]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
321d628a FG |
2 | From: Dave Hansen <dave.hansen@linux.intel.com> |
3 | Date: Mon, 4 Dec 2017 15:07:40 +0100 | |
59d5af67 | 4 | Subject: [PATCH] x86/mm/pti: Populate user PGD |
321d628a FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | CVE-2017-5754 | |
10 | ||
11 | In clone_pgd_range() copy the init user PGDs which cover the kernel half of | |
12 | the address space, so a process has all the required kernel mappings | |
13 | visible. | |
14 | ||
15 | [ tglx: Split out from the big kaiser dump and folded Andys simplification ] | |
16 | ||
17 | Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> | |
18 | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> | |
19 | Reviewed-by: Borislav Petkov <bp@suse.de> | |
20 | Cc: Andy Lutomirski <luto@kernel.org> | |
21 | Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> | |
22 | Cc: Borislav Petkov <bp@alien8.de> | |
23 | Cc: Brian Gerst <brgerst@gmail.com> | |
24 | Cc: David Laight <David.Laight@aculab.com> | |
25 | Cc: Denys Vlasenko <dvlasenk@redhat.com> | |
26 | Cc: Eduardo Valentin <eduval@amazon.com> | |
27 | Cc: Greg KH <gregkh@linuxfoundation.org> | |
28 | Cc: H. Peter Anvin <hpa@zytor.com> | |
29 | Cc: Josh Poimboeuf <jpoimboe@redhat.com> | |
30 | Cc: Juergen Gross <jgross@suse.com> | |
31 | Cc: Linus Torvalds <torvalds@linux-foundation.org> | |
32 | Cc: Peter Zijlstra <peterz@infradead.org> | |
33 | Cc: Will Deacon <will.deacon@arm.com> | |
34 | Cc: aliguori@amazon.com | |
35 | Cc: daniel.gruss@iaik.tugraz.at | |
36 | Cc: hughd@google.com | |
37 | Cc: keescook@google.com | |
38 | Signed-off-by: Ingo Molnar <mingo@kernel.org> | |
39 | (cherry picked from commit fc2fbc8512ed08d1de7720936fd7d2e4ce02c3a2) | |
40 | Signed-off-by: Andy Whitcroft <apw@canonical.com> | |
41 | Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> | |
42 | (cherry picked from commit 26c08c52162e1079cbb3e9ce8e1346a100ea7ccc) | |
43 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
44 | --- | |
45 | arch/x86/include/asm/pgtable.h | 9 ++++++++- | |
46 | 1 file changed, 8 insertions(+), 1 deletion(-) | |
47 | ||
48 | diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h | |
49 | index 3ef8415b2358..25604b8a251a 100644 | |
50 | --- a/arch/x86/include/asm/pgtable.h | |
51 | +++ b/arch/x86/include/asm/pgtable.h | |
52 | @@ -1104,7 +1104,14 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, | |
53 | */ | |
54 | static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count) | |
55 | { | |
56 | - memcpy(dst, src, count * sizeof(pgd_t)); | |
57 | + memcpy(dst, src, count * sizeof(pgd_t)); | |
58 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION | |
59 | + if (!static_cpu_has(X86_FEATURE_PTI)) | |
60 | + return; | |
61 | + /* Clone the user space pgd as well */ | |
62 | + memcpy(kernel_to_user_pgdp(dst), kernel_to_user_pgdp(src), | |
63 | + count * sizeof(pgd_t)); | |
64 | +#endif | |
65 | } | |
66 | ||
67 | #define PTE_SHIFT ilog2(PTRS_PER_PTE) | |
68 | -- | |
69 | 2.14.2 | |
70 |