori@amazon.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=daniel.gruss@iaik.tugraz.at \
--cc=dave.hansen@intel.com \
--cc=dvlasenk@redhat.com \
--cc=eduval@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jkosina@suse.cz \
--cc=jolsa@redhat.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=jroedel@suse.de \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llong@redhat.com \
--cc=luto@kernel.org \
--cc=namhyung@kernel.org \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.