[tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments

All of lore.kernel.org
 help / color / mirror / Atom feed

From: tip-bot for Andy Lutomirski <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: mingo@kernel.org, bp@alien8.de, thgarnie@google.com,
	torvalds@linux-foundation.org, tglx@linutronix.de,
	linux-kernel@vger.kernel.org, hpa@zytor.com, luto@kernel.org
Subject: [tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments
Date: Sun, 19 Mar 2017 04:24:49 -0700	[thread overview]
Message-ID: <tip-5b781c7e317fcf9f74475dc82bfce2e359dfca13@git.kernel.org> (raw)
In-Reply-To: <62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org>

Commit-ID:  5b781c7e317fcf9f74475dc82bfce2e359dfca13
Gitweb:     http://git.kernel.org/tip/5b781c7e317fcf9f74475dc82bfce2e359dfca13
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Sat, 18 Mar 2017 22:17:24 -0700
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Sun, 19 Mar 2017 12:14:35 +0100

x86/tls: Forcibly set the accessed bit in TLS segments

For mysterious historical reasons, struct user_desc doesn't indicate
whether segments are accessed.  set_thread_area() has always programmed
segments as non-accessed, so the first write will set the accessed bit.
This will fault if the GDT is read-only.

Fix it by making TLS segments start out accessed.

If this ends up breaking something, we could, in principle, leave TLS
segments non-accessed and fix them up when we get the page fault.  I'd be
surprised, though -- AFAIK all the nasty legacy segmented programs (DOSEMU,
Wine, things that run on DOSEMU and Wine, etc.) do their nasty segmented
things using the LDT and not the GDT.  I assume this is mainly because old
OSes (Linux and otherwise) didn't historically provide APIs to do nasty
things in the GDT.

Fixes: 45fc8757d1d2 ("x86: Make the GDT remapping read-only on 64-bit")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Thomas Garnier <thgarnie@google.com>
Link: http://lkml.kernel.org/r/62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

---
 arch/x86/kernel/tls.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
index 6c89344..dcd699b 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -92,10 +92,17 @@ static void set_tls_desc(struct task_struct *p, int idx,
 	cpu = get_cpu();
 
 	while (n-- > 0) {
-		if (LDT_empty(info) || LDT_zero(info))
+		if (LDT_empty(info) || LDT_zero(info)) {
 			desc->a = desc->b = 0;
-		else
+		} else {
 			fill_ldt(desc, info);
+
+			/*
+			 * Always set the accessed bit so that the CPU
+			 * doesn't try to write to the (read-only) GDT.
+			 */
+			desc->type |= 1;
+		}
 		++info;
 		++desc;
 	}

next prev parent reply	other threads:[~2017-03-19 11:25 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-19  5:17 [PATCH tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments Andy Lutomirski
2017-03-19 11:24 ` tip-bot for Andy Lutomirski [this message]
2017-03-21  5:18 ` Andy Lutomirski
2017-03-21  7:24   ` Ingo Molnar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6c89344 dfblob:dcd699b )
 OR (
bs:"[tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-5b781c7e317fcf9f74475dc82bfce2e359dfca13@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.