Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753569AbbGBJLn (ORCPT ); Thu, 2 Jul 2015 05:11:43 -0400 Received: from mailout3.w1.samsung.com ([210.118.77.13]:17857 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753390AbbGBJKX (ORCPT ); Thu, 2 Jul 2015 05:10:23 -0400 X-AuditID: cbfec7f5-f794b6d000001495-2b-5594ffdd64dd From: Andrey Ryabinin To: Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner , x86@kernel.org Cc: Andrey Konovalov , Andrew Morton , Borislav Petkov , Alexander Popov , Dmitry Vyukov , Alexander Potapenko , linux-kernel@vger.kernel.org, Andrey Ryabinin , stable@vger.kernel.org Subject: [PATCH v2 4/6] x86_64: kasan: fix boot crash on AMD processors Date: Thu, 02 Jul 2015 12:09:36 +0300 Message-id: <1435828178-10975-5-git-send-email-a.ryabinin@samsung.com> X-Mailer: git-send-email 2.4.5 In-reply-to: <1435828178-10975-1-git-send-email-a.ryabinin@samsung.com> References: <1435828178-10975-1-git-send-email-a.ryabinin@samsung.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsVy+t/xa7p3/08JNVjVqmWx7dcjNovfe2ey WsxZv4bNYvqOPnaLzxv+sVlMeNjGbtH+cS+zxbSN4haXd81hs7h0YAGTxYKNjxgtNm+aymzx Y8NjVgdej++tfSweO2fdZfdYsKnUY9OqTjaPd+fOsXucmPGbxWP7o6ksHu/3XWXz6NuyitHj 8yY5jxMtX1gDuKO4bFJSczLLUov07RK4MjbesCvo5q84vXMTYwPjCp4uRk4OCQETiQMLD7NA 2GISF+6tZ+ti5OIQEljKKDFxxXcmCKeJSaL52TV2kCo2AT2Jf7O2s4HYIgI1Eh2t3cwgRcwC l5kkHk/tBysSFnCXOPfsNpjNIqAqsffWDKAVHBy8Am4Sy++kgZgSAnISS5trQSo4gao7m96A VQsBVVxrvss0gZF3ASPDKkbR1NLkguKk9FwjveLE3OLSvHS95PzcTYyQMP66g3HpMatDjAIc jEo8vCtqpoQKsSaWFVfmHmKU4GBWEuFd/xIoxJuSWFmVWpQfX1Sak1p8iFGag0VJnHfmrvch QgLpiSWp2ampBalFMFkmDk6pBkaPKFbTlLNdZr+6xY6fZagyWrqs9XLcozXikewSGz6nPXec WWxpdi5034krE1oeeE2y/ft45VnBhOccE7fZrBROyakV12BdsVX1zYMm9+2NwVFMSiJFXrpH LbequmYcca3/4Vow/4fa8U1VAi4+f7d/b3LsOciS8nVRl1/0E4P26TKr1LkWblViKc5INNRi LipOBACE2T4sXwIAAA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2125 Lines: 56 While populating zero shadow wrong bits in upper level page tables used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has _PAGE_BIT_GLOBAL set. Global bit is present only in the lowest level of the page translation hierarchy (ptes), and it should be zero in upper levels. This bug seems doesn't cause any troubles on Intel cpus, while on AMDs it cause kernel crash on boot. Use _KERNPG_TABLE bits for pgds/puds/pmds to fix this. Signed-off-by: Andrey Ryabinin Reported-by: Borislav Petkov Cc: # 4.0+ --- arch/x86/mm/kasan_init_64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 5d26642..9a54dbe 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr, while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) { WARN_ON(!pmd_none(*pmd)); set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PMD_SIZE; pmd = pmd_offset(pud, addr); } @@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr, while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) { WARN_ON(!pud_none(*pud)); set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PUD_SIZE; pud = pud_offset(pgd, addr); } @@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end) while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) { WARN_ON(!pgd_none(*pgd)); set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud) - | __PAGE_KERNEL_RO)); + | _KERNPG_TABLE)); addr += PGDIR_SIZE; pgd = pgd_offset_k(addr); } -- 2.4.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/