[pve-kernel.git] / patches / kernel / 0215-x86-mm-dump_pagetables-Add-page-table-directory-to-t.patch

From d03b4d2a3e43228bb98fae4c6f5365d4f9d00f4c Mon Sep 17 00:00:00 2001
From: Borislav Petkov <bp@suse.de>
Date: Mon, 4 Dec 2017 15:08:04 +0100
Subject: [PATCH 215/241] x86/mm/dump_pagetables: Add page table directory to
 the debugfs VFS hierarchy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5754

The upcoming support for dumping the kernel and the user space page tables
of the current process would create more random files in the top level
debugfs directory.

Add a page table directory and move the existing file to it.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 75298aa179d56cd64f54e58a19fffc8ab922b4c0)
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit ae5c4af9bbefed4adc12075c28fb5889547c99cc)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 arch/x86/mm/debug_pagetables.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/arch/x86/mm/debug_pagetables.c b/arch/x86/mm/debug_pagetables.c
index bfcffdf6c577..d1449fb6dc7a 100644
--- a/arch/x86/mm/debug_pagetables.c
+++ b/arch/x86/mm/debug_pagetables.c
@@ -22,21 +22,26 @@ static const struct file_operations ptdump_fops = {
 	.release	= single_release,
 };
 
-static struct dentry *pe;
+static struct dentry *dir, *pe;
 
 static int __init pt_dump_debug_init(void)
 {
-	pe = debugfs_create_file("kernel_page_tables", S_IRUSR, NULL, NULL,
-				 &ptdump_fops);
-	if (!pe)
+	dir = debugfs_create_dir("page_tables", NULL);
+	if (!dir)
 		return -ENOMEM;
 
+	pe = debugfs_create_file("kernel", 0400, dir, NULL, &ptdump_fops);
+	if (!pe)
+		goto err;
 	return 0;
+err:
+	debugfs_remove_recursive(dir);
+	return -ENOMEM;
 }
 
 static void __exit pt_dump_debug_exit(void)
 {
-	debugfs_remove_recursive(pe);
+	debugfs_remove_recursive(dir);
 }
 
 module_init(pt_dump_debug_init);
-- 
2.14.2
Commit	Line	Data
321d628a FG	1	From d03b4d2a3e43228bb98fae4c6f5365d4f9d00f4c Mon Sep 17 00:00:00 2001
	2	From: Borislav Petkov <bp@suse.de>
	3	Date: Mon, 4 Dec 2017 15:08:04 +0100
e4cdf2a5	4	Subject: [PATCH 215/241] x86/mm/dump_pagetables: Add page table directory to
321d628a FG	5	the debugfs VFS hierarchy
	6	MIME-Version: 1.0
	7	Content-Type: text/plain; charset=UTF-8
	8	Content-Transfer-Encoding: 8bit
	9
	10	CVE-2017-5754
	11
	12	The upcoming support for dumping the kernel and the user space page tables
	13	of the current process would create more random files in the top level
	14	debugfs directory.
	15
	16	Add a page table directory and move the existing file to it.
	17
	18	Signed-off-by: Borislav Petkov <bp@suse.de>
	19	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	20	Cc: Andy Lutomirski <luto@kernel.org>
	21	Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
	22	Cc: Borislav Petkov <bp@alien8.de>
	23	Cc: Brian Gerst <brgerst@gmail.com>
	24	Cc: Dave Hansen <dave.hansen@linux.intel.com>
	25	Cc: David Laight <David.Laight@aculab.com>
	26	Cc: Denys Vlasenko <dvlasenk@redhat.com>
	27	Cc: Eduardo Valentin <eduval@amazon.com>
	28	Cc: Greg KH <gregkh@linuxfoundation.org>
	29	Cc: H. Peter Anvin <hpa@zytor.com>
	30	Cc: Josh Poimboeuf <jpoimboe@redhat.com>
	31	Cc: Juergen Gross <jgross@suse.com>
	32	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	33	Cc: Peter Zijlstra <peterz@infradead.org>
	34	Cc: Will Deacon <will.deacon@arm.com>
	35	Cc: aliguori@amazon.com
	36	Cc: daniel.gruss@iaik.tugraz.at
	37	Cc: hughd@google.com
	38	Cc: keescook@google.com
	39	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	40	(cherry picked from commit 75298aa179d56cd64f54e58a19fffc8ab922b4c0)
	41	Signed-off-by: Andy Whitcroft <apw@canonical.com>
	42	Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	43	(cherry picked from commit ae5c4af9bbefed4adc12075c28fb5889547c99cc)
	44	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	45	---
	46	arch/x86/mm/debug_pagetables.c \| 15 ++++++++++-----
	47	1 file changed, 10 insertions(+), 5 deletions(-)
	48
	49	diff --git a/arch/x86/mm/debug_pagetables.c b/arch/x86/mm/debug_pagetables.c
	50	index bfcffdf6c577..d1449fb6dc7a 100644
	51	--- a/arch/x86/mm/debug_pagetables.c
	52	+++ b/arch/x86/mm/debug_pagetables.c
	53	@@ -22,21 +22,26 @@ static const struct file_operations ptdump_fops = {
	54	.release = single_release,
	55	};
	56
	57	-static struct dentry *pe;
	58	+static struct dentry dir, pe;
	59
	60	static int __init pt_dump_debug_init(void)
	61	{
	62	- pe = debugfs_create_file("kernel_page_tables", S_IRUSR, NULL, NULL,
	63	- &ptdump_fops);
	64	- if (!pe)
	65	+ dir = debugfs_create_dir("page_tables", NULL);
	66	+ if (!dir)
	67	return -ENOMEM;
	68
69	+ pe = debugfs_create_file("kernel", 0400, dir, NULL, &ptdump_fops);
70	+ if (!pe)
71	+ goto err;
72	return 0;
73	+err:
74	+ debugfs_remove_recursive(dir);
75	+ return -ENOMEM;
76	}
77
78	static void __exit pt_dump_debug_exit(void)
79	{
80	- debugfs_remove_recursive(pe);
81	+ debugfs_remove_recursive(dir);
82	}
83
84	module_init(pt_dump_debug_init);
85	--
86	2.14.2
87