From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 679631382C5 for ; Thu, 4 Jan 2018 07:40:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 86B60E080E; Thu, 4 Jan 2018 07:40:26 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 53BAFE080E for ; Thu, 4 Jan 2018 07:40:24 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 86A8B335C03 for ; Thu, 4 Jan 2018 07:40:23 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D4CCA147 for ; Thu, 4 Jan 2018 07:40:21 +0000 (UTC) From: "Alice Ferrazzi" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Alice Ferrazzi" Message-ID: <1515051405.699a12a2e1c3b010def959c76faf7dddc4588b8d.alicef@gentoo> Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 0000_README 1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch X-VCS-Directories: / X-VCS-Committer: alicef X-VCS-Committer-Name: Alice Ferrazzi X-VCS-Revision: 699a12a2e1c3b010def959c76faf7dddc4588b8d X-VCS-Branch: 4.14 Date: Thu, 4 Jan 2018 07:40:21 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 1fd2683d-5723-471a-af27-99a7e3a3bd03 X-Archives-Hash: 36405c838cd2a99a6a2d574f74ec612c commit: 699a12a2e1c3b010def959c76faf7dddc4588b8d Author: Alice Ferrazzi gentoo org> AuthorDate: Thu Jan 4 07:36:45 2018 +0000 Commit: Alice Ferrazzi gentoo org> CommitDate: Thu Jan 4 07:36:45 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=699a12a2 x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat() 0000_README | 4 ++ ...rnel_CR3_at_early_in_entry_SYSCALL_compat.patch | 68 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) diff --git a/0000_README b/0000_README index 0cab5bc..d47f74d 100644 --- a/0000_README +++ b/0000_README @@ -103,6 +103,10 @@ Patch: 1701_make_sure_the_user_kernel_PTEs_match.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/patch/?id=52994c256df36fda9a715697431cba9daecb6b11 Desc: x86/pti: Make sure the user/kernel PTEs match +Patch: 1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=WIP.x86/pti&id=d7732ba55c4b6a2da339bb12589c515830cfac2c +Desc: Switch to kernel CR3 at early in entry_SYSCALL_compat() + Patch: 2100_bcache-data-corruption-fix-for-bi-partno.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62530ed8b1d07a45dec94d46e521c0c6c2d476e6 Desc: bio: ensure __bio_clone_fast copies bi_partno. diff --git a/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch new file mode 100644 index 0000000..12d9555 --- /dev/null +++ b/1702_switch_to_kernel_CR3_at_early_in_entry_SYSCALL_compat.patch @@ -0,0 +1,68 @@ +From d7732ba55c4b6a2da339bb12589c515830cfac2c Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 3 Jan 2018 19:52:04 +0100 +Subject: x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat() + +The preparation for PTI which added CR3 switching to the entry code +misplaced the CR3 switch in entry_SYSCALL_compat(). + +With PTI enabled the entry code tries to access a per cpu variable after +switching to kernel GS. This fails because that variable is not mapped to +user space. This results in a double fault and in the worst case a kernel +crash. + +Move the switch ahead of the access and clobber RSP which has been saved +already. + +Fixes: 8a09317b895f ("x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching") +Reported-by: Lars Wendler +Reported-by: Laura Abbott +Signed-off-by: Thomas Gleixner +Cc: Borislav Betkov +Cc: Andy Lutomirski , +Cc: Dave Hansen , +Cc: Peter Zijlstra , +Cc: Greg KH , , +Cc: Boris Ostrovsky , +Cc: Juergen Gross +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/alpine.DEB.2.20.1801031949200.1957@nanos +--- + arch/x86/entry/entry_64_compat.S | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S +index 40f1700..98d5358 100644 +--- a/arch/x86/entry/entry_64_compat.S ++++ b/arch/x86/entry/entry_64_compat.S +@@ -190,8 +190,13 @@ ENTRY(entry_SYSCALL_compat) + /* Interrupts are off on entry. */ + swapgs + +- /* Stash user ESP and switch to the kernel stack. */ ++ /* Stash user ESP */ + movl %esp, %r8d ++ ++ /* Use %rsp as scratch reg. User ESP is stashed in r8 */ ++ SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp ++ ++ /* Switch to the kernel stack */ + movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp + + /* Construct struct pt_regs on stack */ +@@ -220,12 +225,6 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) + pushq $0 /* pt_regs->r15 = 0 */ + + /* +- * We just saved %rdi so it is safe to clobber. It is not +- * preserved during the C calls inside TRACE_IRQS_OFF anyway. +- */ +- SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi +- +- /* + * User mode is traced as though IRQs are on, and SYSENTER + * turned them off. + */ +-- +cgit v1.1 +