Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 633c5ed17f
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0216-x86-mm-dump_pagetables-Check-user-space-page-table-f.patch

0216-x86-mm-dump_pagetables-Check-user-space-page-table-f.patch 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. From 2ed23a29f6f9c736c86dcc8d8ab87cc670593503 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Thomas Gleixner <[email protected]>
    3. 

  3. Date: Mon, 4 Dec 2017 15:08:05 +0100
    4. 

  4. Subject: [PATCH 216/242] x86/mm/dump_pagetables: Check user space page table
    5. 

  5.  for WX pages
    6. 

  6. MIME-Version: 1.0
    7. 

  7. Content-Type: text/plain; charset=UTF-8
    8. 

  8. Content-Transfer-Encoding: 8bit
    9. 

  9. 

  10. CVE-2017-5754
    11. 

  11. 

  12. ptdump_walk_pgd_level_checkwx() checks the kernel page table for WX pages,
    13. 

  13. but does not check the PAGE_TABLE_ISOLATION user space page table.
    14. 

  14. 

  15. Restructure the code so that dmesg output is selected by an explicit
    16. 

  16. argument and not implicit via checking the pgd argument for !NULL.
    17. 

  17. 

  18. Add the check for the user space page table.
    19. 

  19. 

  20. Signed-off-by: Thomas Gleixner <[email protected]>
    21. 

  21. Cc: Andy Lutomirski <[email protected]>
    22. 

  22. Cc: Boris Ostrovsky <[email protected]>
    23. 

  23. Cc: Borislav Petkov <[email protected]>
    24. 

  24. Cc: Brian Gerst <[email protected]>
    25. 

  25. Cc: Dave Hansen <[email protected]>
    26. 

  26. Cc: David Laight <[email protected]>
    27. 

  27. Cc: Denys Vlasenko <[email protected]>
    28. 

  28. Cc: Eduardo Valentin <[email protected]>
    29. 

  29. Cc: Greg KH <[email protected]>
    30. 

  30. Cc: H. Peter Anvin <[email protected]>
    31. 

  31. Cc: Josh Poimboeuf <[email protected]>
    32. 

  32. Cc: Juergen Gross <[email protected]>
    33. 

  33. Cc: Linus Torvalds <[email protected]>
    34. 

  34. Cc: Peter Zijlstra <[email protected]>
    35. 

  35. Cc: Will Deacon <[email protected]>
    36. 

  36. Cc: [email protected]
    37. 

  37. Cc: [email protected]
    38. 

  38. Cc: [email protected]
    39. 

  39. Cc: [email protected]
    40. 

  40. Cc: [email protected]
    41. 

  41. Signed-off-by: Ingo Molnar <[email protected]>
    42. 

  42. (cherry picked from commit b4bf4f924b1d7bade38fd51b2e401d20d0956e4d)
    43. 

  43. Signed-off-by: Andy Whitcroft <[email protected]>
    44. 

  44. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    45. 

  45. (cherry picked from commit 1adfe82e8fe5afa2fae59efe498c461d5a52cb6c)
    46. 

  46. Signed-off-by: Fabian Grünbichler <[email protected]>
    47. 

  47. ---
    48. 

  48.  arch/x86/include/asm/pgtable.h |  1 +
    49. 

  49.  arch/x86/mm/debug_pagetables.c |  2 +-
    50. 

  50.  arch/x86/mm/dump_pagetables.c  | 30 +++++++++++++++++++++++++-----
    51. 

  51.  3 files changed, 27 insertions(+), 6 deletions(-)
    52. 

  52. 

  53. diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
    54. 

  54. index 25604b8a251a..4f5eb81cf8be 100644
    55. 

  55. --- a/arch/x86/include/asm/pgtable.h
    56. 

  56. +++ b/arch/x86/include/asm/pgtable.h
    57. 

  57. @@ -17,6 +17,7 @@
    58. 

  58.  #include <asm/x86_init.h>
    59. 

  59.  
    60. 

  60.  void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd);
    61. 

  61. +void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd);
    62. 

  62.  void ptdump_walk_pgd_level_checkwx(void);
    63. 

  63.  
    64. 

  64.  #ifdef CONFIG_DEBUG_WX
    65. 

  65. diff --git a/arch/x86/mm/debug_pagetables.c b/arch/x86/mm/debug_pagetables.c
    66. 

  66. index d1449fb6dc7a..8e70c1599e51 100644
    67. 

  67. --- a/arch/x86/mm/debug_pagetables.c
    68. 

  68. +++ b/arch/x86/mm/debug_pagetables.c
    69. 

  69. @@ -5,7 +5,7 @@
    70. 

  70.  
    71. 

  71.  static int ptdump_show(struct seq_file *m, void *v)
    72. 

  72.  {
    73. 

  73. -	ptdump_walk_pgd_level(m, NULL);
    74. 

  74. +	ptdump_walk_pgd_level_debugfs(m, NULL);
    75. 

  75.  	return 0;
    76. 

  76.  }
    77. 

  77.  
    78. 

  78. diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
    79. 

  79. index eed93dd4cb4a..7b022ad37c4e 100644
    80. 

  80. --- a/arch/x86/mm/dump_pagetables.c
    81. 

  81. +++ b/arch/x86/mm/dump_pagetables.c
    82. 

  82. @@ -457,7 +457,7 @@ static inline bool is_hypervisor_range(int idx)
    83. 

  83.  }
    84. 

  84.  
    85. 

  85.  static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
    86. 

  86. -				       bool checkwx)
    87. 

  87. +				       bool checkwx, bool dmesg)
    88. 

  88.  {
    89. 

  89.  #ifdef CONFIG_X86_64
    90. 

  90.  	pgd_t *start = (pgd_t *) &init_top_pgt;
    91. 

  91. @@ -470,7 +470,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
    92. 

  92.  
    93. 

  93.  	if (pgd) {
    94. 

  94.  		start = pgd;
    95. 

  95. -		st.to_dmesg = true;
    96. 

  96. +		st.to_dmesg = dmesg;
    97. 

  97.  	}
    98. 

  98.  
    99. 

  99.  	st.check_wx = checkwx;
    100. 

  100. @@ -508,13 +508,33 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
    101. 

  101.  
    102. 

  102.  void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd)
    103. 

  103.  {
    104. 

  104. -	ptdump_walk_pgd_level_core(m, pgd, false);
    105. 

  105. +	ptdump_walk_pgd_level_core(m, pgd, false, true);
    106. 

  106. +}
    107. 

  107. +
    108. 

  108. +void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd)
    109. 

  109. +{
    110. 

  110. +	ptdump_walk_pgd_level_core(m, pgd, false, false);
    111. 

  111. +}
    112. 

  112. +EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs);
    113. 

  113. +
    114. 

  114. +static void ptdump_walk_user_pgd_level_checkwx(void)
    115. 

  115. +{
    116. 

  116. +#ifdef CONFIG_PAGE_TABLE_ISOLATION
    117. 

  117. +	pgd_t *pgd = (pgd_t *) &init_top_pgt;
    118. 

  118. +
    119. 

  119. +	if (!static_cpu_has(X86_FEATURE_PTI))
    120. 

  120. +		return;
    121. 

  121. +
    122. 

  122. +	pr_info("x86/mm: Checking user space page tables\n");
    123. 

  123. +	pgd = kernel_to_user_pgdp(pgd);
    124. 

  124. +	ptdump_walk_pgd_level_core(NULL, pgd, true, false);
    125. 

  125. +#endif
    126. 

  126.  }
    127. 

  127. -EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level);
    128. 

  128.  
    129. 

  129.  void ptdump_walk_pgd_level_checkwx(void)
    130. 

  130.  {
    131. 

  131. -	ptdump_walk_pgd_level_core(NULL, NULL, true);
    132. 

  132. +	ptdump_walk_pgd_level_core(NULL, NULL, true, false);
    133. 

  133. +	ptdump_walk_user_pgd_level_checkwx();
    134. 

  134.  }
    135. 

  135.  
    136. 

  136.  static int __init pt_dump_init(void)
    137. 

  137. -- 
    138. 

  138. 2.14.2
    139. 

  139.