Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752120AbbF3JCZ (ORCPT ); Tue, 30 Jun 2015 05:02:25 -0400 Received: from mailout4.w1.samsung.com ([210.118.77.14]:38586 "EHLO mailout4.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751745AbbF3JA1 (ORCPT ); Tue, 30 Jun 2015 05:00:27 -0400 X-AuditID: cbfec7f4-f79c56d0000012ee-0c-55925aa38a5c From: Andrey Ryabinin To: Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner , x86@kernel.org Cc: Andrey Konovalov , Andrew Morton , Borislav Petkov , Alexander Popov , Dmitry Vyukov , Alexander Potapenko , linux-kernel@vger.kernel.org, Andrey Ryabinin , stable@vger.kernel.org Subject: [PATCH 3/5] x86_64: kasan: fix boot crash on AMD processors Date: Tue, 30 Jun 2015 12:00:09 +0300 Message-id: <1435654811-8915-4-git-send-email-a.ryabinin@samsung.com> X-Mailer: git-send-email 2.4.4 In-reply-to: <1435654811-8915-1-git-send-email-a.ryabinin@samsung.com> References: <1435654466-8714-1-git-send-email-a.ryabinin@samsung.com> <1435654811-8915-1-git-send-email-a.ryabinin@samsung.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrALMWRmVeSWpSXmKPExsVy+t/xy7qLoyaFGlz8bWix7dcjNovfe2ey WsxZv4bNYvqOPnaLzxv+sVlMeNjGbtH+cS+zxbSN4haXd81hs7h0YAGTxYKNjxgtNm+aymzx Y8NjVgdej++tfSweO2fdZfdYsKnUY9OqTjaPd+fOsXucmPGbxWP7o6ksHu/3XWXz6NuyitHj 8yY5jxMtX1gDuKO4bFJSczLLUov07RK4Ml5f+Mde0MVfMeXrffYGxuU8XYycHBICJhLT505l g7DFJC7cWw9kc3EICSxllLj7/gyU08Qkca1rN1gVm4CexL9Z28FsEYEaiY7WbmaQImaBy0wS j6f2s4MkhAVcJN7cWs8IYrMIqEoc29TDBGLzCrhKrHv9BGqdnMSV69PBbE4BN4nlr46xQGxr ZJT4dfsO+wRG3gWMDKsYRVNLkwuKk9JzDfWKE3OLS/PS9ZLzczcxQsL5yw7GxcesDjEKcDAq 8fDueD4xVIg1say4MvcQowQHs5IIb53kpFAh3pTEyqrUovz4otKc1OJDjNIcLErivHN3vQ8R EkhPLEnNTk0tSC2CyTJxcEo1MFousH2omnJvfc3f7Uf7v35UfjWr7sJip/86BT8vHTTe6ujQ eOZRcMzx4hS+c6rVwoy+5y5ypLs5/P5wt1NyjW/2wy2aMtzn27O//mEXu3072rfRweAhp6CN zwE3Bdebm8Ib80PntFtMFY+w2Ju2eJb2wlSLoh5xJ/+QiLRfxU7zpq7Ms73frsRSnJFoqMVc VJwIADyI7fZjAgAA Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2124 Lines: 56 While populating zero shadow wrong bits in upper level page tables used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has _PAGE_BIT_GLOBAL set. Global bit is present only in the lowest level of the page translation hierarchy (ptes), and it should be zero in upper levels. This bug seems doesn't cause any troubles on Intel cpus, while on AMDs it cause kernel crash on boot. Use _KERNPG_TABLE bits for pgds/puds/pmds to fix this. Signed-off-by: Andrey Ryabinin Reported-by: Borislav Petkov Cc: # 4.0 --- arch/x86/mm/kasan_init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 5d26642..9a54dbe 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr, while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) { WARN_ON(!pmd_none(*pmd)); set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PMD_SIZE; pmd = pmd_offset(pud, addr); } @@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr, while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) { WARN_ON(!pud_none(*pud)); set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PUD_SIZE; pud = pud_offset(pgd, addr); } @@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end) while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) { WARN_ON(!pgd_none(*pgd)); set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PGDIR_SIZE; pgd = pgd_offset_k(addr); } -- 2.4.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/