patches/kernel/0183-x86-mm-Put-MMU-to-hardware-ASID-translation-in-one-p.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Dave Hansen <dave.hansen@linux.intel.com>
   3 Date: Mon, 4 Dec 2017 15:07:56 +0100
   4 Subject: [PATCH] x86/mm: Put MMU to hardware ASID translation in one place
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 There are effectively two ASID types:
  12
  13  1. The one stored in the mmu_context that goes from 0..5
  14  2. The one programmed into the hardware that goes from 1..6
  15
  16 This consolidates the locations where converting between the two (by doing
  17 a +1) to a single place which gives us a nice place to comment.
  18 PAGE_TABLE_ISOLATION will also need to, given an ASID, know which hardware
  19 ASID to flush for the userspace mapping.
  20
  21 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
  22 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  23 Cc: Andy Lutomirski <luto@kernel.org>
  24 Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
  25 Cc: Borislav Petkov <bp@alien8.de>
  26 Cc: Brian Gerst <brgerst@gmail.com>
  27 Cc: Dave Hansen <dave.hansen@intel.com>
  28 Cc: David Laight <David.Laight@aculab.com>
  29 Cc: Denys Vlasenko <dvlasenk@redhat.com>
  30 Cc: Eduardo Valentin <eduval@amazon.com>
  31 Cc: Greg KH <gregkh@linuxfoundation.org>
  32 Cc: H. Peter Anvin <hpa@zytor.com>
  33 Cc: Josh Poimboeuf <jpoimboe@redhat.com>
  34 Cc: Juergen Gross <jgross@suse.com>
  35 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  36 Cc: Peter Zijlstra <peterz@infradead.org>
  37 Cc: Will Deacon <will.deacon@arm.com>
  38 Cc: aliguori@amazon.com
  39 Cc: daniel.gruss@iaik.tugraz.at
  40 Cc: hughd@google.com
  41 Cc: keescook@google.com
  42 Cc: linux-mm@kvack.org
  43 Signed-off-by: Ingo Molnar <mingo@kernel.org>
  44 (cherry picked from commit dd95f1a4b5ca904c78e6a097091eb21436478abb)
  45 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  46 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  47 (cherry picked from commit 6f3e88a8f41123ac339d28cfdda5da0e85bec550)
  48 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  49 ---
  50  arch/x86/include/asm/tlbflush.h | 31 +++++++++++++++++++------------
  51  1 file changed, 19 insertions(+), 12 deletions(-)
  52
  53 diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
  54 index c1c10db4156c..ecd634f87e4e 100644
  55 --- a/arch/x86/include/asm/tlbflush.h
  56 +++ b/arch/x86/include/asm/tlbflush.h
  57 @@ -84,30 +84,37 @@ static inline u64 inc_mm_tlb_gen(struct mm_struct *mm)
  58   */
  59  #define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2)
  60
  61 -/*
  62 - * If PCID is on, ASID-aware code paths put the ASID+1 into the PCID bits.
  63 - * This serves two purposes.  It prevents a nasty situation in which
  64 - * PCID-unaware code saves CR3, loads some other value (with PCID == 0),
  65 - * and then restores CR3, thus corrupting the TLB for ASID 0 if the saved
  66 - * ASID was nonzero.  It also means that any bugs involving loading a
  67 - * PCID-enabled CR3 with CR4.PCIDE off will trigger deterministically.
  68 - */
  69 +static inline u16 kern_pcid(u16 asid)
  70 +{
  71 +       VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
  72 +       /*
  73 +        * If PCID is on, ASID-aware code paths put the ASID+1 into the
  74 +        * PCID bits.  This serves two purposes.  It prevents a nasty
  75 +        * situation in which PCID-unaware code saves CR3, loads some other
  76 +        * value (with PCID == 0), and then restores CR3, thus corrupting
  77 +        * the TLB for ASID 0 if the saved ASID was nonzero.  It also means
  78 +        * that any bugs involving loading a PCID-enabled CR3 with
  79 +        * CR4.PCIDE off will trigger deterministically.
  80 +        */
  81 +       return asid + 1;
  82 +}
  83 +
  84  struct pgd_t;
  85  static inline unsigned long build_cr3(pgd_t *pgd, u16 asid)
  86  {
  87         if (static_cpu_has(X86_FEATURE_PCID)) {
  88 -               VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
  89 -               return __sme_pa(pgd) | (asid + 1);
  90 +               return __pa(pgd) | kern_pcid(asid);
  91         } else {
  92                 VM_WARN_ON_ONCE(asid != 0);
  93 -               return __sme_pa(pgd);
  94 +               return __pa(pgd);
  95         }
  96  }
  97
  98  static inline unsigned long build_cr3_noflush(pgd_t *pgd, u16 asid)
  99  {
 100         VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE);
 101 -       return __sme_pa(pgd) | (asid + 1) | CR3_NOFLUSH;
 102 +       VM_WARN_ON_ONCE(!this_cpu_has(X86_FEATURE_PCID));
 103 +       return __pa(pgd) | kern_pcid(asid) | CR3_NOFLUSH;
 104  }
 105
 106  #ifdef CONFIG_PARAVIRT
 107 --
 108 2.14.2
 109