]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - arch/x86/mm/mmap.c
projects / mirror_ubuntu-bionic-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
[mirror_ubuntu-bionic-kernel.git] / arch / x86 / mm / mmap.c
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index 155ecbac9e28f10c2f83cdbf48037a2f8f6a44fe..bfeabff0b4726d1cacaa310f30599889fcc3c35c 100644 (file)
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -236,3 +236,24 @@ int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
 
        return phys_addr_valid(addr + count - 1);
 }
+
+/*
+ * Only allow root to set high MMIO mappings to PROT_NONE.
+ * This prevents an unpriv. user to set them to PROT_NONE and invert
+ * them, then pointing to valid memory for L1TF speculation.
+ *
+ * Note: for locked down kernels may want to disable the root override.
+ */
+bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot)
+{
+       if (!boot_cpu_has_bug(X86_BUG_L1TF))
+               return true;
+       if (!__pte_needs_invert(pgprot_val(prot)))
+               return true;
+       /* If it's real memory always allow */
+       if (pfn_valid(pfn))
+               return true;
+       if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
+               return false;
+       return true;
+}
ubuntu-bionic-kernel mirror