Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751977AbbFSLtf (ORCPT ); Fri, 19 Jun 2015 07:49:35 -0400 Received: from mailout3.w1.samsung.com ([210.118.77.13]:28755 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751399AbbFSLtY (ORCPT ); Fri, 19 Jun 2015 07:49:24 -0400 X-AuditID: cbfec7f5-f794b6d000001495-e4-558401c1002a Message-id: <558401BF.3040809@samsung.com> Date: Fri, 19 Jun 2015 14:49:19 +0300 From: Andrey Ryabinin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-version: 1.0 To: Borislav Petkov Cc: Alexander Popov , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Andrey Konovalov , Andrew Morton , Andy Lutomirski , Alexander Kuleshov , Denys Vlasenko , Peter Zijlstra , Kees Cook , x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables References: <1434613012-16046-1-git-send-email-alpopov@ptsecurity.com> <20150618090857.GB1385@pd.tnic> <5582B801.80705@samsung.com> <20150618145510.GC1385@pd.tnic> <5582EC30.8080104@samsung.com> <20150618163846.GF1385@pd.tnic> In-reply-to: <20150618163846.GF1385@pd.tnic> Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOIsWRmVeSWpSXmKPExsVy+t/xK7oHGVtCDc4vZbP4vXcmq8Wc9WvY LKbv6GO3+LzhH5vF+e+H2C2mbRS3ONOda7F+52d2i8u75gCFd61ltbh0YAGTxfHeA0wWmzdN Zbb4seExqwOfx/fWPhaP2Q0XWTx2zrrL7rF5hZbHplWdbB7vzp1j9zgx4zeLx/ZHU1k83u+7 yubxeZOcx4mWL6wB3FFcNimpOZllqUX6dglcGb1/vrEX9AhVLN67k62B8RxfFyMnh4SAicTU KR/YIGwxiQv31gPZXBxCAksZJS4unc8K4XxnlHhy8CIrSBWvgJbEokW7GEFsFgFViQ2vJoDF 2QT0JP7N2g42SVQgQuLt5ZNMEPWCEj8m32MBsUUElCS+LpoLFmcWeMAsMfuKIogtLOAuMW/q bWYQW0jgBaPEpTlAcQ4OTgEdiUONSSAms4C6xJQpuRCd8hKb17xlnsAoMAvJglkIVbOQVC1g ZF7FKJpamlxQnJSea6RXnJhbXJqXrpecn7uJERJdX3cwLj1mdYhRgINRiYfX4FtzqBBrYllx Ze4hRgkOZiUR3gu/gEK8KYmVValF+fFFpTmpxYcYpTlYlMR5Z+56HyIkkJ5YkpqdmlqQWgST ZeLglGpgPNF2yPLwfAmeo5vDubgCN/YGH74x/b0Sp96ULWpXcq2OPfq1uj7GKibWQ2XmrOn7 DuXLp+uYnmp9f0vAVTx2pu3c7Qv7LF7olsem1kw5f9bqxwJjC7sJm3ZeMHX9wWJQcVg4752u wr25vu62N9ZU7Fq9JuLKEbXNRr0WDy+vjRIpbLy/+nRzjRJLcUaioRZzUXEiAEXuzwKqAgAA Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2376 Lines: 70 On 06/18/2015 07:38 PM, Borislav Petkov wrote: > On Thu, Jun 18, 2015 at 07:05:04PM +0300, Andrey Ryabinin wrote: >> What qemu version do you use and how you run it (qemu's command line >> options)? > > Here it is: > -cpu Opteron_G5 I guess that AMD cpus is more strict (unlike Intel) about violation of reserved/unused bits in page table entries. Please, try with this patch. --- From: Andrey Ryabinin Subject: [PATCH] x86_64: kasan: one more fix for KASan zero shadow page tables. While populating zero shadow wrong bits in upper level page tables used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has _PAGE_BIT_GLOBAL set. Global bit is present only in the lowest level of the page translation hierarchy (ptes), and it should be zero in upper levels. This bug seems doesn't cause any troubles on Intel cpus, while on AMDs it crashes kernel. Signed-off-by: Andrey Ryabinin --- arch/x86/mm/kasan_init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 5d26642..9a54dbe 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr, while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) { WARN_ON(!pmd_none(*pmd)); set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PMD_SIZE; pmd = pmd_offset(pud, addr); } @@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr, while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) { WARN_ON(!pud_none(*pud)); set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PUD_SIZE; pud = pud_offset(pgd, addr); } @@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end) while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) { WARN_ON(!pgd_none(*pgd)); set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PGDIR_SIZE; pgd = pgd_offset_k(addr); } -- 2.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in Please read the FAQ at http://www.tux.org/lkml/