Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755578AbeAHK2Z (ORCPT + 1 other); Mon, 8 Jan 2018 05:28:25 -0500 Received: from mx1.redhat.com ([209.132.183.28]:31621 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755062AbeAHK2Y (ORCPT ); Mon, 8 Jan 2018 05:28:24 -0500 Date: Mon, 8 Jan 2018 11:28:05 +0100 From: Andrea Arcangeli To: Thomas Gleixner Cc: Jon Masters , "Woodhouse, David" , Paolo Bonzini , Alan Cox , Linus Torvalds , Andi Kleen , Greg Kroah-Hartman , Tim Chen , Linux Kernel Mailing List , Dave Hansen , Jeff Law , Nick Clifton Subject: Re: Avoid speculative indirect calls in kernel Message-ID: <20180108102805.GK25546@redhat.com> References: <20180104015920.1ad7b9d3@alans-desktop> <1515054014.12987.75.camel@amazon.co.uk> <403e65be-cfd1-fd08-0401-2e26470b63d4@redhat.com> <4dde456c-fd15-e768-8876-5844c8b7c455@redhat.com> <9976a670-a023-ea1f-3f13-ee5253092533@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.2 (2017-12-15) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 08 Jan 2018 10:28:24 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Fri, Jan 05, 2018 at 10:59:28AM +0100, Thomas Gleixner wrote: > I've seen the insanities which were crammed into the distro kernels, which > have sysctls and whatever, but at the same time these kernels shipped in a Debugfs tunables only, there are no sysctl, quoting Greg: http://lkml.kernel.org/r/20180107082026.GA11510@kroah.com "It's a debugfs api, it can be changed at any time, to be anything we want, and all is fine :)" > haste do not even boot on a specific class of machines. [..] If you refer to the two efi_64.c and tboot.c corner case boot failures found over the last weekend those affected upstream 4.15-rc 4.14.12 and all PTI branches in linux-tip too (perhaps less reproducible there because of differences in old_memmap handling). I sent you a better version of the efi_64.c fix from Jiri privately and you still miss the tboot fix in linux-tip so you still got a boot failure to fix there. This is incremental with https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=WIP.x86/pti where the "Unbreak EFI old_memmap" fix is applied. I respinned it after doing the more correct fix in this case too (same as the efi_64.c improvement) while leaving the attribution to the fix to Dave as he did the hard part. >From 0c480d1eeabd56379144a4ed6b6fb24f3b84e40e Mon Sep 17 00:00:00 2001 From: Dave Hansen Date: Sat, 6 Jan 2018 18:41:14 +0100 Subject: [PATCH 1/1] x86/kaiser/efi: unbreak tboot This is another case similar to what EFI does: create a new set of page tables, map some code at a low address, and jump to it. PTI mistakes this low address for userspace and mistakenly marks it non-executable in an effort to make it unusable for userspace. Undo the poison to allow execution. Signed-off-by: Dave Hansen Cc: Ning Sun Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: x86@kernel.org Cc: tboot-devel@lists.sourceforge.net Cc: linux-kernel@vger.kernel.org Signed-off-by: Andrea Arcangeli --- arch/x86/kernel/tboot.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index a4eb27918ceb..75869a4b6c41 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -127,6 +127,7 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn, p4d = p4d_alloc(&tboot_mm, pgd, vaddr); if (!p4d) return -1; + pgd->pgd &= ~_PAGE_NX; pud = pud_alloc(&tboot_mm, p4d, vaddr); if (!pud) return -1; If I can help and assist in any other way let me know. Thanks, Andrea