]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Thomas Gleixner <tglx@linutronix.de> |
3 | Date: Mon, 4 Dec 2017 15:07:33 +0100 | |
59d5af67 | 4 | Subject: [PATCH] x86/cpufeatures: Add X86_BUG_CPU_INSECURE |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | Many x86 CPUs leak information to user space due to missing isolation of | |
12 | user space and kernel space page tables. There are many well documented | |
13 | ways to exploit that. | |
14 | ||
15 | The upcoming software migitation of isolating the user and kernel space | |
16 | page tables needs a misfeature flag so code can be made runtime | |
17 | conditional. | |
18 | ||
19 | Add the BUG bits which indicates that the CPU is affected and add a feature | |
20 | bit which indicates that the software migitation is enabled. | |
21 | ||
22 | Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be | |
23 | made later. | |
24 | ||
25 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
26 | Cc: Andy Lutomirski <luto@kernel.org> | |
27 | Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
28 | Cc: Borislav Petkov <bp@alien8.de> | |
29 | Cc: Brian Gerst <brgerst@gmail.com> | |
30 | Cc: Dave Hansen <dave.hansen@linux.intel.com> | |
31 | Cc: David Laight <David.Laight@aculab.com> | |
32 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
33 | Cc: Eduardo Valentin <eduval@amazon.com> | |
34 | Cc: Greg KH <gregkh@linuxfoundation.org> | |
35 | Cc: H. Peter Anvin <hpa@zytor.com> | |
36 | Cc: Josh Poimboeuf <jpoimboe@redhat.com> | |
37 | Cc: Juergen Gross <jgross@suse.com> | |
38 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
39 | Cc: Peter Zijlstra <peterz@infradead.org> | |
40 | Cc: Will Deacon <will.deacon@arm.com> | |
41 | Cc: aliguori@amazon.com | |
42 | Cc: daniel.gruss@iaik.tugraz.at | |
43 | Cc: hughd@google.com | |
44 | Cc: keescook@google.com | |
45 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
46 | (cherry picked from commit a89f040fa34ec9cd682aed98b8f04e3c47d998bd) | |
47 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
48 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
49 | (cherry picked from commit 3b0dffb3557f6a1084a2b92ac0cc2d36b5e1f39f) | |
50 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
51 | --- | |
52 | arch/x86/include/asm/cpufeatures.h | 3 ++- | |
53 | arch/x86/include/asm/disabled-features.h | 8 +++++++- | |
54 | arch/x86/kernel/cpu/common.c | 4 ++++ | |
55 | 3 files changed, 13 insertions(+), 2 deletions(-) | |
56 | ||
57 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | |
58 | index d57a174ec97c..de4e91452de4 100644 | |
59 | --- a/arch/x86/include/asm/cpufeatures.h | |
60 | +++ b/arch/x86/include/asm/cpufeatures.h | |
61 | @@ -200,7 +200,7 @@ | |
62 | #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ | |
63 | #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ | |
64 | #define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */ | |
65 | - | |
66 | +#define X86_FEATURE_PTI ( 7*32+11) /* Kernel Page Table Isolation enabled */ | |
67 | #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ | |
68 | #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ | |
69 | #define X86_FEATURE_AVX512_4VNNIW ( 7*32+16) /* AVX-512 Neural Network Instructions */ | |
70 | @@ -339,5 +339,6 @@ | |
71 | #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ | |
72 | #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ | |
73 | #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ | |
74 | +#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ | |
75 | ||
76 | #endif /* _ASM_X86_CPUFEATURES_H */ | |
77 | diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h | |
78 | index 5dff775af7cd..db681152f024 100644 | |
79 | --- a/arch/x86/include/asm/disabled-features.h | |
80 | +++ b/arch/x86/include/asm/disabled-features.h | |
81 | @@ -42,6 +42,12 @@ | |
82 | # define DISABLE_LA57 (1<<(X86_FEATURE_LA57 & 31)) | |
83 | #endif | |
84 | ||
85 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION | |
86 | +# define DISABLE_PTI 0 | |
87 | +#else | |
88 | +# define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31)) | |
89 | +#endif | |
90 | + | |
91 | /* | |
92 | * Make sure to add features to the correct mask | |
93 | */ | |
94 | @@ -52,7 +58,7 @@ | |
95 | #define DISABLED_MASK4 0 | |
96 | #define DISABLED_MASK5 0 | |
97 | #define DISABLED_MASK6 0 | |
98 | -#define DISABLED_MASK7 0 | |
99 | +#define DISABLED_MASK7 (DISABLE_PTI) | |
100 | #define DISABLED_MASK8 0 | |
101 | #define DISABLED_MASK9 (DISABLE_MPX) | |
102 | #define DISABLED_MASK10 0 | |
103 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | |
104 | index 96171ce46d61..623ba3635793 100644 | |
105 | --- a/arch/x86/kernel/cpu/common.c | |
106 | +++ b/arch/x86/kernel/cpu/common.c | |
107 | @@ -898,6 +898,10 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) | |
108 | } | |
109 | ||
110 | setup_force_cpu_cap(X86_FEATURE_ALWAYS); | |
111 | + | |
112 | + /* Assume for now that ALL x86 CPUs are insecure */ | |
113 | + setup_force_cpu_bug(X86_BUG_CPU_INSECURE); | |
114 | + | |
115 | fpu__init_system(c); | |
116 | } | |
117 | ||
118 | -- | |
119 | 2.14.2 | |
120 |