linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 06:33:34 +00:00

Linux kernel stable tree

Go to file

Daniel Borkmann 2c4ea6e28d x86/tlb: Fix tlb flushing when lguest clears PGE Fengguang reported random corruptions from various locations on x86-32 after commits `d2852a2240` ("arch: add ARCH_HAS_SET_MEMORY config") and `9d876e79df` ("bpf: fix unlocking of jited image when module ronx not set") that uses the former. While x86-32 doesn't have a JIT like x86_64, the bpf_prog_lock_ro() and bpf_prog_unlock_ro() got enabled due to ARCH_HAS_SET_MEMORY, whereas Fengguang's test kernel doesn't have module support built in and therefore never had the DEBUG_SET_MODULE_RONX setting enabled. After investigating the crashes further, it turned out that using set_memory_ro() and set_memory_rw() didn't have the desired effect, for example, setting the pages as read-only on x86-32 would still let probe_kernel_write() succeed without error. This behavior would manifest itself in situations where the vmalloc'ed buffer was accessed prior to set_memory_*() such as in case of bpf_prog_alloc(). In cases where it wasn't, the page attribute changes seemed to have taken effect, leading to the conclusion that a TLB invalidate didn't happen. Moreover, it turned out that this issue reproduced with qemu in "-cpu kvm64" mode, but not for "-cpu host". When the issue occurs, change_page_attr_set_clr() did trigger a TLB flush as expected via __flush_tlb_all() through cpa_flush_range(), though. There are 3 variants for issuing a TLB flush: invpcid_flush_all() (depends on CPU feature bits X86_FEATURE_INVPCID, X86_FEATURE_PGE), cr4 based flush (depends on X86_FEATURE_PGE), and cr3 based flush. For "-cpu host" case in my setup, the flush used invpcid_flush_all() variant, whereas for "-cpu kvm64", the flush was cr4 based. Switching the kvm64 case to cr3 manually worked fine, and further investigating the cr4 one turned out that X86_CR4_PGE bit was not set in cr4 register, meaning the __native_flush_tlb_global_irq_disabled() wrote cr4 twice with the same value instead of clearing X86_CR4_PGE in the first write to trigger the flush. It turned out that X86_CR4_PGE was cleared from cr4 during init from lguest_arch_host_init() via adjust_pge(). The X86_FEATURE_PGE bit is also cleared from there due to concerns of using PGE in guest kernel that can lead to hard to trace bugs (see `bff672e630` ("lguest: documentation V: Host") in init()). The CPU feature bits are cleared in dynamic boot_cpu_data, but they never propagated to __flush_tlb_all() as it uses static_cpu_has() instead of boot_cpu_has() for testing which variant of TLB flushing to use, meaning they still used the old setting of the host kernel. Clearing via setup_clear_cpu_cap(X86_FEATURE_PGE) so this would propagate to static_cpu_has() checks is too late at this point as sections have been patched already, so for now, it seems reasonable to switch back to boot_cpu_has(X86_FEATURE_PGE) as it was prior to commit `c109bf9599` ("x86/cpufeature: Remove cpu_has_pge"). This lets the TLB flush trigger via cr3 as originally intended, properly makes the new page attributes visible and thus fixes the crashes seen by Fengguang. Fixes: `c109bf9599` ("x86/cpufeature: Remove cpu_has_pge") Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Cc: bp@suse.de Cc: Kees Cook <keescook@chromium.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: netdev@vger.kernel.org Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: lkp@01.org Cc: Laura Abbott <labbott@redhat.com> Cc: stable@vger.kernel.org Link: http://lkml.kernrl.org/r/20170301125426.l4nf65rx4wahohyl@wfg-t540p.sh.intel.com Link: http://lkml.kernel.org/r/25c41ad9eca164be4db9ad84f768965b7eb19d9e.1489191673.git.daniel@iogearbox.net Signed-off-by: Thomas Gleixner <tglx@linutronix.de>		2017-03-12 11:19:29 +01:00
arch	x86/tlb: Fix tlb flushing when lguest clears PGE	2017-03-12 11:19:29 +01:00
block	Merge branch 'for-linus' of git://git.kernel.dk/linux-block	2017-03-03 10:53:35 -08:00
certs	certs: Add a secondary system keyring that can be added to dynamically	2016-04-11 22:48:09 +01:00
crypto	Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2017-03-04 10:42:53 -08:00
Documentation	Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-03-07 14:38:16 -08:00
drivers	Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-03-07 14:47:24 -08:00
firmware	WHENCE: use https://linuxtv.org for LinuxTV URLs	2015-12-04 10:35:11 -02:00
fs	overlayfs: remove now unnecessary header file include	2017-03-08 10:42:13 -08:00
include	kexec, x86/purgatory: Unbreak it and clean it up	2017-03-10 20:55:09 +01:00
init	sched/headers: Prepare to move _init() prototypes from <linux/sched.h> to <linux/sched/init.h>	2017-03-02 08:42:40 +01:00
ipc	Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-03-03 10:16:38 -08:00
kernel	kexec, x86/purgatory: Unbreak it and clean it up	2017-03-10 20:55:09 +01:00
lib	Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-03-07 14:33:11 -08:00
mm	mm, page_alloc: Add missing check for memory holes	2017-03-08 11:10:10 -08:00
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-03-04 17:31:39 -08:00
samples	Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-03-03 11:38:56 -08:00
scripts	There was some breakage with the changes for jump labels in the 4.11 merge	2017-03-07 09:37:28 -08:00
security	Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-03-03 10:16:38 -08:00
sound	sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>	2017-03-02 08:42:32 +01:00
tools	Greg Kroah-Hartman reported to me that the ktest of v4.10 locked up in an	2017-03-08 11:06:05 -08:00
usr	kbuild: initramfs cleanup, set target from Kconfig	2017-01-05 09:40:16 -08:00
virt	Second batch of KVM changes for 4.11 merge window	2017-03-04 11:36:19 -08:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.get_maintainer.ignore	Add hch to .get_maintainer.ignore	2015-08-21 14:30:10 -07:00
.gitattributes	.gitattributes: set git diff driver for C source code files	2016-10-07 18:46:30 -07:00
.gitignore	Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild	2016-08-02 16:48:52 -04:00
.mailmap	mailmap: add codeaurora.org names for nameless email commits	2017-01-10 18:31:55 -08:00
COPYING	[PATCH] update FSF address in COPYING	2005-09-10 10:06:29 -07:00
CREDITS	MAINTAINERS: Remove old e-mail address	2017-02-13 12:24:56 -05:00
Kbuild	scripts/gdb: provide linux constants	2016-05-23 17:04:14 -07:00
Kconfig	kbuild: migrate all arch to the kconfig mainmenu upgrade	2010-09-19 22:54:11 -04:00
MAINTAINERS	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-03-04 17:31:39 -08:00
Makefile	Linux 4.11-rc1	2017-03-05 12:59:56 -08:00
README	README: add a new README file, pointing to the Documentation/	2016-10-24 08:12:35 -02:00

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.