Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 04f3b8beca
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0117-ACPI-APEI-Replace-ioremap_page_range-with-fixmap.patch

0117-ACPI-APEI-Replace-ioremap_page_range-with-fixmap.patch 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190 
  1. From c18bf2e2bd1efc5430965d0110a8dfc4a25d84ad Mon Sep 17 00:00:00 2001
    2. 

  2. From: James Morse <[email protected]>
    3. 

  3. Date: Mon, 6 Nov 2017 18:44:24 +0000
    4. 

  4. Subject: [PATCH 117/241] ACPI / APEI: Replace ioremap_page_range() with fixmap
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. Replace ghes_io{re,un}map_pfn_{nmi,irq}()s use of ioremap_page_range()
    12. 

  12. with __set_fixmap() as ioremap_page_range() may sleep to allocate a new
    13. 

  13. level of page-table, even if its passed an existing final-address to
    14. 

  14. use in the mapping.
    15. 

  15. 

  16. The GHES driver can only be enabled for architectures that select
    17. 

  17. HAVE_ACPI_APEI: Add fixmap entries to both x86 and arm64.
    18. 

  18. 

  19. clear_fixmap() does the TLB invalidation in __set_fixmap() for arm64
    20. 

  20. and __set_pte_vaddr() for x86. In each case its the same as the
    21. 

  21. respective arch_apei_flush_tlb_one().
    22. 

  22. 

  23. Reported-by: Fengguang Wu <[email protected]>
    24. 

  24. Suggested-by: Linus Torvalds <[email protected]>
    25. 

  25. Signed-off-by: James Morse <[email protected]>
    26. 

  26. Reviewed-by: Borislav Petkov <[email protected]>
    27. 

  27. Tested-by: Tyler Baicar <[email protected]>
    28. 

  28. Tested-by: Toshi Kani <[email protected]>
    29. 

  29. [ For the arm64 bits: ]
    30. 

  30. Acked-by: Will Deacon <[email protected]>
    31. 

  31. [ For the x86 bits: ]
    32. 

  32. Acked-by: Ingo Molnar <[email protected]>
    33. 

  33. Signed-off-by: Rafael J. Wysocki <[email protected]>
    34. 

  34. Cc: All applicable <[email protected]>
    35. 

  35. (cherry picked from commit 4f89fa286f6729312e227e7c2d764e8e7b9d340e)
    36. 

  36. Signed-off-by: Andy Whitcroft <[email protected]>
    37. 

  37. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    38. 

  38. (cherry picked from commit eda363b23c1601f733cb1d7d66d1a4975c4c5d09)
    39. 

  39. Signed-off-by: Fabian Grünbichler <[email protected]>
    40. 

  40. ---
    41. 

  41.  arch/arm64/include/asm/fixmap.h |  7 +++++++
    42. 

  42.  arch/x86/include/asm/fixmap.h   |  6 ++++++
    43. 

  43.  drivers/acpi/apei/ghes.c        | 44 +++++++++++++----------------------------
    44. 

  44.  3 files changed, 27 insertions(+), 30 deletions(-)
    45. 

  45. 

  46. diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
    47. 

  47. index caf86be815ba..4052ec39e8db 100644
    48. 

  48. --- a/arch/arm64/include/asm/fixmap.h
    49. 

  49. +++ b/arch/arm64/include/asm/fixmap.h
    50. 

  50. @@ -51,6 +51,13 @@ enum fixed_addresses {
    51. 

  51.  
    52. 

  52.  	FIX_EARLYCON_MEM_BASE,
    53. 

  53.  	FIX_TEXT_POKE0,
    54. 

  54. +
    55. 

  55. +#ifdef CONFIG_ACPI_APEI_GHES
    56. 

  56. +	/* Used for GHES mapping from assorted contexts */
    57. 

  57. +	FIX_APEI_GHES_IRQ,
    58. 

  58. +	FIX_APEI_GHES_NMI,
    59. 

  59. +#endif /* CONFIG_ACPI_APEI_GHES */
    60. 

  60. +
    61. 

  61.  	__end_of_permanent_fixed_addresses,
    62. 

  62.  
    63. 

  63.  	/*
    64. 

  64. diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
    65. 

  65. index b65155cc3760..81c2b11f50a6 100644
    66. 

  66. --- a/arch/x86/include/asm/fixmap.h
    67. 

  67. +++ b/arch/x86/include/asm/fixmap.h
    68. 

  68. @@ -104,6 +104,12 @@ enum fixed_addresses {
    69. 

  69.  	FIX_GDT_REMAP_BEGIN,
    70. 

  70.  	FIX_GDT_REMAP_END = FIX_GDT_REMAP_BEGIN + NR_CPUS - 1,
    71. 

  71.  
    72. 

  72. +#ifdef CONFIG_ACPI_APEI_GHES
    73. 

  73. +	/* Used for GHES mapping from assorted contexts */
    74. 

  74. +	FIX_APEI_GHES_IRQ,
    75. 

  75. +	FIX_APEI_GHES_NMI,
    76. 

  76. +#endif
    77. 

  77. +
    78. 

  78.  	__end_of_permanent_fixed_addresses,
    79. 

  79.  
    80. 

  80.  	/*
    81. 

  81. diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
    82. 

  82. index 4827176f838d..f9f106e62e74 100644
    83. 

  83. --- a/drivers/acpi/apei/ghes.c
    84. 

  84. +++ b/drivers/acpi/apei/ghes.c
    85. 

  85. @@ -51,6 +51,7 @@
    86. 

  86.  #include <acpi/actbl1.h>
    87. 

  87.  #include <acpi/ghes.h>
    88. 

  88.  #include <acpi/apei.h>
    89. 

  89. +#include <asm/fixmap.h>
    90. 

  90.  #include <asm/tlbflush.h>
    91. 

  91.  #include <ras/ras_event.h>
    92. 

  92.  
    93. 

  93. @@ -112,7 +113,7 @@ static DEFINE_MUTEX(ghes_list_mutex);
    94. 

  94.   * Because the memory area used to transfer hardware error information
    95. 

  95.   * from BIOS to Linux can be determined only in NMI, IRQ or timer
    96. 

  96.   * handler, but general ioremap can not be used in atomic context, so
    97. 

  97. - * a special version of atomic ioremap is implemented for that.
    98. 

  98. + * the fixmap is used instead.
    99. 

  99.   */
    100. 

  100.  
    101. 

  101.  /*
    102. 

  102. @@ -126,8 +127,8 @@ static DEFINE_MUTEX(ghes_list_mutex);
    103. 

  103.  /* virtual memory area for atomic ioremap */
    104. 

  104.  static struct vm_struct *ghes_ioremap_area;
    105. 

  105.  /*
    106. 

  106. - * These 2 spinlock is used to prevent atomic ioremap virtual memory
    107. 

  107. - * area from being mapped simultaneously.
    108. 

  108. + * These 2 spinlocks are used to prevent the fixmap entries from being used
    109. 

  109. + * simultaneously.
    110. 

  110.   */
    111. 

  111.  static DEFINE_RAW_SPINLOCK(ghes_ioremap_lock_nmi);
    112. 

  112.  static DEFINE_SPINLOCK(ghes_ioremap_lock_irq);
    113. 

  113. @@ -159,53 +160,36 @@ static void ghes_ioremap_exit(void)
    114. 

  114.  
    115. 

  115.  static void __iomem *ghes_ioremap_pfn_nmi(u64 pfn)
    116. 

  116.  {
    117. 

  117. -	unsigned long vaddr;
    118. 

  118.  	phys_addr_t paddr;
    119. 

  119.  	pgprot_t prot;
    120. 

  120.  
    121. 

  121. -	vaddr = (unsigned long)GHES_IOREMAP_NMI_PAGE(ghes_ioremap_area->addr);
    122. 

  122. -
    123. 

  123.  	paddr = pfn << PAGE_SHIFT;
    124. 

  124.  	prot = arch_apei_get_mem_attribute(paddr);
    125. 

  125. -	ioremap_page_range(vaddr, vaddr + PAGE_SIZE, paddr, prot);
    126. 

  126. +	__set_fixmap(FIX_APEI_GHES_NMI, paddr, prot);
    127. 

  127.  
    128. 

  128. -	return (void __iomem *)vaddr;
    129. 

  129. +	return (void __iomem *) fix_to_virt(FIX_APEI_GHES_NMI);
    130. 

  130.  }
    131. 

  131.  
    132. 

  132.  static void __iomem *ghes_ioremap_pfn_irq(u64 pfn)
    133. 

  133.  {
    134. 

  134. -	unsigned long vaddr;
    135. 

  135.  	phys_addr_t paddr;
    136. 

  136.  	pgprot_t prot;
    137. 

  137.  
    138. 

  138. -	vaddr = (unsigned long)GHES_IOREMAP_IRQ_PAGE(ghes_ioremap_area->addr);
    139. 

  139. -
    140. 

  140.  	paddr = pfn << PAGE_SHIFT;
    141. 

  141.  	prot = arch_apei_get_mem_attribute(paddr);
    142. 

  142. +	__set_fixmap(FIX_APEI_GHES_IRQ, paddr, prot);
    143. 

  143.  
    144. 

  144. -	ioremap_page_range(vaddr, vaddr + PAGE_SIZE, paddr, prot);
    145. 

  145. -
    146. 

  146. -	return (void __iomem *)vaddr;
    147. 

  147. +	return (void __iomem *) fix_to_virt(FIX_APEI_GHES_IRQ);
    148. 

  148.  }
    149. 

  149.  
    150. 

  150. -static void ghes_iounmap_nmi(void __iomem *vaddr_ptr)
    151. 

  151. +static void ghes_iounmap_nmi(void)
    152. 

  152.  {
    153. 

  153. -	unsigned long vaddr = (unsigned long __force)vaddr_ptr;
    154. 

  154. -	void *base = ghes_ioremap_area->addr;
    155. 

  155. -
    156. 

  156. -	BUG_ON(vaddr != (unsigned long)GHES_IOREMAP_NMI_PAGE(base));
    157. 

  157. -	unmap_kernel_range_noflush(vaddr, PAGE_SIZE);
    158. 

  158. -	arch_apei_flush_tlb_one(vaddr);
    159. 

  159. +	clear_fixmap(FIX_APEI_GHES_NMI);
    160. 

  160.  }
    161. 

  161.  
    162. 

  162. -static void ghes_iounmap_irq(void __iomem *vaddr_ptr)
    163. 

  163. +static void ghes_iounmap_irq(void)
    164. 

  164.  {
    165. 

  165. -	unsigned long vaddr = (unsigned long __force)vaddr_ptr;
    166. 

  166. -	void *base = ghes_ioremap_area->addr;
    167. 

  167. -
    168. 

  168. -	BUG_ON(vaddr != (unsigned long)GHES_IOREMAP_IRQ_PAGE(base));
    169. 

  169. -	unmap_kernel_range_noflush(vaddr, PAGE_SIZE);
    170. 

  170. -	arch_apei_flush_tlb_one(vaddr);
    171. 

  171. +	clear_fixmap(FIX_APEI_GHES_IRQ);
    172. 

  172.  }
    173. 

  173.  
    174. 

  174.  static int ghes_estatus_pool_init(void)
    175. 

  175. @@ -361,10 +345,10 @@ static void ghes_copy_tofrom_phys(void *buffer, u64 paddr, u32 len,
    176. 

  176.  		paddr += trunk;
    177. 

  177.  		buffer += trunk;
    178. 

  178.  		if (in_nmi) {
    179. 

  179. -			ghes_iounmap_nmi(vaddr);
    180. 

  180. +			ghes_iounmap_nmi();
    181. 

  181.  			raw_spin_unlock(&ghes_ioremap_lock_nmi);
    182. 

  182.  		} else {
    183. 

  183. -			ghes_iounmap_irq(vaddr);
    184. 

  184. +			ghes_iounmap_irq();
    185. 

  185.  			spin_unlock_irqrestore(&ghes_ioremap_lock_irq, flags);
    186. 

  186.  		}
    187. 

  187.  	}
    188. 

  188. -- 
    189. 

  189. 2.14.2
    190. 

  190.