Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932869AbeAKVgz (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Thu, 11 Jan 2018 16:36:55 -0500
Received: from userp2120.oracle.com ([156.151.31.85]:52362 "EHLO
        userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932290AbeAKVgx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 11 Jan 2018 16:36:53 -0500
Subject: Re: [PATCH 4.4 00/37] 4.4.110-stable review
To: Linus Torvalds <torvalds@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Hugh Dickins <hughd@google.com>, Thomas Voegtle <tv@lio96.de>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Guenter Roeck <linux@roeck-us.net>,
        Shuah Khan <shuahkh@osg.samsung.com>, patches@kernelci.org,
        Ben Hutchings <ben.hutchings@codethink.co.uk>,
        lkft-triage@lists.linaro.org, stable <stable@vger.kernel.org>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Borislav Petkov <bp@alien8.de>
References: <20180105175229.GA29834@kroah.com>
 <CAOAebxv47m34R1qteFaQB1-x4jsUVJPPvPLVe4jxRGZeFUY2qA@mail.gmail.com>
 <CAOAebxuqK4TOktLrHNLdW-S3oSxVO2og84js7N5u_QDC7mE2Ow@mail.gmail.com>
 <20180105204557.GA8839@kroah.com>
 <a93f30d1-e00e-419b-532d-203be16e2299@oracle.com>
 <20180107104540.GB14783@kroah.com>
 <CAOAebxsBVTyS2gSXh4c-g1b8Lvjv9MBG3Wjr_AC+LJpMLHRqEA@mail.gmail.com>
 <CAOAebxsP1LLV-Eg_h8brbxfsn_tpRDR46yrVZeokrFt3ArRuMA@mail.gmail.com>
 <20180108074645.GA24062@kroah.com>
 <CAOAebxu_gGE5chc-Mn=zBo_M3ojExvooNfvFRWOT=FygoffjLQ@mail.gmail.com>
 <CAOAebxuecMGOVe4zfNgk+t3mXVnDaWVA-GLdb+HiX3t9LNnxLg@mail.gmail.com>
 <CAOAebxu-OY-sxEZVzOkrG0iVG92ACiMNWk9xXVqZjj8kO5gp3A@mail.gmail.com>
 <CAOAebxtr6fg+_qpCpotgcWyfAzDZEczZ3SuGHQkRSEE3MKh8Mg@mail.gmail.com>
 <CA+55aFxji41K_MdLAKiZ7MaXNT4w=OV0yQiTvroJs0_jy6DUOw@mail.gmail.com>
 <alpine.DEB.2.20.1801112105010.2091@nanos>
 <CA+55aFxq5dsmeGaXxR55+P+P+6MDjUkEUWkLp8pb3j+GOFYxTw@mail.gmail.com>
From: Steven Sistare <steven.sistare@oracle.com>
Organization: Oracle Corporation
Message-ID: <627a5a80-b759-e90e-ae65-193a4213f643@oracle.com>
Date: Thu, 11 Jan 2018 16:35:12 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CA+55aFxq5dsmeGaXxR55+P+P+6MDjUkEUWkLp8pb3j+GOFYxTw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8771 signatures=668652
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1801110290
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 1/11/2018 3:46 PM, Linus Torvalds wrote:
> On Thu, Jan 11, 2018 at 12:37 PM, Thomas Gleixner <tglx@linutronix.de> wrote:
>>
>> 67a9108ed431 ("x86/efi: Build our own page table structures")
>>
>> got rid of EFI depending on real_mode_header->trampoline_pgd
> 
> So I think it only got rid of by default - the codepath is still
> there, the allocation is still there, it's just that it's not actually
> used unless somebody does that "efi=old_mmap" thing.
> 
> Looking around, there's at least one quirk for the SGI UV1 system that
> enables EFI_OLD_MMAP automatically. There might be others that I
> missed, but I think that's it.
> 
> So it *can* trigger without "efi=old_mmap", but not on any normal machines.
> 
> And as Pavel points out, even when the bug is active, it's pretty hard
> to actually trigger.
> 
> But yeah, there may be other EFI patches that I didn't notice that
> changed things in other ways too.
> 
>                Linus

The bug is not present in the latest upstream kernel because the efi_pgd is
correctly aligned:

  arch/x86/platform/efi/efi_64.c
    int __init efi_alloc_page_tables(void)
      efi_pgd = (pgd_t *)__get_free_pages(gfp_mask, PGD_ALLOCATION_ORDER);

  arch/x86/include/asm/pgalloc.h
    +#ifdef CONFIG_PAGE_TABLE_ISOLATION
    +#define PGD_ALLOCATION_ORDER 1
    +#else
    +#define PGD_ALLOCATION_ORDER 0
    +#endif

Pavel's patch fixes kernels prior to
  67a9108ed431 ("x86/efi: Build our own page table structures")

where the efi pgd allocation looks like:

  arch/x86/realmode/init.c
    void __init reserve_real_mode(void)
       mem = memblock_find_in_range(0, 1<<20, size, PAGE_SIZE);
       base = __va(mem);
       real_mode_header = (struct real_mode_header *) base;

  void __init setup_real_mode(void)
    trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd);

Kernel versions between 67a9108ed431 and the latest also have the bug and
need a similar fix:

  arch/x86/platform/efi/efi_64.c

    int __init efi_alloc_page_tables(void)
      efi_pgd = (pgd_t *)__get_free_page(gfp_mask);

    int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
      pgd = efi_pgd;
      efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);

All of the code paths above are taken when *not* EFI_OLD_MMAP.

- Steve