From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: x86@kernel.org, Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirsky <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@intel.com>,
Borislav Petkov <bpetkov@suse.de>,
Greg KH <gregkh@linuxfoundation.org>,
keescook@google.com, hughd@google.com,
Brian Gerst <brgerst@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Rik van Riel <riel@redhat.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>,
David Laight <David.Laight@aculab.com>,
Eduardo Valentin <eduval@amazon.com>,
aliguori@amazon.com, Will Deacon <will.deacon@arm.com>,
daniel.gruss@iaik.tugraz.at, Kees Cook <keescook@chromium.org>,
Borislav Petkov <bp@alien8.de>
Subject: [patch V163 40/51] x86/pti: Map the vsyscall page if needed
Date: Mon, 18 Dec 2017 12:42:55 +0100 [thread overview]
Message-ID: <20171218115256.905957973@linutronix.de> (raw)
In-Reply-To: 20171218114215.239543034@linutronix.de
[-- Attachment #1: x86-pti--Map_the_vsyscall_page_if_needed.patch --]
[-- Type: text/plain, Size: 4147 bytes --]
From: Andy Lutomirski <luto@kernel.org>
Make VSYSCALLs work fully in PTI mode.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Borislav Petkov <bp@alien8.de>
---
arch/x86/entry/vsyscall/vsyscall_64.c | 6 +--
arch/x86/include/asm/vsyscall.h | 1
arch/x86/mm/pti.c | 63 ++++++++++++++++++++++++++++++++++
3 files changed, 67 insertions(+), 3 deletions(-)
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -343,14 +343,14 @@ int in_gate_area_no_mm(unsigned long add
* vsyscalls but leave the page not present. If so, we skip calling
* this.
*/
-static void __init set_vsyscall_pgtable_user_bits(void)
+void __init set_vsyscall_pgtable_user_bits(pgd_t *root)
{
pgd_t *pgd;
p4d_t *p4d;
pud_t *pud;
pmd_t *pmd;
- pgd = pgd_offset_k(VSYSCALL_ADDR);
+ pgd = pgd_offset_pgd(root, VSYSCALL_ADDR);
pgd->pgd |= _PAGE_USER;
p4d = p4d_offset(pgd, VSYSCALL_ADDR);
#if CONFIG_PGTABLE_LEVELS >= 5
@@ -372,7 +372,7 @@ void __init map_vsyscall(void)
vsyscall_mode == NATIVE
? PAGE_KERNEL_VSYSCALL
: PAGE_KERNEL_VVAR);
- set_vsyscall_pgtable_user_bits();
+ set_vsyscall_pgtable_user_bits(swapper_pg_dir);
}
BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -7,6 +7,7 @@
#ifdef CONFIG_X86_VSYSCALL_EMULATION
extern void map_vsyscall(void);
+extern void set_vsyscall_pgtable_user_bits(pgd_t *root);
/*
* Called on instruction fetch fault in vsyscall page.
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -38,6 +38,7 @@
#include <asm/cpufeature.h>
#include <asm/hypervisor.h>
+#include <asm/vsyscall.h>
#include <asm/cmdline.h>
#include <asm/pti.h>
#include <asm/pgtable.h>
@@ -191,6 +192,48 @@ static pmd_t *pti_user_pagetable_walk_pm
return pmd_offset(pud, address);
}
+/*
+ * Walk the shadow copy of the page tables (optionally) trying to allocate
+ * page table pages on the way down. Does not support large pages.
+ *
+ * Note: this is only used when mapping *new* kernel data into the
+ * user/shadow page tables. It is never used for userspace data.
+ *
+ * Returns a pointer to a PTE on success, or NULL on failure.
+ */
+static pte_t *pti_user_pagetable_walk_pte(unsigned long address)
+{
+ gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
+ pmd_t *pmd = pti_user_pagetable_walk_pmd(address);
+ pte_t *pte;
+
+ /* We can't do anything sensible if we hit a large mapping. */
+ if (pmd_large(*pmd)) {
+ WARN_ON(1);
+ return NULL;
+ }
+
+ if (pmd_none(*pmd)) {
+ unsigned long new_pte_page = __get_free_page(gfp);
+ if (!new_pte_page)
+ return NULL;
+
+ if (pmd_none(*pmd)) {
+ set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page)));
+ new_pte_page = 0;
+ }
+ if (new_pte_page)
+ free_page(new_pte_page);
+ }
+
+ pte = pte_offset_kernel(pmd, address);
+ if (pte_flags(*pte) & _PAGE_USER) {
+ WARN_ONCE(1, "attempt to walk to user pte\n");
+ return NULL;
+ }
+ return pte;
+}
+
static void __init
pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear)
{
@@ -250,6 +293,25 @@ static void __init pti_setup_espfix64(vo
#endif
}
+static void __init pti_setup_vsyscall(void)
+{
+#ifdef CONFIG_X86_VSYSCALL_EMULATION
+ pte_t *pte, *target_pte;
+ unsigned int level;
+
+ pte = lookup_address(VSYSCALL_ADDR, &level);
+ if (!pte || WARN_ON(level != PG_LEVEL_4K) || pte_none(*pte))
+ return;
+
+ target_pte = pti_user_pagetable_walk_pte(VSYSCALL_ADDR);
+ if (WARN_ON(!target_pte))
+ return;
+
+ *target_pte = *pte;
+ set_vsyscall_pgtable_user_bits(kernel_to_user_pgdp(swapper_pg_dir));
+#endif
+}
+
/*
* Clone the populated PMDs of the user shared fixmaps into the user space
* visible page table.
@@ -289,4 +351,5 @@ void __init pti_init(void)
pti_clone_user_shared();
pti_clone_entry_text();
pti_setup_espfix64();
+ pti_setup_vsyscall();
}
next prev parent reply other threads:[~2017-12-18 11:58 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-18 11:42 [patch V163 00/51] x86/pti: Updated patch queue Thomas Gleixner
2017-12-18 11:42 ` [patch V163 01/51] x86/mm/dump_pagetables: Check PAGE_PRESENT for real Thomas Gleixner
2017-12-18 14:07 ` Borislav Petkov
2017-12-18 11:42 ` [patch V163 02/51] x86/vsyscall/64: Explicitly set _PAGE_USER in the pagetable hierarchy Thomas Gleixner
2017-12-18 14:21 ` Borislav Petkov
2017-12-18 11:42 ` [patch V163 03/51] x86/vsyscall/64: Warn and fail vsyscall emulation in NATIVE mode Thomas Gleixner
2017-12-18 14:44 ` Borislav Petkov
2017-12-18 11:42 ` [patch V163 04/51] arch: Allow arch_dup_mmap() to fail Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 05/51] x86/ldt: Rework locking Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 06/51] x86/ldt: Prevent ldt inheritance on exec Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 07/51] x86/mm/64: Improve the memory map documentation Thomas Gleixner
2017-12-18 11:42 ` [patch V163 08/51] x86/doc: Remove obvious weirdness Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 09/51] x86/entry: Remove SYSENTER_stack naming Thomas Gleixner
2017-12-18 11:42 ` [patch V163 10/51] x86/uv: Use the right tlbflush API Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 11/51] x86/microcode: Dont abuse the tlbflush interface Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 12/51] x86/mm: Use __flush_tlb_one() for kernel memory Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 13/51] x86/mm: Remove superfluous barriers Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 14/51] x86/mm: Clarify which functions are supposed to flush what Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 15/51] x86/mm: Move the CR3 construction functions to tlbflush.h Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 16/51] x86/mm: Remove hard-coded ASID limit checks Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 17/51] x86/mm: Put MMU to hardware ASID translation in one place Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 18/51] x86/mm: Create asm/invpcid.h Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 19/51] init: Invoke init_espfix_bsp() from mm_init() Thomas Gleixner
2017-12-18 11:42 ` [patch V163 20/51] x86/cpufeatures: Add X86_BUG_CPU_INSECURE Thomas Gleixner
2017-12-18 11:42 ` [patch V163 21/51] x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 22/51] x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching Thomas Gleixner
2017-12-18 11:42 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 23/51] x86/mm/pti: Add infrastructure for page table isolation Thomas Gleixner
2017-12-18 11:42 ` [patch V163 24/51] x86/mm/pti: Add mapping helper functions Thomas Gleixner
2017-12-18 12:52 ` Peter Zijlstra
2017-12-18 11:42 ` [patch V163 25/51] x86/mm/pti: Allow NX poison to be set in p4d/pgd Thomas Gleixner
2017-12-18 11:42 ` [patch V163 26/51] x86/mm/pti: Allocate a separate user PGD Thomas Gleixner
2017-12-18 11:42 ` [patch V163 27/51] x86/mm/pti: Populate " Thomas Gleixner
2017-12-18 20:34 ` Dave Hansen
2017-12-18 20:41 ` Peter Zijlstra
2017-12-18 20:45 ` Dave Hansen
2017-12-18 20:57 ` Peter Zijlstra
2017-12-19 7:48 ` Ingo Molnar
2017-12-19 18:08 ` Thomas Gleixner
2017-12-20 0:22 ` Thomas Gleixner
2017-12-20 16:26 ` Juergen Gross
2017-12-20 19:50 ` Thomas Gleixner
2017-12-18 22:11 ` Andy Lutomirski
2017-12-18 11:42 ` [patch V163 28/51] x86/mm/pti: Add functions to clone kernel PMDs Thomas Gleixner
2017-12-18 13:08 ` Peter Zijlstra
2017-12-18 11:42 ` [patch V163 29/51] x86/mm/pti: Force entry through trampoline when PTI active Thomas Gleixner
2017-12-18 11:42 ` [patch V163 30/51] x86/fixmap: Move the CPU entry area into a separate PMD Thomas Gleixner
2017-12-18 11:42 ` [patch V163 31/51] x86/mm/pti: Share cpu_entry_area PMDs Thomas Gleixner
2017-12-18 11:42 ` [patch V163 32/51] x86/entry: Align entry text section to PMD boundary Thomas Gleixner
2017-12-18 11:42 ` [patch V163 33/51] x86/mm/pti: Share entry text PMD Thomas Gleixner
2017-12-18 11:42 ` [patch V163 34/51] x86/mm/pti: Map ESPFIX into user space Thomas Gleixner
2017-12-18 11:42 ` [patch V163 35/51] x86/fixmap: Move IDT fixmap into the cpu_entry_area range Thomas Gleixner
2017-12-18 11:42 ` [patch V163 36/51] x86/fixmap: Add debugstore entries to cpu_entry_area Thomas Gleixner
2017-12-18 11:42 ` [patch V163 37/51] x86/events/intel/ds: Map debug buffers in fixmap Thomas Gleixner
2017-12-18 13:18 ` Peter Zijlstra
2017-12-18 11:42 ` [patch V163 38/51] x86/mm/64: Make a full PGD-entry size hole in the memory map Thomas Gleixner
2017-12-18 13:27 ` Peter Zijlstra
2017-12-19 18:09 ` Thomas Gleixner
2017-12-19 18:14 ` Thomas Gleixner
2017-12-18 11:42 ` [patch V163 39/51] x86/pti: Put the LDT in its own PGD if PTI is on Thomas Gleixner
2017-12-18 13:46 ` Peter Zijlstra
2017-12-18 11:42 ` Thomas Gleixner [this message]
2017-12-18 11:42 ` [patch V163 41/51] x86/mm: Allow flushing for future ASID switches Thomas Gleixner
2017-12-18 11:42 ` [patch V163 42/51] x86/mm: Abstract switching CR3 Thomas Gleixner
2017-12-18 11:42 ` [patch V163 43/51] x86/mm: Use/Fix PCID to optimize user/kernel switches Thomas Gleixner
2017-12-18 11:42 ` [patch V163 44/51] x86/mm: Optimize RESTORE_CR3 Thomas Gleixner
2017-12-18 11:43 ` [patch V163 45/51] x86/mm: Use INVPCID for __native_flush_tlb_single() Thomas Gleixner
2017-12-18 11:43 ` [patch V163 46/51] x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming Thomas Gleixner
2017-12-18 11:43 ` Thomas Gleixner
2017-12-18 11:43 ` [patch V163 47/51] x86/mm/pti: Add Kconfig Thomas Gleixner
2017-12-18 11:43 ` Thomas Gleixner
2017-12-18 11:43 ` [patch V163 48/51] x86/mm/dump_pagetables: Add page table directory Thomas Gleixner
2017-12-18 11:43 ` [patch V163 49/51] x86/mm/dump_pagetables: Check user space page table for WX pages Thomas Gleixner
2017-12-18 11:43 ` Thomas Gleixner
2017-12-18 11:43 ` [patch V163 50/51] x86/mm/dump_pagetables: Allow dumping current pagetables Thomas Gleixner
2017-12-18 11:43 ` Thomas Gleixner
2017-12-18 11:43 ` [patch V163 51/51] x86/ldt: Make the LDT mapping RO Thomas Gleixner
2017-12-18 13:48 ` Peter Zijlstra
2017-12-18 12:11 ` [patch V163 00/51] x86/pti: Updated patch queue Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171218115256.905957973@linutronix.de \
--to=tglx@linutronix.de \
--cc=David.Laight@aculab.com \
--cc=aliguori@amazon.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=bpetkov@suse.de \
--cc=brgerst@gmail.com \
--cc=daniel.gruss@iaik.tugraz.at \
--cc=dave.hansen@intel.com \
--cc=dvlasenk@redhat.com \
--cc=eduval@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=riel@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.