Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2255434ybd; Mon, 24 Jun 2019 03:24:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqxIoP4oEA3A1OOh8tG2KX5k6W3sXuH6kQwBl9AiESrYxjkej2mytmCY3zhLK9ll7W4o0Sfl X-Received: by 2002:a63:c302:: with SMTP id c2mr8631910pgd.300.1561371849583; Mon, 24 Jun 2019 03:24:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561371849; cv=none; d=google.com; s=arc-20160816; b=v8a15AFSCJ+cNfmajNIJVpgo5qR2WrEsu8Bcw6+FiNFKYMGsyAQG8PbDkf2t7QmmYz +Y+LkynxLyz8bnnC+qrmtM4QH7sn30u+AWF0xkAZP7oQyX8Y2YmYednh+YbuubJ2edaF dBJrDhaP68Fn5u+ju+2ieK5vG8Qw5LWnhYzL+hvcLc0c9rEVphcdIAxWlrZ/mpy8FXEw V/HaZIWjr7+roR6DK3lKUuX97cAg/DYd8GTuTAusYjgN0LbmA7+/3Pd/1gx6PElXu2jP sWwrIKvGN7WnH3FYV3GrUfZm77QgO2UA+jyBHyDzcymgKMu+6heUcaJwUy3XsMg+OvZU /gUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=41Ps9s7ZMxQsiCshJlRn7IGAKUrzttSQMzjTJpZCEk4=; b=k6AXPS5tAkY09tqt3sShQ4FAxtXwJ4jGpU84eKSIieuQCFe1akQ6Vcq0LwRlhFXUo6 7GpvW9GtZehRm7uSu2KBdaRi5SRA3b4ulrfWl8LmwTZiUPS9rUVYVS6gZKnBRbGiu6Tx RwTH0qi5lnPw1sQqZxkVHwo/P6qlLjEmjluOBaGe50GOeVUtfCxwXWZr6kQ6mKz0/Gk7 squHNasmtUFwNJtkh0USaF7k8gJ5uVAKWAb95t4iBdSZcCop0VyBrc065+85I9N0zb5a PFQSkCidqj+tX3022/M30aUrNSlcOQ0qKOu4FoGr0rHo0kd5xz9wOEwoSx64KZb9jARN oyRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=usKKz730; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1si11165586pja.67.2019.06.24.03.23.53; Mon, 24 Jun 2019 03:24:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=usKKz730; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731077AbfFXKWP (ORCPT + 99 others); Mon, 24 Jun 2019 06:22:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:58040 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728844AbfFXKWM (ORCPT ); Mon, 24 Jun 2019 06:22:12 -0400 Received: from localhost (f4.8f.5177.ip4.static.sl-reverse.com [119.81.143.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 03E06208E3; Mon, 24 Jun 2019 10:22:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561371731; bh=HLTug+73xEV18S4HARCESJ39ntkwIvzPtZ3If8zC3wk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=usKKz730YEYRjUmVwNd2d2Z+7w40jo7wLn4wyhrA0SkMhZ3kr/az4AC6Mv98tBohw K5SVwEvAHC8T1zbfyQeA7MCMOqWH+pe88qboc/8eeLssjWtSfXnFnPpxEv91MyqVsS jngfXVIDSEsEPDL5g6fAVMUjBfR8ECUY3GOS1Wbo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, x86@kernel.org, Borislav Petkov , Duncan Roe , Andy Lutomirski , Linus Torvalds Subject: [PATCH 5.1 113/121] x86/vdso: Prevent segfaults due to hoisted vclock reads Date: Mon, 24 Jun 2019 17:57:25 +0800 Message-Id: <20190624092326.434277950@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190624092320.652599624@linuxfoundation.org> References: <20190624092320.652599624@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andy Lutomirski commit ff17bbe0bb405ad8b36e55815d381841f9fdeebc upstream. GCC 5.5.0 sometimes cleverly hoists reads of the pvclock and/or hvclock pages before the vclock mode checks. This creates a path through vclock_gettime() in which no vclock is enabled at all (due to disabled TSC on old CPUs, for example) but the pvclock or hvclock page nevertheless read. This will segfault on bare metal. This fixes commit 459e3a21535a ("gcc-9: properly declare the {pv,hv}clock_page storage") in the sense that, before that commit, GCC didn't seem to generate the offending code. There was nothing wrong with that commit per se, and -stable maintainers should backport this to all supported kernels regardless of whether the offending commit was present, since the same crash could just as easily be triggered by the phase of the moon. On GCC 9.1.1, this doesn't seem to affect the generated code at all, so I'm not too concerned about performance regressions from this fix. Cc: stable@vger.kernel.org Cc: x86@kernel.org Cc: Borislav Petkov Reported-by: Duncan Roe Signed-off-by: Andy Lutomirski Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- arch/x86/entry/vdso/vclock_gettime.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/arch/x86/entry/vdso/vclock_gettime.c +++ b/arch/x86/entry/vdso/vclock_gettime.c @@ -128,13 +128,24 @@ notrace static inline u64 vgetcyc(int mo { if (mode == VCLOCK_TSC) return (u64)rdtsc_ordered(); + + /* + * For any memory-mapped vclock type, we need to make sure that gcc + * doesn't cleverly hoist a load before the mode check. Otherwise we + * might end up touching the memory-mapped page even if the vclock in + * question isn't enabled, which will segfault. Hence the barriers. + */ #ifdef CONFIG_PARAVIRT_CLOCK - else if (mode == VCLOCK_PVCLOCK) + if (mode == VCLOCK_PVCLOCK) { + barrier(); return vread_pvclock(); + } #endif #ifdef CONFIG_HYPERV_TSCPAGE - else if (mode == VCLOCK_HVCLOCK) + if (mode == VCLOCK_HVCLOCK) { + barrier(); return vread_hvclock(); + } #endif return U64_MAX; }