Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp2767144ybh; Mon, 5 Aug 2019 06:31:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqxW0kzsJx8PByRDHEbdrZqkpknHqdiRXmVq4hXUbJqlkZx/0fFNsCyYaJPU5uB7oULBTZXz X-Received: by 2002:a17:90a:29c5:: with SMTP id h63mr17452382pjd.83.1565011913264; Mon, 05 Aug 2019 06:31:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565011913; cv=none; d=google.com; s=arc-20160816; b=RRTOrOw73+Syc/9vtGGPnOSDjEyZdoDB5aCTp61vE5wY9SQR2FzFz2cx79dY8xQxGg ffEa3VfzizduCRh92W/4PM65cezUyL4HtDBfuOt/wVIQfrdXYm9c3O2e+mW8hDCVmX2j ISbOg4JQo6EN+fGNPxg19erEd+YvgmVC3OzLo0lgNFrFHnHY3/JNxMFgKifEjOMgO4qh PF3VynKW28qkx0l6YYgQMCOOJ+3IeL9Ji4GHKerzdi6gxIwCwdg2jCeEWnUu211CU51J mh866uDPYznDC/z5o31T8J+b3qSbpADFB7VONC5ANR8ZbjKmpb9+5SE0Y60NQfG1JOmN DeCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=YmvKsNdgtHnhQTVmTI2zVgJSFfut1DJLVFtUwFQDaek=; b=b5dBNHts1NKgm4Xpgerew57D8ihYy7u+78nAnRLxruwMs7idnsrCHVJteiNvMkpwvT dPJrdQxc69WZthyPxwBGcdwO/jxJiIgNJKHdchoITSlmB34cMj+jTOHklEjfg/QUXeys iwlJ3dRHgImMsdJ8nyQopFHU1M/DmYQ9dhN8LKFwAJQu2F4lw8jzqW59En8c012nj0gW N8OmM9NUu66Kr0cJG/oOgyW3oyIidhtWH70YcwGh0ta4HJ+ZmUSeBhS/DGMqR32PSffr 5sUj1JfLlUYJFFvVBx38ZzExv9mpj7pwTlGL/IdEZOlNJfw/PqEX+OnQUlqBZM1WSS72 2/vQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="wE7/Wte9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6si41815700pge.44.2019.08.05.06.31.37; Mon, 05 Aug 2019 06:31:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="wE7/Wte9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729119AbfHENTm (ORCPT + 99 others); Mon, 5 Aug 2019 09:19:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:55754 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729672AbfHENTj (ORCPT ); Mon, 5 Aug 2019 09:19:39 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8BF00216F4; Mon, 5 Aug 2019 13:19:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565011179; bh=eeFIHSL2xp6/VvCSYq3PlJ1aasNV2jep2XmQvnOX6eg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wE7/Wte9VDmTxACJ5fmXwcvlrTVwfY3X9jckfN6Wu8qyGVkvgq1qFItK6rp7Lw14v FPoEp75YaVgnqCwc1sMBrREOIsrtTbPrWUWVKrLDuAAVWQyb2c4FN6NQonHJgx68Ri z55vuJcsoXXkELjSLjWVh5Kk1Ldvxbi/ITXRO8Lg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, x86@kernel.org, Borislav Petkov , Duncan Roe , Andy Lutomirski , Linus Torvalds Subject: [PATCH 4.19 73/74] x86/vdso: Prevent segfaults due to hoisted vclock reads Date: Mon, 5 Aug 2019 15:03:26 +0200 Message-Id: <20190805124941.688410363@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190805124935.819068648@linuxfoundation.org> References: <20190805124935.819068648@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andy Lutomirski commit ff17bbe0bb405ad8b36e55815d381841f9fdeebc upstream. GCC 5.5.0 sometimes cleverly hoists reads of the pvclock and/or hvclock pages before the vclock mode checks. This creates a path through vclock_gettime() in which no vclock is enabled at all (due to disabled TSC on old CPUs, for example) but the pvclock or hvclock page nevertheless read. This will segfault on bare metal. This fixes commit 459e3a21535a ("gcc-9: properly declare the {pv,hv}clock_page storage") in the sense that, before that commit, GCC didn't seem to generate the offending code. There was nothing wrong with that commit per se, and -stable maintainers should backport this to all supported kernels regardless of whether the offending commit was present, since the same crash could just as easily be triggered by the phase of the moon. On GCC 9.1.1, this doesn't seem to affect the generated code at all, so I'm not too concerned about performance regressions from this fix. Cc: stable@vger.kernel.org Cc: x86@kernel.org Cc: Borislav Petkov Reported-by: Duncan Roe Signed-off-by: Andy Lutomirski Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- arch/x86/entry/vdso/vclock_gettime.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/arch/x86/entry/vdso/vclock_gettime.c +++ b/arch/x86/entry/vdso/vclock_gettime.c @@ -191,13 +191,24 @@ notrace static inline u64 vgetsns(int *m if (gtod->vclock_mode == VCLOCK_TSC) cycles = vread_tsc(); + + /* + * For any memory-mapped vclock type, we need to make sure that gcc + * doesn't cleverly hoist a load before the mode check. Otherwise we + * might end up touching the memory-mapped page even if the vclock in + * question isn't enabled, which will segfault. Hence the barriers. + */ #ifdef CONFIG_PARAVIRT_CLOCK - else if (gtod->vclock_mode == VCLOCK_PVCLOCK) + else if (gtod->vclock_mode == VCLOCK_PVCLOCK) { + barrier(); cycles = vread_pvclock(mode); + } #endif #ifdef CONFIG_HYPERV_TSCPAGE - else if (gtod->vclock_mode == VCLOCK_HVCLOCK) + else if (gtod->vclock_mode == VCLOCK_HVCLOCK) { + barrier(); cycles = vread_hvclock(mode); + } #endif else return 0;