From: Michael Ellerman <mpe@ellerman.id.au>
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: linuxppc-dev@ozlabs.org, diana.craciun@nxp.com,
msuchanek@suse.de, christophe.leroy@c-s.fr
Subject: [PATCH stable v4.9 04/35] powerpc: Avoid code patching freed init sections
Date: Thu, 11 Apr 2019 21:45:59 +1000 [thread overview]
Message-ID: <20190411114630.4042-5-mpe@ellerman.id.au> (raw)
In-Reply-To: <20190411114630.4042-1-mpe@ellerman.id.au>
From: Michael Neuling <mikey@neuling.org>
commit 51c3c62b58b357e8d35e4cc32f7b4ec907426fe3 upstream.
This stops us from doing code patching in init sections after they've
been freed.
In this chain:
kvm_guest_init() ->
kvm_use_magic_page() ->
fault_in_pages_readable() ->
__get_user() ->
__get_user_nocheck() ->
barrier_nospec();
We have a code patching location at barrier_nospec() and
kvm_guest_init() is an init function. This whole chain gets inlined,
so when we free the init section (hence kvm_guest_init()), this code
goes away and hence should no longer be patched.
We seen this as userspace memory corruption when using a memory
checker while doing partition migration testing on powervm (this
starts the code patching post migration via
/sys/kernel/mobility/migration). In theory, it could also happen when
using /sys/kernel/debug/powerpc/barrier_nospec.
Cc: stable@vger.kernel.org # 4.13+
Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
---
arch/powerpc/include/asm/setup.h | 1 +
arch/powerpc/lib/code-patching.c | 8 ++++++++
arch/powerpc/mm/mem.c | 2 ++
3 files changed, 11 insertions(+)
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 703ddf752516..709f4e739ae8 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -8,6 +8,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex);
extern unsigned int rtas_data;
extern unsigned long long memory_limit;
+extern bool init_mem_is_free;
extern unsigned long klimit;
extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask);
diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c
index 753d591f1b52..c77c486fbf24 100644
--- a/arch/powerpc/lib/code-patching.c
+++ b/arch/powerpc/lib/code-patching.c
@@ -14,12 +14,20 @@
#include <asm/page.h>
#include <asm/code-patching.h>
#include <asm/uaccess.h>
+#include <asm/setup.h>
+#include <asm/sections.h>
int patch_instruction(unsigned int *addr, unsigned int instr)
{
int err;
+ /* Make sure we aren't patching a freed init section */
+ if (init_mem_is_free && init_section_contains(addr, 4)) {
+ pr_debug("Skipping init section patching addr: 0x%px\n", addr);
+ return 0;
+ }
+
__put_user_size(instr, addr, 4, err);
if (err)
return err;
diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
index 5f844337de21..1e93dbc88e80 100644
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -62,6 +62,7 @@
#endif
unsigned long long memory_limit;
+bool init_mem_is_free;
#ifdef CONFIG_HIGHMEM
pte_t *kmap_pte;
@@ -396,6 +397,7 @@ void __init mem_init(void)
void free_initmem(void)
{
ppc_md.progress = ppc_printk_progress;
+ init_mem_is_free = true;
free_initmem_default(POISON_FREE_INITMEM);
}
--
2.20.1
next prev parent reply other threads:[~2019-04-11 11:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 11:45 [PATCH stable v4.9 00/35] powerpc spectre backports for 4.9 Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 01/35] powerpc: Fix invalid use of register expressions Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 02/35] powerpc/64s: Add barrier_nospec Michael Ellerman
2019-04-11 11:45 ` [PATCH stable v4.9 03/35] powerpc/64s: Add support for ori barrier_nospec patching Michael Ellerman
2019-04-11 11:45 ` Michael Ellerman [this message]
2019-04-11 11:46 ` [PATCH stable v4.9 05/35] powerpc/64s: Patch barrier_nospec in modules Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 06/35] powerpc/64s: Enable barrier_nospec based on firmware settings Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 07/35] powerpc: Use barrier_nospec in copy_from_user() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 08/35] powerpc/64: Use barrier_nospec in syscall entry Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 09/35] powerpc/64s: Enhance the information in cpu_show_spectre_v1() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 10/35] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 11/35] powerpc/64: Disable the speculation barrier from the command line Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 12/35] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 13/35] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 14/35] powerpc/64: Call setup_barrier_nospec() from setup_arch() Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 15/35] powerpc/64: Make meltdown reporting Book3S 64 specific Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 16/35] powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 17/35] powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 18/35] powerpc/asm: Add a patch_site macro & helpers for patching instructions Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 19/35] powerpc/64s: Add new security feature flags for count cache flush Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 20/35] powerpc/64s: Add support for software " Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 21/35] powerpc/pseries: Query hypervisor for count cache flush settings Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 22/35] powerpc/powernv: Query firmware " Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 23/35] powerpc/fsl: Add infrastructure to fixup branch predictor flush Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 24/35] powerpc/fsl: Add macro to flush the branch predictor Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 25/35] powerpc/fsl: Fix spectre_v2 mitigations reporting Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 26/35] powerpc/fsl: Emulate SPRN_BUCSR register Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 27/35] powerpc/fsl: Add nospectre_v2 command line argument Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 28/35] powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 29/35] powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 30/35] powerpc/fsl: Flush branch predictor when entering KVM Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 31/35] powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 32/35] powerpc/fsl: Update Spectre v2 reporting Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 33/35] powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 34/35] powerpc/fsl: Fix the flush of branch predictor Michael Ellerman
2019-04-11 11:46 ` [PATCH stable v4.9 35/35] powerpc/security: Fix spectre_v2 reporting Michael Ellerman
2019-04-11 15:25 ` [PATCH stable v4.9 00/35] powerpc spectre backports for 4.9 Sasha Levin
2019-04-12 2:28 ` Michael Ellerman
2019-04-12 14:04 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190411114630.4042-5-mpe@ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=christophe.leroy@c-s.fr \
--cc=diana.craciun@nxp.com \
--cc=gregkh@linuxfoundation.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=msuchanek@suse.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox