]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Andy Lutomirski <luto@kernel.org> |
3 | Date: Wed, 6 Sep 2017 19:54:54 -0700 | |
59d5af67 | 4 | Subject: [PATCH] x86/mm: Document how CR4.PCIDE restore works |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | While debugging a problem, I thought that using | |
12 | cr4_set_bits_and_update_boot() to restore CR4.PCIDE would be | |
13 | helpful. It turns out to be counterproductive. | |
14 | ||
15 | Add a comment documenting how this works. | |
16 | ||
17 | Signed-off-by: Andy Lutomirski <luto@kernel.org> | |
18 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
19 | (cherry picked from commit 1c9fe4409ce3e9c78b1ed96ee8ed699d4f03bf33) | |
20 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
21 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
22 | (cherry picked from commit 0d69e4c4a2db42a9bac6609a3df15bd91163f8b9) | |
23 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
24 | --- | |
25 | arch/x86/kernel/cpu/common.c | 13 +++++++++++++ | |
26 | 1 file changed, 13 insertions(+) | |
27 | ||
28 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
29 | index b95cd94ca97b..0b80ed14ff52 100644 | |
30 | --- a/arch/x86/kernel/cpu/common.c | |
31 | +++ b/arch/x86/kernel/cpu/common.c | |
32 | @@ -333,6 +333,19 @@ static void setup_pcid(struct cpuinfo_x86 *c) | |
33 | { | |
34 | if (cpu_has(c, X86_FEATURE_PCID)) { | |
35 | if (cpu_has(c, X86_FEATURE_PGE)) { | |
36 | + /* | |
37 | + * We'd like to use cr4_set_bits_and_update_boot(), | |
38 | + * but we can't. CR4.PCIDE is special and can only | |
39 | + * be set in long mode, and the early CPU init code | |
40 | + * doesn't know this and would try to restore CR4.PCIDE | |
41 | + * prior to entering long mode. | |
42 | + * | |
43 | + * Instead, we rely on the fact that hotplug, resume, | |
44 | + * etc all fully restore CR4 before they write anything | |
45 | + * that could have nonzero PCID bits to CR3. CR4.PCIDE | |
46 | + * has no effect on the page tables themselves, so we | |
47 | + * don't need it to be restored early. | |
48 | + */ | |
49 | cr4_set_bits(X86_CR4_PCIDE); | |
50 | } else { | |
51 | /* | |
52 | -- | |
53 | 2.14.2 | |
54 |