patches/kernel/0245-x86-pti-Make-sure-the-user-kernel-PTEs-match.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Thomas Gleixner <tglx@linutronix.de>
   3 Date: Wed, 3 Jan 2018 15:57:59 +0100
   4 Subject: [PATCH] x86/pti: Make sure the user/kernel PTEs match
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 CVE-2017-5754
  10
  11 Meelis reported that his K8 Athlon64 emits MCE warnings when PTI is
  12 enabled:
  13
  14 [Hardware Error]: Error Addr: 0x0000ffff81e000e0
  15 [Hardware Error]: MC1 Error: L1 TLB multimatch.
  16 [Hardware Error]: cache level: L1, tx: INSN
  17
  18 The address is in the entry area, which is mapped into kernel _AND_ user
  19 space. That's special because we switch CR3 while we are executing
  20 there.
  21
  22 User mapping:
  23 0xffffffff81e00000-0xffffffff82000000           2M     ro         PSE     GLB x  pmd
  24
  25 Kernel mapping:
  26 0xffffffff81000000-0xffffffff82000000          16M     ro         PSE         x  pmd
  27
  28 So the K8 is complaining that the TLB entries differ. They differ in the
  29 GLB bit.
  30
  31 Drop the GLB bit when installing the user shared mapping.
  32
  33 Fixes: 6dc72c3cbca0 ("x86/mm/pti: Share entry text PMD")
  34 Reported-by: Meelis Roos <mroos@linux.ee>
  35 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  36 Tested-by: Meelis Roos <mroos@linux.ee>
  37 Cc: Borislav Petkov <bp@alien8.de>
  38 Cc: Tom Lendacky <thomas.lendacky@amd.com>
  39 Cc: stable@vger.kernel.org
  40 Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031407180.1957@nanos
  41 (cherry picked from commit 52994c256df36fda9a715697431cba9daecb6b11)
  42 Signed-off-by: Andy Whitcroft <apw@canonical.com>
  43 Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
  44 (cherry picked from commit 8a95d206afc447d8461815c67e618bd8b2c6457f)
  45 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  46 ---
  47  arch/x86/mm/pti.c | 3 ++-
  48  1 file changed, 2 insertions(+), 1 deletion(-)
  49
  50 diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
  51 index bce8aea65606..2da28ba97508 100644
  52 --- a/arch/x86/mm/pti.c
  53 +++ b/arch/x86/mm/pti.c
  54 @@ -367,7 +367,8 @@ static void __init pti_setup_espfix64(void)
  55  static void __init pti_clone_entry_text(void)
  56  {
  57         pti_clone_pmds((unsigned long) __entry_text_start,
  58 -                       (unsigned long) __irqentry_text_end, _PAGE_RW);
  59 +                       (unsigned long) __irqentry_text_end,
  60 +                      _PAGE_RW | _PAGE_GLOBAL);
  61  }
  62
  63  /*
  64 --
  65 2.14.2
  66