[PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Ben Hutchings]

The backport of KAISER to 4.4 turned vsyscall emulate mode into native
mode.  Add a vsyscall_pgprot variable to hold the correct page
protections, like Borislav and Hugh did for 3.2 and 3.18.

Cc: Borislav Petkov <bp@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
---
I think this is also needed for 4.9 but haven't tested there.

Ben.

 arch/x86/entry/vsyscall/vsyscall_64.c | 7 ++++---
 arch/x86/include/asm/vsyscall.h       | 1 +
 arch/x86/mm/kaiser.c                  | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index 112178b401a1..2d359991a273 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vsyscall_mode =
 #else
 	EMULATE;
 #endif
+unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;
 
 static int __init vsyscall_setup(char *str)
 {
@@ -336,11 +337,11 @@ void __init map_vsyscall(void)
 	extern char __vsyscall_page;
 	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
 
+	if (vsyscall_mode != NATIVE)
+		vsyscall_pgprot = __PAGE_KERNEL_VVAR;
 	if (vsyscall_mode != NONE)
 		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
-			     vsyscall_mode == NATIVE
-			     ? PAGE_KERNEL_VSYSCALL
-			     : PAGE_KERNEL_VVAR);
+			     __pgprot(vsyscall_pgprot));
 
 	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
 		     (unsigned long)VSYSCALL_ADDR);
diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h
index 4865e10dbb55..9ee85066f407 100644
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -13,6 +13,7 @@ extern void map_vsyscall(void);
  */
 extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
 extern bool vsyscall_enabled(void);
+extern unsigned long vsyscall_pgprot;
 #else
 static inline void map_vsyscall(void) {}
 static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
index 8af98513d36c..2298434f7bdb 100644
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -345,7 +345,7 @@ void __init kaiser_init(void)
 	if (vsyscall_enabled())
 		kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
 					  PAGE_SIZE,
-					   __PAGE_KERNEL_VSYSCALL);
+					  vsyscall_pgprot);
 
 	for_each_possible_cpu(cpu) {
 		void *percpu_vaddr = __per_cpu_user_mapped_start +
-- 
2.15.0.rc0

Re: [PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Greg Kroah-Hartman]

On Fri, Jan 26, 2018 at 04:23:02PM +0000, Ben Hutchings wrote:
> The backport of KAISER to 4.4 turned vsyscall emulate mode into native
> mode.  Add a vsyscall_pgprot variable to hold the correct page
> protections, like Borislav and Hugh did for 3.2 and 3.18.
> 
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Hugh Dickins <hughd@google.com>
> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> ---
> I think this is also needed for 4.9 but haven't tested there.

Yeah, looks like 4.9 also needs this.  Thanks a lot for this, I didn't
think to look at the older backports recently.

greg k-h

Re: [PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Hugh Dickins]

On Fri, 26 Jan 2018, Greg Kroah-Hartman wrote:
> On Fri, Jan 26, 2018 at 04:23:02PM +0000, Ben Hutchings wrote:
> > The backport of KAISER to 4.4 turned vsyscall emulate mode into native
> > mode.  Add a vsyscall_pgprot variable to hold the correct page
> > protections, like Borislav and Hugh did for 3.2 and 3.18.

Oh yes, you're right, Ben: I was uneasy about the lack of vsyscall_pgprot
there, but had completely paged-out how it's the faulting that makes
emulate emulate instead of native.  Thanks a lot for the fixup.

But I hope "3.18" there is an unimportant typo (perhaps for "3.8"),
rather than evidence that I've lost my marbles - I did indeed supply
3.18.72-based tarfiles early on, but those were before we'd even begun
to look into unbreaking vsyscalls.

I haven't updated those 3.18 patches since that time, and was a day or
two away from asking you, Greg, what is the status of 3.18? I didn't
bother to update those patches because I saw it marked EOL as soon as
Meltdown+Spectre was announced; yet it now appears to have a life
beyond death, getting non-Meltdown+Spectre updates every week or so.

I can certainly (but not until next week) put together a 3.18.92-
based tarfile or tarfiles, equivalent to what I sent for 3.8 and 3.10
(on kaiser-discuss backports list) a couple of days ago. That is, like
what I sent before for 3.18.72, but with all the fixups and pti= boot
option and KAISER->PAGE_TABLE_ISOLATION renaming that's come in since
(But I cannot bear to go further myself, into retpoline etc, sorry.)

Would a 3.18 Kaiser update be helpful, or are you preferring to force
people off 3.18 by not providing those updates? Or preferring to wait
a bit longer, until 4.4 and 4.9 and 4.14 have settled down?

> > 
> > Cc: Borislav Petkov <bp@suse.de>
> > Cc: Hugh Dickins <hughd@google.com>
> > Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> > ---
> > I think this is also needed for 4.9 but haven't tested there.
> 
> Yeah, looks like 4.9 also needs this.  Thanks a lot for this, I didn't
> think to look at the older backports recently.

Yes, the same for 4.9 is good, thank you.

And no need for you to delve into those older backports, we'll keep
you up to date if anything does come up there - though perhaps with
a few days delay - I've two or three updates to 4.4 and 4.9 which
came to light while researching what 3.8 needed, but still won't
have time to assemble patches for you today.

(I'm thinking Dave Hansen's tboot fix needed, and perf fix for Robert
Swiecki's intel_bts crash; and Pavel Tatashin's pgd allocation change
might be over-allocating when pti=off, I've not tested yet but it
looked that way.)

Hugh

Re: [PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Greg Kroah-Hartman]

On Fri, Jan 26, 2018 at 12:23:17PM -0800, Hugh Dickins wrote:
> I haven't updated those 3.18 patches since that time, and was a day or
> two away from asking you, Greg, what is the status of 3.18? I didn't
> bother to update those patches because I saw it marked EOL as soon as
> Meltdown+Spectre was announced; yet it now appears to have a life
> beyond death, getting non-Meltdown+Spectre updates every week or so.

I am not doing any Meltdown/Spectre patches for 3.18, because yes, it
really is EOL.  I am only continuing to maintain it because there are
some vendors that rely on it at the moment, and they usually just take
these releases + the android-common kernel tree together.  As the needed
ARM Meltdown patches are in the android-common tree right now (and not
really anywhere else at all), that is sufficient for their use.

> I can certainly (but not until next week) put together a 3.18.92-
> based tarfile or tarfiles, equivalent to what I sent for 3.8 and 3.10
> (on kaiser-discuss backports list) a couple of days ago. That is, like
> what I sent before for 3.18.72, but with all the fixups and pti= boot
> option and KAISER->PAGE_TABLE_ISOLATION renaming that's come in since
> (But I cannot bear to go further myself, into retpoline etc, sorry.)
> 
> Would a 3.18 Kaiser update be helpful, or are you preferring to force
> people off 3.18 by not providing those updates? Or preferring to wait
> a bit longer, until 4.4 and 4.9 and 4.14 have settled down?

I'm not recommending anyone use the 3.18 tree unless they know what they
are doing right now :)

And yes, I would love for them to move off of that tree as soon as
possible, but usually due to huge out-of-tree SoC patches, they can not
do that easily, if at all, right now.

So no need for a 3.18 Kaiser update for me at all, I do not need or want
it.

thanks,

greg k-h

Re: [PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Hugh Dickins]

On Sun, Jan 28, 2018 at 4:13 AM, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> On Fri, Jan 26, 2018 at 12:23:17PM -0800, Hugh Dickins wrote:
>> I haven't updated those 3.18 patches since that time, and was a day or
>> two away from asking you, Greg, what is the status of 3.18? I didn't
>> bother to update those patches because I saw it marked EOL as soon as
>> Meltdown+Spectre was announced; yet it now appears to have a life
>> beyond death, getting non-Meltdown+Spectre updates every week or so.
>
> I am not doing any Meltdown/Spectre patches for 3.18, because yes, it
> really is EOL.  I am only continuing to maintain it because there are
> some vendors that rely on it at the moment, and they usually just take
> these releases + the android-common kernel tree together.  As the needed
> ARM Meltdown patches are in the android-common tree right now (and not
> really anywhere else at all), that is sufficient for their use.
>
>> I can certainly (but not until next week) put together a 3.18.92-
>> based tarfile or tarfiles, equivalent to what I sent for 3.8 and 3.10
>> (on kaiser-discuss backports list) a couple of days ago. That is, like
>> what I sent before for 3.18.72, but with all the fixups and pti= boot
>> option and KAISER->PAGE_TABLE_ISOLATION renaming that's come in since
>> (But I cannot bear to go further myself, into retpoline etc, sorry.)
>>
>> Would a 3.18 Kaiser update be helpful, or are you preferring to force
>> people off 3.18 by not providing those updates? Or preferring to wait
>> a bit longer, until 4.4 and 4.9 and 4.14 have settled down?
>
> I'm not recommending anyone use the 3.18 tree unless they know what they
> are doing right now :)
>
> And yes, I would love for them to move off of that tree as soon as
> possible, but usually due to huge out-of-tree SoC patches, they can not
> do that easily, if at all, right now.
>
> So no need for a 3.18 Kaiser update for me at all, I do not need or want
> it.

Okay, that's very clear now - thanks.

Hugh

Patch "vsyscall: Fix permissions for emulate mode with KAISER/PTI" has been added to the 4.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    vsyscall: Fix permissions for emulate mode with KAISER/PTI

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From ben.hutchings@codethink.co.uk  Fri Jan 26 17:35:59 2018
From: Ben Hutchings <ben.hutchings@codethink.co.uk>
Date: Fri, 26 Jan 2018 16:23:02 +0000
Subject: vsyscall: Fix permissions for emulate mode with KAISER/PTI
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Borislav Petkov <bp@suse.de>, Hugh Dickins <hughd@google.com>, stable@vger.kernel.org
Message-ID: <20180126162302.ei4tmiltl73npmr6@xylophone.i.decadent.org.uk>

From: Ben Hutchings <ben.hutchings@codethink.co.uk>

The backport of KAISER to 4.4 turned vsyscall emulate mode into native
mode.  Add a vsyscall_pgprot variable to hold the correct page
protections, like Borislav and Hugh did for 3.2 and 3.18.

Cc: Borislav Petkov <bp@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/entry/vsyscall/vsyscall_64.c |    7 ++++---
 arch/x86/include/asm/vsyscall.h       |    1 +
 arch/x86/mm/kaiser.c                  |    2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vs
 #else
 	EMULATE;
 #endif
+unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;
 
 static int __init vsyscall_setup(char *str)
 {
@@ -336,11 +337,11 @@ void __init map_vsyscall(void)
 	extern char __vsyscall_page;
 	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
 
+	if (vsyscall_mode != NATIVE)
+		vsyscall_pgprot = __PAGE_KERNEL_VVAR;
 	if (vsyscall_mode != NONE)
 		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
-			     vsyscall_mode == NATIVE
-			     ? PAGE_KERNEL_VSYSCALL
-			     : PAGE_KERNEL_VVAR);
+			     __pgprot(vsyscall_pgprot));
 
 	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
 		     (unsigned long)VSYSCALL_ADDR);
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -13,6 +13,7 @@ extern void map_vsyscall(void);
  */
 extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
 extern bool vsyscall_enabled(void);
+extern unsigned long vsyscall_pgprot;
 #else
 static inline void map_vsyscall(void) {}
 static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -345,7 +345,7 @@ void __init kaiser_init(void)
 	if (vsyscall_enabled())
 		kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
 					  PAGE_SIZE,
-					   __PAGE_KERNEL_VSYSCALL);
+					  vsyscall_pgprot);
 
 	for_each_possible_cpu(cpu) {
 		void *percpu_vaddr = __per_cpu_user_mapped_start +


Patches currently in stable-queue which might be from ben.hutchings@codethink.co.uk are

queue-4.4/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
queue-4.4/x86-microcode-intel-fix-bdw-late-loading-revision-check.patch

Patch "vsyscall: Fix permissions for emulate mode with KAISER/PTI" has been added to the 4.9-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    vsyscall: Fix permissions for emulate mode with KAISER/PTI

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From ben.hutchings@codethink.co.uk  Fri Jan 26 17:35:59 2018
From: Ben Hutchings <ben.hutchings@codethink.co.uk>
Date: Fri, 26 Jan 2018 16:23:02 +0000
Subject: vsyscall: Fix permissions for emulate mode with KAISER/PTI
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Borislav Petkov <bp@suse.de>, Hugh Dickins <hughd@google.com>, stable@vger.kernel.org
Message-ID: <20180126162302.ei4tmiltl73npmr6@xylophone.i.decadent.org.uk>

From: Ben Hutchings <ben.hutchings@codethink.co.uk>

The backport of KAISER to 4.4 turned vsyscall emulate mode into native
mode.  Add a vsyscall_pgprot variable to hold the correct page
protections, like Borislav and Hugh did for 3.2 and 3.18.

Cc: Borislav Petkov <bp@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 arch/x86/entry/vsyscall/vsyscall_64.c |    7 ++++---
 arch/x86/include/asm/vsyscall.h       |    1 +
 arch/x86/mm/kaiser.c                  |    2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vs
 #else
 	EMULATE;
 #endif
+unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;
 
 static int __init vsyscall_setup(char *str)
 {
@@ -336,11 +337,11 @@ void __init map_vsyscall(void)
 	extern char __vsyscall_page;
 	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);
 
+	if (vsyscall_mode != NATIVE)
+		vsyscall_pgprot = __PAGE_KERNEL_VVAR;
 	if (vsyscall_mode != NONE)
 		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
-			     vsyscall_mode == NATIVE
-			     ? PAGE_KERNEL_VSYSCALL
-			     : PAGE_KERNEL_VVAR);
+			     __pgprot(vsyscall_pgprot));
 
 	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
 		     (unsigned long)VSYSCALL_ADDR);
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -13,6 +13,7 @@ extern void map_vsyscall(void);
  */
 extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
 extern bool vsyscall_enabled(void);
+extern unsigned long vsyscall_pgprot;
 #else
 static inline void map_vsyscall(void) {}
 static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -344,7 +344,7 @@ void __init kaiser_init(void)
 	if (vsyscall_enabled())
 		kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
 					  PAGE_SIZE,
-					   __PAGE_KERNEL_VSYSCALL);
+					  vsyscall_pgprot);
 
 	for_each_possible_cpu(cpu) {
 		void *percpu_vaddr = __per_cpu_user_mapped_start +


Patches currently in stable-queue which might be from ben.hutchings@codethink.co.uk are

queue-4.9/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch