Re: [PATCH 4.4] vsyscall: Fix permissions for emulate mode with KAISER/PTI

[Hugh Dickins <hughd@google.com>]

On Fri, 26 Jan 2018, Greg Kroah-Hartman wrote:
> On Fri, Jan 26, 2018 at 04:23:02PM +0000, Ben Hutchings wrote:
> > The backport of KAISER to 4.4 turned vsyscall emulate mode into native
> > mode.  Add a vsyscall_pgprot variable to hold the correct page
> > protections, like Borislav and Hugh did for 3.2 and 3.18.

Oh yes, you're right, Ben: I was uneasy about the lack of vsyscall_pgprot
there, but had completely paged-out how it's the faulting that makes
emulate emulate instead of native.  Thanks a lot for the fixup.

But I hope "3.18" there is an unimportant typo (perhaps for "3.8"),
rather than evidence that I've lost my marbles - I did indeed supply
3.18.72-based tarfiles early on, but those were before we'd even begun
to look into unbreaking vsyscalls.

I haven't updated those 3.18 patches since that time, and was a day or
two away from asking you, Greg, what is the status of 3.18? I didn't
bother to update those patches because I saw it marked EOL as soon as
Meltdown+Spectre was announced; yet it now appears to have a life
beyond death, getting non-Meltdown+Spectre updates every week or so.

I can certainly (but not until next week) put together a 3.18.92-
based tarfile or tarfiles, equivalent to what I sent for 3.8 and 3.10
(on kaiser-discuss backports list) a couple of days ago. That is, like
what I sent before for 3.18.72, but with all the fixups and pti= boot
option and KAISER->PAGE_TABLE_ISOLATION renaming that's come in since
(But I cannot bear to go further myself, into retpoline etc, sorry.)

Would a 3.18 Kaiser update be helpful, or are you preferring to force
people off 3.18 by not providing those updates? Or preferring to wait
a bit longer, until 4.4 and 4.9 and 4.14 have settled down?

> > 
> > Cc: Borislav Petkov <bp@suse.de>
> > Cc: Hugh Dickins <hughd@google.com>
> > Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
> > ---
> > I think this is also needed for 4.9 but haven't tested there.
> 
> Yeah, looks like 4.9 also needs this.  Thanks a lot for this, I didn't
> think to look at the older backports recently.

Yes, the same for 4.9 is good, thank you.

And no need for you to delve into those older backports, we'll keep
you up to date if anything does come up there - though perhaps with
a few days delay - I've two or three updates to 4.4 and 4.9 which
came to light while researching what 3.8 needed, but still won't
have time to assemble patches for you today.

(I'm thinking Dave Hansen's tboot fix needed, and perf fix for Robert
Swiecki's intel_bts crash; and Pavel Tatashin's pgd allocation change
might be over-allocating when pti=off, I've not tested yet but it
looked that way.)

Hugh