[linux] 01/07: x86: setup PCID, preparation work for KPTI.
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Jan 4 12:43:56 UTC 2018
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch stretch-security
in repository linux.
commit 7d7df21bd53c8ccd963f961e663dd4b8c6a795bd
Author: Yves-Alexis Perez <corsac at corsac.net>
Date: Wed Jan 3 22:09:45 2018 +0100
x86: setup PCID, preparation work for KPTI.
---
debian/changelog | 6 ++
...-64-Fix-reboot-interaction-with-CR4.PCIDE.patch | 45 ++++++++
...d-the-nopcid-boot-option-to-turn-off-PCID.patch | 77 ++++++++++++++
.../x86-mm-Disable-PCID-on-32-bit-kernels.patch | 82 +++++++++++++++
...-mm-Enable-CR4.PCIDE-on-supported-systems.patch | 114 +++++++++++++++++++++
debian/patches/series | 6 ++
6 files changed, 330 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 7b3f009..bef29b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (4.9.65-3+deb9u2) UNRELEASED; urgency=high
+
+ * x86: setup PCID, preparation work for KPTI.
+
+ -- Yves-Alexis Perez <corsac at debian.org> Wed, 03 Jan 2018 21:42:44 +0100
+
linux (4.9.65-3+deb9u1) stretch-security; urgency=high
* dccp: CVE-2017-8824: use-after-free in DCCP code
diff --git a/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch b/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
new file mode 100644
index 0000000..123ad0f
--- /dev/null
+++ b/debian/patches/features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
@@ -0,0 +1,45 @@
+From 04bdf71d9f7412364e9bae93f321e6bf776cd1d4 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto at kernel.org>
+Date: Sun, 8 Oct 2017 21:53:05 -0700
+Subject: [PATCH] x86/mm/64: Fix reboot interaction with CR4.PCIDE
+
+commit 924c6b900cfdf376b07bccfd80e62b21914f8a5a upstream.
+
+Trying to reboot via real mode fails with PCID on: long mode cannot
+be exited while CR4.PCIDE is set. (No, I have no idea why, but the
+SDM and actual CPUs are in agreement here.) The result is a GPF and
+a hang instead of a reboot.
+
+I didn't catch this in testing because neither my computer nor my VM
+reboots this way. I can trigger it with reboot=bios, though.
+
+Fixes: 660da7c9228f ("x86/mm: Enable CR4.PCIDE on supported systems")
+Reported-and-tested-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
+Signed-off-by: Andy Lutomirski <luto at kernel.org>
+Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+Cc: Borislav Petkov <bp at alien8.de>
+Link: https://lkml.kernel.org/r/f1e7d965998018450a7a70c2823873686a8b21c0.1507524746.git.luto@kernel.org
+Cc: Hugh Dickins <hughd at google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ arch/x86/kernel/reboot.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
+index 067f9813fd2c..ce020a69bba9 100644
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -106,6 +106,10 @@ void __noreturn machine_real_restart(unsigned int type)
+ load_cr3(initial_page_table);
+ #else
+ write_cr3(real_mode_header->trampoline_pgd);
++
++ /* Exiting long mode will fail if CR4.PCIDE is set. */
++ if (static_cpu_has(X86_FEATURE_PCID))
++ cr4_clear_bits(X86_CR4_PCIDE);
+ #endif
+
+ /* Jump to the identity-mapped low memory code */
+--
+2.15.1
+
diff --git a/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch b/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
new file mode 100644
index 0000000..1aa7e74
--- /dev/null
+++ b/debian/patches/features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
@@ -0,0 +1,77 @@
+From e6a29320de005792c06f2deec2c77b19c42d1e6a Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto at kernel.org>
+Date: Thu, 29 Jun 2017 08:53:20 -0700
+Subject: [PATCH] x86/mm: Add the 'nopcid' boot option to turn off PCID
+
+commit 0790c9aad84901ca1bdc14746175549c8b5da215 upstream.
+
+The parameter is only present on x86_64 systems to save a few bytes,
+as PCID is always disabled on x86_32.
+
+Signed-off-by: Andy Lutomirski <luto at kernel.org>
+Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
+Reviewed-by: Borislav Petkov <bp at suse.de>
+Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
+Cc: Andrew Morton <akpm at linux-foundation.org>
+Cc: Arjan van de Ven <arjan at linux.intel.com>
+Cc: Borislav Petkov <bp at alien8.de>
+Cc: Dave Hansen <dave.hansen at intel.com>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>
+Cc: Mel Gorman <mgorman at suse.de>
+Cc: Peter Zijlstra <peterz at infradead.org>
+Cc: Rik van Riel <riel at redhat.com>
+Cc: linux-mm at kvack.org
+Link: http://lkml.kernel.org/r/8bbb2e65bcd249a5f18bfb8128b4689f08ac2b60.1498751203.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+Cc: Hugh Dickins <hughd at google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ Documentation/kernel-parameters.txt | 2 ++
+ arch/x86/kernel/cpu/common.c | 18 ++++++++++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index 86a6746f6833..152ec4e87b57 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -2795,6 +2795,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+ nopat [X86] Disable PAT (page attribute table extension of
+ pagetables) support.
+
++ nopcid [X86-64] Disable the PCID cpu feature.
++
+ norandmaps Don't use address space randomization. Equivalent to
+ echo 0 > /proc/sys/kernel/randomize_va_space
+
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
+index 4eece91ada37..81c8a535175d 100644
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -163,6 +163,24 @@ static int __init x86_mpx_setup(char *s)
+ }
+ __setup("nompx", x86_mpx_setup);
+
++#ifdef CONFIG_X86_64
++static int __init x86_pcid_setup(char *s)
++{
++ /* require an exact match without trailing characters */
++ if (strlen(s))
++ return 0;
++
++ /* do not emit a message if the feature is not present */
++ if (!boot_cpu_has(X86_FEATURE_PCID))
++ return 1;
++
++ setup_clear_cpu_cap(X86_FEATURE_PCID);
++ pr_info("nopcid: PCID feature disabled\n");
++ return 1;
++}
++__setup("nopcid", x86_pcid_setup);
++#endif
++
+ static int __init x86_noinvpcid_setup(char *s)
+ {
+ /* noinvpcid doesn't accept parameters */
+--
+2.15.1
+
diff --git a/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch b/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
new file mode 100644
index 0000000..2cefbc2
--- /dev/null
+++ b/debian/patches/features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
@@ -0,0 +1,82 @@
+From 1e7f3d8875ee92983bd754982af7f4f044dd057d Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto at kernel.org>
+Date: Thu, 29 Jun 2017 08:53:19 -0700
+Subject: [PATCH] x86/mm: Disable PCID on 32-bit kernels
+
+commit cba4671af7550e008f7a7835f06df0763825bf3e upstream.
+
+32-bit kernels on new hardware will see PCID in CPUID, but PCID can
+only be used in 64-bit mode. Rather than making all PCID code
+conditional, just disable the feature on 32-bit builds.
+
+Signed-off-by: Andy Lutomirski <luto at kernel.org>
+Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
+Reviewed-by: Borislav Petkov <bp at suse.de>
+Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
+Cc: Andrew Morton <akpm at linux-foundation.org>
+Cc: Arjan van de Ven <arjan at linux.intel.com>
+Cc: Borislav Petkov <bp at alien8.de>
+Cc: Dave Hansen <dave.hansen at intel.com>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>
+Cc: Mel Gorman <mgorman at suse.de>
+Cc: Peter Zijlstra <peterz at infradead.org>
+Cc: Rik van Riel <riel at redhat.com>
+Cc: linux-mm at kvack.org
+Link: http://lkml.kernel.org/r/2e391769192a4d31b808410c383c6bf0734bc6ea.1498751203.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+Cc: Hugh Dickins <hughd at google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ arch/x86/include/asm/disabled-features.h | 4 +++-
+ arch/x86/kernel/cpu/bugs.c | 8 ++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
+index 85599ad4d024..21c5ac15657b 100644
+--- a/arch/x86/include/asm/disabled-features.h
++++ b/arch/x86/include/asm/disabled-features.h
+@@ -21,11 +21,13 @@
+ # define DISABLE_K6_MTRR (1<<(X86_FEATURE_K6_MTRR & 31))
+ # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31))
+ # define DISABLE_CENTAUR_MCR (1<<(X86_FEATURE_CENTAUR_MCR & 31))
++# define DISABLE_PCID 0
+ #else
+ # define DISABLE_VME 0
+ # define DISABLE_K6_MTRR 0
+ # define DISABLE_CYRIX_ARR 0
+ # define DISABLE_CENTAUR_MCR 0
++# define DISABLE_PCID (1<<(X86_FEATURE_PCID & 31))
+ #endif /* CONFIG_X86_64 */
+
+ #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
+@@ -43,7 +45,7 @@
+ #define DISABLED_MASK1 0
+ #define DISABLED_MASK2 0
+ #define DISABLED_MASK3 (DISABLE_CYRIX_ARR|DISABLE_CENTAUR_MCR|DISABLE_K6_MTRR)
+-#define DISABLED_MASK4 0
++#define DISABLED_MASK4 (DISABLE_PCID)
+ #define DISABLED_MASK5 0
+ #define DISABLED_MASK6 0
+ #define DISABLED_MASK7 0
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
+index bd17db15a2c1..0b6124315441 100644
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -19,6 +19,14 @@
+
+ void __init check_bugs(void)
+ {
++#ifdef CONFIG_X86_32
++ /*
++ * Regardless of whether PCID is enumerated, the SDM says
++ * that it can't be enabled in 32-bit mode.
++ */
++ setup_clear_cpu_cap(X86_FEATURE_PCID);
++#endif
++
+ identify_boot_cpu();
+ #ifndef CONFIG_SMP
+ pr_info("CPU: ");
+--
+2.15.1
+
diff --git a/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch b/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
new file mode 100644
index 0000000..dc5f904
--- /dev/null
+++ b/debian/patches/features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
@@ -0,0 +1,114 @@
+From b52f937eccd4c68000ba80cd03609bcf1f97c141 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto at kernel.org>
+Date: Thu, 29 Jun 2017 08:53:21 -0700
+Subject: [PATCH] x86/mm: Enable CR4.PCIDE on supported systems
+
+commit 660da7c9228f685b2ebe664f9fd69aaddcc420b5 upstream.
+
+We can use PCID if the CPU has PCID and PGE and we're not on Xen.
+
+By itself, this has no effect. A followup patch will start using PCID.
+
+Signed-off-by: Andy Lutomirski <luto at kernel.org>
+Reviewed-by: Nadav Amit <nadav.amit at gmail.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
+Reviewed-by: Thomas Gleixner <tglx at linutronix.de>
+Cc: Andrew Morton <akpm at linux-foundation.org>
+Cc: Arjan van de Ven <arjan at linux.intel.com>
+Cc: Borislav Petkov <bp at alien8.de>
+Cc: Dave Hansen <dave.hansen at intel.com>
+Cc: Juergen Gross <jgross at suse.com>
+Cc: Linus Torvalds <torvalds at linux-foundation.org>
+Cc: Mel Gorman <mgorman at suse.de>
+Cc: Peter Zijlstra <peterz at infradead.org>
+Cc: Rik van Riel <riel at redhat.com>
+Cc: linux-mm at kvack.org
+Link: http://lkml.kernel.org/r/6327ecd907b32f79d5aa0d466f04503bbec5df88.1498751203.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+Cc: Hugh Dickins <hughd at google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+---
+ arch/x86/include/asm/tlbflush.h | 8 ++++++++
+ arch/x86/kernel/cpu/common.c | 22 ++++++++++++++++++++++
+ arch/x86/xen/enlighten.c | 6 ++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
+index 12dedd6c9e42..7d2ea6b1f7d9 100644
+--- a/arch/x86/include/asm/tlbflush.h
++++ b/arch/x86/include/asm/tlbflush.h
+@@ -191,6 +191,14 @@ static inline void __flush_tlb_all(void)
+ __flush_tlb_global();
+ else
+ __flush_tlb();
++
++ /*
++ * Note: if we somehow had PCID but not PGE, then this wouldn't work --
++ * we'd end up flushing kernel translations for the current ASID but
++ * we might fail to flush kernel translations for other cached ASIDs.
++ *
++ * To avoid this issue, we force PCID off if PGE is off.
++ */
+ }
+
+ static inline void __flush_tlb_one(unsigned long addr)
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
+index 81c8a535175d..91588be529b9 100644
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -324,6 +324,25 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+ }
+ }
+
++static void setup_pcid(struct cpuinfo_x86 *c)
++{
++ if (cpu_has(c, X86_FEATURE_PCID)) {
++ if (cpu_has(c, X86_FEATURE_PGE)) {
++ cr4_set_bits(X86_CR4_PCIDE);
++ } else {
++ /*
++ * flush_tlb_all(), as currently implemented, won't
++ * work if PCID is on but PGE is not. Since that
++ * combination doesn't exist on real hardware, there's
++ * no reason to try to fully support it, but it's
++ * polite to avoid corrupting data if we're on
++ * an improperly configured VM.
++ */
++ clear_cpu_cap(c, X86_FEATURE_PCID);
++ }
++ }
++}
++
+ /*
+ * Protection Keys are not available in 32-bit mode.
+ */
+@@ -1082,6 +1101,9 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+ setup_smep(c);
+ setup_smap(c);
+
++ /* Set up PCID */
++ setup_pcid(c);
++
+ /*
+ * The vendor-specific functions might have changed features.
+ * Now we do "generic changes."
+diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
+index 8f1f7efa848c..2bea87cc0ff2 100644
+--- a/arch/x86/xen/enlighten.c
++++ b/arch/x86/xen/enlighten.c
+@@ -444,6 +444,12 @@ static void __init xen_init_cpuid_mask(void)
+ ~((1 << X86_FEATURE_MTRR) | /* disable MTRR */
+ (1 << X86_FEATURE_ACC)); /* thermal monitoring */
+
++ /*
++ * Xen PV would need some work to support PCID: CR3 handling as well
++ * as xen_flush_tlb_others() would need updating.
++ */
++ cpuid_leaf1_ecx_mask &= ~(1 << (X86_FEATURE_PCID % 32)); /* disable PCID */
++
+ if (!xen_initial_domain())
+ cpuid_leaf1_edx_mask &=
+ ~((1 << X86_FEATURE_ACPI)); /* disable ACPI */
+--
+2.15.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 171924b..4b11b8e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -190,6 +190,12 @@ bugfix/all/liblockdep-fix-unused-value-warnings.patch
bugfix/all/liblockdep-fix-set-but-not-used-warnings.patch
bugfix/all/liblockdep-fix-defined-but-not-used-warning-for-init.patch
+# Setup PCID, prepare for KPTI
+features/all/kpti/x86-mm-Disable-PCID-on-32-bit-kernels.patch
+features/all/kpti/x86-mm-Add-the-nopcid-boot-option-to-turn-off-PCID.patch
+features/all/kpti/x86-mm-Enable-CR4.PCIDE-on-supported-systems.patch
+features/all/kpti/x86-mm-64-Fix-reboot-interaction-with-CR4.PCIDE.patch
+
# ABI maintenance
debian/ip6_fib-avoid-abi-change-in-4.9.51.patch
debian/inet_frag-limit-abi-change-in-4.9.51.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list