[pve-kernel.git] / patches / kernel / 0180-x86-mm-Remove-hard-coded-ASID-limit-checks.patch

From f847420cd768a0b95c3159ab822c30c909f0e5ee Mon Sep 17 00:00:00 2001
From: Dave Hansen <dave.hansen@linux.intel.com>
Date: Mon, 4 Dec 2017 15:07:55 +0100
Subject: [PATCH 180/241] x86/mm: Remove hard-coded ASID limit checks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

First, it's nice to remove the magic numbers.

Second, PAGE_TABLE_ISOLATION is going to consume half of the available ASID
space.  The space is currently unused, but add a comment to spell out this
new restriction.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: linux-mm@kvack.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit cb0a9144a744e55207e24dcef812f05cd15a499a)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit fd5d001ae73ccd382d4270f53e27dcf61c4e4749)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/include/asm/tlbflush.h | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index 3a421b164868..c1c10db4156c 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -68,6 +68,22 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm)
 	return atomic64_inc_return(&mm->context.tlb_gen);
 }
 
+/* There are 12 bits of space for ASIDS in CR3 */
+#define CR3_HW_ASID_BITS		12
+/*
+ * When enabled, PAGE_TABLE_ISOLATION consumes a single bit for
+ * user/kernel switches
+ */
+#define PTI_CONSUMED_ASID_BITS		0
+
+#define CR3_AVAIL_ASID_BITS (CR3_HW_ASID_BITS - PTI_CONSUMED_ASID_BITS)
+/*
+ * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid.  -1 below to account
+ * for them being zero-based.  Another -1 is because ASID 0 is reserved for
+ * use by non-PCID-aware users.
+ */
+#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2)
+
 /*
  * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits.
  * This serves two purposes.  It prevents a nasty situation in which
@@ -80,7 +96,7 @@ struct pgd_t;
 static inline unsigned long build_cr3(pgd_t *pgd, u16 asid)
 {
 	if (static_cpu_has(X86_FEATURE_PCID)) {
-		VM_WARN_ON_ONCE(asid > 4094);
+		VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
 		return __sme_pa(pgd) | (asid + 1);
 	} else {
 		VM_WARN_ON_ONCE(asid != 0);
@@ -90,7 +106,7 @@ static inline unsigned long build_cr3(pgd_t *pgd, u16 asid)
 
 static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid)
 {
-	VM_WARN_ON_ONCE(asid > 4094);
+	VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
 	return __sme_pa(pgd) | (asid + 1) | CR3_NOFLUSH;
 }
 
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From f847420cd768a0b95c3159ab822c30c909f0e5ee Mon Sep 17 00:00:00 2001
	2	From: Dave Hansen <dave.hansen@linux.intel.com>
	3	Date: Mon, 4 Dec 2017 15:07:55 +0100
e4cdf2a5	4	Subject: [PATCH 180/241] x86/mm: Remove hard-coded ASID limit checks
321d628a FG	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	CVE-2017-5754
	10
	11	First, it's nice to remove the magic numbers.
	12
	13	Second, PAGE_TABLE_ISOLATION is going to consume half of the available ASID
	14	space. The space is currently unused, but add a comment to spell out this
	15	new restriction.
	16
	17	Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
	18	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	19	Cc: Andy Lutomirski <luto@kernel.org>
	20	Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
	21	Cc: Borislav Petkov <bp@alien8.de>
	22	Cc: Brian Gerst <brgerst@gmail.com>
	23	Cc: Dave Hansen <dave.hansen@intel.com>
	24	Cc: David Laight <David.Laight@aculab.com>
	25	Cc: Denys Vlasenko <dvlasenk@redhat.com>
	26	Cc: Eduardo Valentin <eduval@amazon.com>
	27	Cc: Greg KH <gregkh@linuxfoundation.org>
	28	Cc: H. Peter Anvin <hpa@zytor.com>
	29	Cc: Josh Poimboeuf <jpoimboe@redhat.com>
	30	Cc: Juergen Gross <jgross@suse.com>
	31	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	32	Cc: Peter Zijlstra <peterz@infradead.org>
	33	Cc: Will Deacon <will.deacon@arm.com>
	34	Cc: aliguori@amazon.com
	35	Cc: daniel.gruss@iaik.tugraz.at
	36	Cc: hughd@google.com
	37	Cc: keescook@google.com
	38	Cc: linux-mm@kvack.org
	39	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	40	(cherry picked from commit cb0a9144a744e55207e24dcef812f05cd15a499a)
	41	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	42	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	43	(cherry picked from commit fd5d001ae73ccd382d4270f53e27dcf61c4e4749)
	44	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	45	---
	46	arch/x86/include/asm/tlbflush.h \| 20 ++++++++++++++++++--
	47	1 file changed, 18 insertions(+), 2 deletions(-)
	48
	49	diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
	50	index 3a421b164868..c1c10db4156c 100644
	51	--- a/arch/x86/include/asm/tlbflush.h
	52	+++ b/arch/x86/include/asm/tlbflush.h
	53	@@ -68,6 +68,22 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm)
	54	return atomic64_inc_return(&mm->context.tlb_gen);
	55	}
	56
	57	+/* There are 12 bits of space for ASIDS in CR3 */
	58	+#define CR3_HW_ASID_BITS 12
	59	+/*
	60	+ * When enabled, PAGE_TABLE_ISOLATION consumes a single bit for
	61	+ * user/kernel switches
	62	+ */
	63	+#define PTI_CONSUMED_ASID_BITS 0
	64	+
	65	+#define CR3_AVAIL_ASID_BITS (CR3_HW_ASID_BITS - PTI_CONSUMED_ASID_BITS)
	66	+/*
	67	+ * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid. -1 below to account
	68	+ * for them being zero-based. Another -1 is because ASID 0 is reserved for
69	+ * use by non-PCID-aware users.
70	+ */
71	+#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2)
72	+
73	/*
74	* If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits.
75	* This serves two purposes. It prevents a nasty situation in which
76	@@ -80,7 +96,7 @@ struct pgd_t;
77	static inline unsigned long build_cr3(pgd_t *pgd, u16 asid)
78	{
79	if (static_cpu_has(X86_FEATURE_PCID)) {
80	- VM_WARN_ON_ONCE(asid > 4094);
81	+ VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
82	return __sme_pa(pgd) \| (asid + 1);
83	} else {
84	VM_WARN_ON_ONCE(asid != 0);
85	@@ -90,7 +106,7 @@ static inline unsigned long build_cr3(pgd_t *pgd, u16 asid)
86
87	static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid)
88	{
89	- VM_WARN_ON_ONCE(asid > 4094);
90	+ VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
91	return __sme_pa(pgd) \| (asid + 1) \| CR3_NOFLUSH;
92	}
93
94	--
95	2.14.2
96