Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp6002833ybc; Wed, 27 Nov 2019 13:13:06 -0800 (PST) X-Google-Smtp-Source: APXvYqx2r8f41MnnU2EcC7xDWnxjijduNMWuL5WGeuqgqQ3Ql6lClMKe8Hxz70EwYBy0QHbg1tLi X-Received: by 2002:a17:906:3f8a:: with SMTP id b10mr50882465ejj.315.1574889185997; Wed, 27 Nov 2019 13:13:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574889185; cv=none; d=google.com; s=arc-20160816; b=yaC3oqdGMhtPKjt7DGLsD+aU2IQgV2sidKE7vU4aLibijLALgPrjpcuF4UoVN0d0Iw 26+ZaGDTO5qIbPC+uMxTlAlgezFAQf0E23jTbQJTPf0HU32XbRsQhk45HQRiEHHylq1x u96rflAnAEd2pla3GLGB/GqsCRZyd2iMfgdwvyZKDy+VCTUEvoQfXvqp2JJJrvnJCIjU oil43IIhT4VohCMP5KnvXZX0A/4UpDG/q6QLFxZBWUPE7rzCoroFUqX1IJSpEz9/k7k0 28btx3PEXAcAEaGCOmEPiCfqJCzT5IPOcXwgsEFSZPL+fSog+gArK9KP8gpBiaG4t8xb d0Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=TeFlYBXowjsrArg16djzwy3F5+8SACO1QQaLyMdNFNg=; b=EO/z/xrgfANIoT+9DHVEh4JzraaZ5QA7tGhnQo3VMxK3+RuIUdrayG6aP6bGqjjWTD 7k4Uoko1m1ojZub6S3MUEjs0G2KhjC7rMznVsSbrn/mpthQSv/C/9GLVe55eaj0kOY15 WiU+/70+f+rYKsDclhVkQFjZpPOtvsfNBbxqvcZaBZiyM+eaOSpCPO0ix6RfwvpGJB1s gXn8O7I9yXrZZoh1muN/NKQ8x0T/0IBmj8uDF+p99ckm6LjLskZoXZf7/A99NP/docaD I33EG6l8ONnUOD7/cDrCe1Y2KDyls8vUvlbtZuID2/s+PG6J9G8/IAAvfce37TcRhFI0 /CUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AftuRPYC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id by4si11514644edb.87.2019.11.27.13.12.42; Wed, 27 Nov 2019 13:13:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AftuRPYC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733045AbfK0VK3 (ORCPT + 99 others); Wed, 27 Nov 2019 16:10:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:37550 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733029AbfK0VKY (ORCPT ); Wed, 27 Nov 2019 16:10:24 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B61F42178F; Wed, 27 Nov 2019 21:10:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574889024; bh=vRmXBO5Gu0mvfOSr13Grf3KH9xKlAfzS1tCHm0VwrJI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AftuRPYCOhqpgCNZtX6cUt1nyS/JxMkwgXPZIREiHxpTvJ1jIbrE+JLW8cOWMBbe+ o4DRGlVD+kmrMEovS42ZU0+AIWEmFjcDC5KJ0uq+UcETSn/8+8Oj30m4fyzqOZs2eZ 6hg/NzsSWvVFvxKdUKqCAildzMyk6Twx/uZR7PtM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Gleixner , "Peter Zijlstra (Intel)" , Joerg Roedel , stable@kernel.org Subject: [PATCH 5.3 55/95] x86/pti/32: Size initial_page_table correctly Date: Wed, 27 Nov 2019 21:32:12 +0100 Message-Id: <20191127202920.769722416@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191127202845.651587549@linuxfoundation.org> References: <20191127202845.651587549@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Gleixner commit f490e07c53d66045d9d739e134145ec9b38653d3 upstream. Commit 945fd17ab6ba ("x86/cpu_entry_area: Sync cpu_entry_area to initial_page_table") introduced the sync for the initial page table for 32bit. sync_initial_page_table() uses clone_pgd_range() which does the update for the kernel page table. If PTI is enabled it also updates the user space page table counterpart, which is assumed to be in the next page after the target PGD. At this point in time 32-bit did not have PTI support, so the user space page table update was not taking place. The support for PTI on 32-bit which was introduced later on, did not take that into account and missed to add the user space counter part for the initial page table. As a consequence sync_initial_page_table() overwrites any data which is located in the page behing initial_page_table causing random failures, e.g. by corrupting doublefault_tss and wreckaging the doublefault handler on 32bit. Fix it by adding a "user" page table right after initial_page_table. Fixes: 7757d607c6b3 ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32") Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Joerg Roedel Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/head_32.S | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -571,6 +571,16 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ + +#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * PTI needs another page so sync_initial_pagetable() works correctly + * and does not scribble over the data which is placed behind the + * actual initial_page_table. See clone_pgd_range(). + */ + .fill 1024, 4, 0 +#endif + #endif .data