Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752020AbdCSLZN (ORCPT <rfc822;w@1wt.eu>);
        Sun, 19 Mar 2017 07:25:13 -0400
Received: from terminus.zytor.com ([65.50.211.136]:43358 "EHLO
        terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751286AbdCSLZK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 19 Mar 2017 07:25:10 -0400
Date: Sun, 19 Mar 2017 04:24:49 -0700
From: tip-bot for Andy Lutomirski <tipbot@zytor.com>
Message-ID: <tip-5b781c7e317fcf9f74475dc82bfce2e359dfca13@git.kernel.org>
Cc: mingo@kernel.org, bp@alien8.de, thgarnie@google.com,
        torvalds@linux-foundation.org, tglx@linutronix.de,
        linux-kernel@vger.kernel.org, hpa@zytor.com, luto@kernel.org
Reply-To: bp@alien8.de, thgarnie@google.com, mingo@kernel.org, hpa@zytor.com,
        luto@kernel.org, linux-kernel@vger.kernel.org,
        torvalds@linux-foundation.org, tglx@linutronix.de
In-Reply-To: <62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org>
References: <62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org>
To: linux-tip-commits@vger.kernel.org
Subject: [tip:x86/mm] x86/tls: Forcibly set the accessed bit in TLS segments
Git-Commit-ID: 5b781c7e317fcf9f74475dc82bfce2e359dfca13
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot.git.kernel.org>
Robot-Unsubscribe: Contact <mailto:hpa@kernel.org> to get blacklisted from
 these emails
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2230
Lines: 60

Commit-ID:  5b781c7e317fcf9f74475dc82bfce2e359dfca13
Gitweb:     http://git.kernel.org/tip/5b781c7e317fcf9f74475dc82bfce2e359dfca13
Author:     Andy Lutomirski <luto@kernel.org>
AuthorDate: Sat, 18 Mar 2017 22:17:24 -0700
Committer:  Thomas Gleixner <tglx@linutronix.de>
CommitDate: Sun, 19 Mar 2017 12:14:35 +0100

x86/tls: Forcibly set the accessed bit in TLS segments

For mysterious historical reasons, struct user_desc doesn't indicate
whether segments are accessed.  set_thread_area() has always programmed
segments as non-accessed, so the first write will set the accessed bit.
This will fault if the GDT is read-only.

Fix it by making TLS segments start out accessed.

If this ends up breaking something, we could, in principle, leave TLS
segments non-accessed and fix them up when we get the page fault.  I'd be
surprised, though -- AFAIK all the nasty legacy segmented programs (DOSEMU,
Wine, things that run on DOSEMU and Wine, etc.) do their nasty segmented
things using the LDT and not the GDT.  I assume this is mainly because old
OSes (Linux and otherwise) didn't historically provide APIs to do nasty
things in the GDT.

Fixes: 45fc8757d1d2 ("x86: Make the GDT remapping read-only on 64-bit")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Thomas Garnier <thgarnie@google.com>
Link: http://lkml.kernel.org/r/62b7748542df0164af7e0a5231283b9b13858c45.1489900519.git.luto@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

---
 arch/x86/kernel/tls.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
index 6c89344..dcd699b 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -92,10 +92,17 @@ static void set_tls_desc(struct task_struct *p, int idx,
 	cpu = get_cpu();
 
 	while (n-- > 0) {
-		if (LDT_empty(info) || LDT_zero(info))
+		if (LDT_empty(info) || LDT_zero(info)) {
 			desc->a = desc->b = 0;
-		else
+		} else {
 			fill_ldt(desc, info);
+
+			/*
+			 * Always set the accessed bit so that the CPU
+			 * doesn't try to write to the (read-only) GDT.
+			 */
+			desc->type |= 1;
+		}
 		++info;
 		++desc;
 	}