[gentoo-commits] proj/linux-patches:4.14 commit in: / - gentoo-commits

From:	Alice Ferrazzi <alicef@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/linux-patches:4.14 commit in: /
Date:	Thu, 04 Jan 2018 07:40:27
Message-Id:	`1515051405.699a12a2e1c3b010def959c76faf7dddc4588b8d.alicef@gentoo`

1

commit:     699a12a2e1c3b010def959c76faf7dddc4588b8d

2

Author:     Alice Ferrazzi <alicef <AT> gentoo <DOT> org>

3

AuthorDate: Thu Jan  4 07:36:45 2018 +0000

4

Commit:     Alice Ferrazzi <alicef <AT> gentoo <DOT> org>

5

CommitDate: Thu Jan  4 07:36:45 2018 +0000

6

URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=699a12a2

7

8

x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()

9

10

 0000_README                                        |  4 ++

11

 ...rnel_CR3_at_early_in_entry_SYSCALL_compat.patch | 68 ++++++++++++++++++++++

12

 2 files changed, 72 insertions(+)

13

14

diff --git a/0000_README b/0000_README

15

index 0cab5bc..d47f74d 100644

16

--- a/0000_README

17

+++ b/0000_README

18

@@ -103,6 +103,10 @@ Patch:  1701_make_sure_the_user_kernel_PTEs_match.patch

19

 From:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=52994c256df36fda9a715697431cba9daecb6b11

20

 Desc:   x86/pti: Make sure the user/kernel PTEs match

21

22

+Patch:  1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch

23

+From:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=WIP.x86/pti&id=d7732ba55c4b6a2da339bb12589c515830cfac2c

24

+Desc:   Switch to kernel CR3 at early in entry_SYSCALL_compat()

25

+

26

 Patch: 	2100_bcache-data-corruption-fix-for-bi-partno.patch

27

 From:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6

28

 Desc:   bio: ensure __bio_clone_fast copies bi_partno. 

29

30

diff --git a/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch

31

new file mode 100644

32

index 0000000..12d9555

33

--- /dev/null

34

+++ b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch

35

@@ -0,0 +1,68 @@

36

+From d7732ba55c4b6a2da339bb12589c515830cfac2c Mon Sep 17 00:00:00 2001

37

+From: Thomas Gleixner <tglx@××××××××××.de>

38

+Date: Wed, 3 Jan 2018 19:52:04 +0100

39

+Subject: x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()

40

+

41

+The preparation for PTI which added CR3 switching to the entry code

42

+misplaced the CR3 switch in entry_SYSCALL_compat().

43

+

44

+With PTI enabled the entry code tries to access a per cpu variable after

45

+switching to kernel GS. This fails because that variable is not mapped to

46

+user space. This results in a double fault and in the worst case a kernel

47

+crash.

48

+

49

+Move the switch ahead of the access and clobber RSP which has been saved

50

+already.

51

+

52

+Fixes: 8a09317b895f ("x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching")

53

+Reported-by: Lars Wendler <wendler.lars@×××.de>

54

+Reported-by: Laura Abbott <labbott@××××××.com>

55

+Signed-off-by: Thomas Gleixner <tglx@××××××××××.de>

56

+Cc: Borislav Betkov <bp@××××××.de>

57

+Cc: Andy Lutomirski <luto@××××××.org>,

58

+Cc: Dave Hansen <dave.hansen@×××××××××××.com>,

59

+Cc: Peter Zijlstra <peterz@×××××××××.org>,

60

+Cc: Greg KH <gregkh@×××××××××××××××.org>, ,

61

+Cc: Boris Ostrovsky <boris.ostrovsky@××××××.com>,

62

+Cc: Juergen Gross <jgross@××××.com>

63

+Cc: stable@×××××××××××.org

64

+Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031949200.1957@nanos

65

+---

66

+ arch/x86/entry/entry_64_compat.S | 13 ++++++-------

67

+ 1 file changed, 6 insertions(+), 7 deletions(-)

68

+

69

+diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S

70

+index 40f1700..98d5358 100644

71

+--- a/arch/x86/entry/entry_64_compat.S

72

++++ b/arch/x86/entry/entry_64_compat.S

73

+@@ -190,8 +190,13 @@ ENTRY(entry_SYSCALL_compat)

74

+ 	/* Interrupts are off on entry. */

75

+ 	swapgs

76

+

77

+-	/* Stash user ESP and switch to the kernel stack. */

78

++	/* Stash user ESP */

79

+ 	movl	%esp, %r8d

80

++

81

++	/* Use %rsp as scratch reg. User ESP is stashed in r8 */

82

++	SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp

83

++

84

++	/* Switch to the kernel stack */

85

+ 	movq	PER_CPU_VAR(cpu_current_top_of_stack), %rsp

86

+

87

+ 	/* Construct struct pt_regs on stack */

88

+@@ -220,12 +225,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)

89

+ 	pushq   $0			/* pt_regs->r15 = 0 */

90

+

91

+ 	/*

92

+-	 * We just saved %rdi so it is safe to clobber.  It is not

93

+-	 * preserved during the C calls inside TRACE_IRQS_OFF anyway.

94

+-	 */

95

+-	SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi

96

+-

97

+-	/*

98

+ 	 * User mode is traced as though IRQs are on, and SYSENTER

99

+ 	 * turned them off.

100

+ 	 */

101

+--

102

+cgit v1.1

103

+

1	commit: 699a12a2e1c3b010def959c76faf7dddc4588b8d
2	Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
3	AuthorDate: Thu Jan 4 07:36:45 2018 +0000
4	Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
5	CommitDate: Thu Jan 4 07:36:45 2018 +0000
6	URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=699a12a2
7
8	x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()
9
10	0000_README \| 4 ++
11	...rnel_CR3_at_early_in_entry_SYSCALL_compat.patch \| 68 ++++++++++++++++++++++
12	2 files changed, 72 insertions(+)
13
14	diff --git a/0000_README b/0000_README
15	index 0cab5bc..d47f74d 100644
16	--- a/0000_README
17	+++ b/0000_README
18	@@ -103,6 +103,10 @@ Patch: 1701_make_sure_the_user_kernel_PTEs_match.patch
19	From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=52994c256df36fda9a715697431cba9daecb6b11
20	Desc: x86/pti: Make sure the user/kernel PTEs match
21
22	+Patch: 1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch
23	+From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=WIP.x86/pti&id=d7732ba55c4b6a2da339bb12589c515830cfac2c
24	+Desc: Switch to kernel CR3 at early in entry_SYSCALL_compat()
25	+
26	Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch
27	From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6
28	Desc: bio: ensure __bio_clone_fast copies bi_partno.
29
30	diff --git a/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch
31	new file mode 100644
32	index 0000000..12d9555
33	--- /dev/null
34	+++ b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch
35	@@ -0,0 +1,68 @@
36	+From d7732ba55c4b6a2da339bb12589c515830cfac2c Mon Sep 17 00:00:00 2001
37	+From: Thomas Gleixner <tglx@××××××××××.de>
38	+Date: Wed, 3 Jan 2018 19:52:04 +0100
39	+Subject: x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()
40	+
41	+The preparation for PTI which added CR3 switching to the entry code
42	+misplaced the CR3 switch in entry_SYSCALL_compat().
43	+
44	+With PTI enabled the entry code tries to access a per cpu variable after
45	+switching to kernel GS. This fails because that variable is not mapped to
46	+user space. This results in a double fault and in the worst case a kernel
47	+crash.
48	+
49	+Move the switch ahead of the access and clobber RSP which has been saved
50	+already.
51	+
52	+Fixes: 8a09317b895f ("x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching")
53	+Reported-by: Lars Wendler <wendler.lars@×××.de>
54	+Reported-by: Laura Abbott <labbott@××××××.com>
55	+Signed-off-by: Thomas Gleixner <tglx@××××××××××.de>
56	+Cc: Borislav Betkov <bp@××××××.de>
57	+Cc: Andy Lutomirski <luto@××××××.org>,
58	+Cc: Dave Hansen <dave.hansen@×××××××××××.com>,
59	+Cc: Peter Zijlstra <peterz@×××××××××.org>,
60	+Cc: Greg KH <gregkh@×××××××××××××××.org>, ,
61	+Cc: Boris Ostrovsky <boris.ostrovsky@××××××.com>,
62	+Cc: Juergen Gross <jgross@××××.com>
63	+Cc: stable@×××××××××××.org
64	+Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031949200.1957@nanos
65	+---
66	+ arch/x86/entry/entry_64_compat.S \| 13 ++++++-------
67	+ 1 file changed, 6 insertions(+), 7 deletions(-)
68	+
69	+diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
70	+index 40f1700..98d5358 100644
71	+--- a/arch/x86/entry/entry_64_compat.S
72	++++ b/arch/x86/entry/entry_64_compat.S
73	+@@ -190,8 +190,13 @@ ENTRY(entry_SYSCALL_compat)
74	+ /* Interrupts are off on entry. */
75	+ swapgs
76	+
77	+- /* Stash user ESP and switch to the kernel stack. */
78	++ /* Stash user ESP */
79	+ movl %esp, %r8d
80	++
81	++ /* Use %rsp as scratch reg. User ESP is stashed in r8 */
82	++ SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp
83	++
84	++ /* Switch to the kernel stack */
85	+ movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp
86	+
87	+ /* Construct struct pt_regs on stack */
88	+@@ -220,12 +225,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe)
89	+ pushq $0 /* pt_regs->r15 = 0 */
90	+
91	+ /*
92	+- * We just saved %rdi so it is safe to clobber. It is not
93	+- * preserved during the C calls inside TRACE_IRQS_OFF anyway.
94	+- */
95	+- SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi
96	+-
97	+- /*
98	+ * User mode is traced as though IRQs are on, and SYSENTER
99	+ * turned them off.
100	+ */
101	+--
102	+cgit v1.1
103	+

Gentoo Archives: gentoo-commits