Home Explore Help
Register Sign In
Apq
/
pve-edge-kernel
mirror of https://github.com/fabianishere/pve-edge-kernel.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 8d1dbe7c68
Branches Tags
pve-edge-kernel
/
patches
/
kernel
/
0210-x86-mm-Allow-flushing-for-future-ASID-switches.patch

0210-x86-mm-Allow-flushing-for-future-ASID-switches.patch 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192 
  1. From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Dave Hansen <[email protected]>
    3. 

  3. Date: Mon, 4 Dec 2017 15:07:57 +0100
    4. 

  4. Subject: [PATCH] x86/mm: Allow flushing for future ASID switches
    5. 

  5. MIME-Version: 1.0
    6. 

  6. Content-Type: text/plain; charset=UTF-8
    7. 

  7. Content-Transfer-Encoding: 8bit
    8. 

  8. 

  9. CVE-2017-5754
    10. 

  10. 

  11. If changing the page tables in such a way that an invalidation of all
    12. 

  12. contexts (aka. PCIDs / ASIDs) is required, they can be actively invalidated
    13. 

  13. by:
    14. 

  14. 

  15.  1. INVPCID for each PCID (works for single pages too).
    16. 

  16. 

  17.  2. Load CR3 with each PCID without the NOFLUSH bit set
    18. 

  18. 

  19.  3. Load CR3 with the NOFLUSH bit set for each and do INVLPG for each address.
    20. 

  20. 

  21. But, none of these are really feasible since there are ~6 ASIDs (12 with
    22. 

  22. PAGE_TABLE_ISOLATION) at the time that invalidation is required.
    23. 

  23. Instead of actively invalidating them, invalidate the *current* context and
    24. 

  24. also mark the cpu_tlbstate _quickly_ to indicate future invalidation to be
    25. 

  25. required.
    26. 

  26. 

  27. At the next context-switch, look for this indicator
    28. 

  28. ('invalidate_other' being set) invalidate all of the
    29. 

  29. cpu_tlbstate.ctxs[] entries.
    30. 

  30. 

  31. This ensures that any future context switches will do a full flush
    32. 

  32. of the TLB, picking up the previous changes.
    33. 

  33. 

  34. [ tglx: Folded more fixups from Peter ]
    35. 

  35. 

  36. Signed-off-by: Dave Hansen <[email protected]>
    37. 

  37. Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
    38. 

  38. Signed-off-by: Thomas Gleixner <[email protected]>
    39. 

  39. Cc: Andy Lutomirski <[email protected]>
    40. 

  40. Cc: Boris Ostrovsky <[email protected]>
    41. 

  41. Cc: Borislav Petkov <[email protected]>
    42. 

  42. Cc: Brian Gerst <[email protected]>
    43. 

  43. Cc: David Laight <[email protected]>
    44. 

  44. Cc: Denys Vlasenko <[email protected]>
    45. 

  45. Cc: Eduardo Valentin <[email protected]>
    46. 

  46. Cc: Greg KH <[email protected]>
    47. 

  47. Cc: H. Peter Anvin <[email protected]>
    48. 

  48. Cc: Josh Poimboeuf <[email protected]>
    49. 

  49. Cc: Juergen Gross <[email protected]>
    50. 

  50. Cc: Linus Torvalds <[email protected]>
    51. 

  51. Cc: Peter Zijlstra <[email protected]>
    52. 

  52. Cc: Will Deacon <[email protected]>
    53. 

  53. Cc: [email protected]
    54. 

  54. Cc: [email protected]
    55. 

  55. Cc: [email protected]
    56. 

  56. Cc: [email protected]
    57. 

  57. Signed-off-by: Ingo Molnar <[email protected]>
    58. 

  58. (cherry picked from commit 2ea907c4fe7b78e5840c1dc07800eae93248cad1)
    59. 

  59. Signed-off-by: Andy Whitcroft <[email protected]>
    60. 

  60. Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
    61. 

  61. (cherry picked from commit fbb7e6e9e7e7cedecc164d660d08563f88103b56)
    62. 

  62. Signed-off-by: Fabian Grünbichler <[email protected]>
    63. 

  63. ---
    64. 

  64.  arch/x86/include/asm/tlbflush.h | 37 +++++++++++++++++++++++++++++--------
    65. 

  65.  arch/x86/mm/tlb.c               | 35 +++++++++++++++++++++++++++++++++++
    66. 

  66.  2 files changed, 64 insertions(+), 8 deletions(-)
    67. 

  67. 

  68. diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
    69. 

  69. index 503f87c30c15..3769ce182eac 100644
    70. 

  70. --- a/arch/x86/include/asm/tlbflush.h
    71. 

  71. +++ b/arch/x86/include/asm/tlbflush.h
    72. 

  72. @@ -124,6 +124,17 @@ struct tlb_state {
    73. 

  73.  	 */
    74. 

  74.  	bool is_lazy;
    75. 

  75.  
    76. 

  76. +	/*
    77. 

  77. +	 * If set we changed the page tables in such a way that we
    78. 

  78. +	 * needed an invalidation of all contexts (aka. PCIDs / ASIDs).
    79. 

  79. +	 * This tells us to go invalidate all the non-loaded ctxs[]
    80. 

  80. +	 * on the next context switch.
    81. 

  81. +	 *
    82. 

  82. +	 * The current ctx was kept up-to-date as it ran and does not
    83. 

  83. +	 * need to be invalidated.
    84. 

  84. +	 */
    85. 

  85. +	bool invalidate_other;
    86. 

  86. +
    87. 

  87.  	/*
    88. 

  88.  	 * Access to this CR4 shadow and to H/W CR4 is protected by
    89. 

  89.  	 * disabling interrupts when modifying either one.
    90. 

  90. @@ -201,6 +212,14 @@ static inline unsigned long cr4_read_shadow(void)
    91. 

  91.  	return this_cpu_read(cpu_tlbstate.cr4);
    92. 

  92.  }
    93. 

  93.  
    94. 

  94. +/*
    95. 

  95. + * Mark all other ASIDs as invalid, preserves the current.
    96. 

  96. + */
    97. 

  97. +static inline void invalidate_other_asid(void)
    98. 

  98. +{
    99. 

  99. +	this_cpu_write(cpu_tlbstate.invalidate_other, true);
    100. 

  100. +}
    101. 

  101. +
    102. 

  102.  /*
    103. 

  103.   * Save some of cr4 feature set we're using (e.g.  Pentium 4MB
    104. 

  104.   * enable and PPro Global page enable), so that any CPU's that boot
    105. 

  105. @@ -287,14 +306,6 @@ static inline void __flush_tlb_all(void)
    106. 

  106.  		 */
    107. 

  107.  		__flush_tlb();
    108. 

  108.  	}
    109. 

  109. -
    110. 

  110. -	/*
    111. 

  111. -	 * Note: if we somehow had PCID but not PGE, then this wouldn't work --
    112. 

  112. -	 * we'd end up flushing kernel translations for the current ASID but
    113. 

  113. -	 * we might fail to flush kernel translations for other cached ASIDs.
    114. 

  114. -	 *
    115. 

  115. -	 * To avoid this issue, we force PCID off if PGE is off.
    116. 

  116. -	 */
    117. 

  117.  }
    118. 

  118.  
    119. 

  119.  /*
    120. 

  120. @@ -304,6 +315,16 @@ static inline void __flush_tlb_one(unsigned long addr)
    121. 

  121.  {
    122. 

  122.  	count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE);
    123. 

  123.  	__flush_tlb_single(addr);
    124. 

  124. +
    125. 

  125. +	if (!static_cpu_has(X86_FEATURE_PTI))
    126. 

  126. +		return;
    127. 

  127. +
    128. 

  128. +	/*
    129. 

  129. +	 * __flush_tlb_single() will have cleared the TLB entry for this ASID,
    130. 

  130. +	 * but since kernel space is replicated across all, we must also
    131. 

  131. +	 * invalidate all others.
    132. 

  132. +	 */
    133. 

  133. +	invalidate_other_asid();
    134. 

  134.  }
    135. 

  135.  
    136. 

  136.  #define TLB_FLUSH_ALL	-1UL
    137. 

  137. diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
    138. 

  138. index 87d4f961bcb4..ce87b69fb4e0 100644
    139. 

  139. --- a/arch/x86/mm/tlb.c
    140. 

  140. +++ b/arch/x86/mm/tlb.c
    141. 

  141. @@ -28,6 +28,38 @@
    142. 

  142.   *	Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi
    143. 

  143.   */
    144. 

  144.  
    145. 

  145. +/*
    146. 

  146. + * We get here when we do something requiring a TLB invalidation
    147. 

  147. + * but could not go invalidate all of the contexts.  We do the
    148. 

  148. + * necessary invalidation by clearing out the 'ctx_id' which
    149. 

  149. + * forces a TLB flush when the context is loaded.
    150. 

  150. + */
    151. 

  151. +void clear_asid_other(void)
    152. 

  152. +{
    153. 

  153. +	u16 asid;
    154. 

  154. +
    155. 

  155. +	/*
    156. 

  156. +	 * This is only expected to be set if we have disabled
    157. 

  157. +	 * kernel _PAGE_GLOBAL pages.
    158. 

  158. +	 */
    159. 

  159. +	if (!static_cpu_has(X86_FEATURE_PTI)) {
    160. 

  160. +		WARN_ON_ONCE(1);
    161. 

  161. +		return;
    162. 

  162. +	}
    163. 

  163. +
    164. 

  164. +	for (asid = 0; asid < TLB_NR_DYN_ASIDS; asid++) {
    165. 

  165. +		/* Do not need to flush the current asid */
    166. 

  166. +		if (asid == this_cpu_read(cpu_tlbstate.loaded_mm_asid))
    167. 

  167. +			continue;
    168. 

  168. +		/*
    169. 

  169. +		 * Make sure the next time we go to switch to
    170. 

  170. +		 * this asid, we do a flush:
    171. 

  171. +		 */
    172. 

  172. +		this_cpu_write(cpu_tlbstate.ctxs[asid].ctx_id, 0);
    173. 

  173. +	}
    174. 

  174. +	this_cpu_write(cpu_tlbstate.invalidate_other, false);
    175. 

  175. +}
    176. 

  176. +
    177. 

  177.  atomic64_t last_mm_ctx_id = ATOMIC64_INIT(1);
    178. 

  178.  
    179. 

  179.  DEFINE_STATIC_KEY_TRUE(tlb_use_lazy_mode);
    180. 

  180. @@ -43,6 +75,9 @@ static void choose_new_asid(struct mm_struct *next, u64 next_tlb_gen,
    181. 

  181.  		return;
    182. 

  182.  	}
    183. 

  183.  
    184. 

  184. +	if (this_cpu_read(cpu_tlbstate.invalidate_other))
    185. 

  185. +		clear_asid_other();
    186. 

  186. +
    187. 

  187.  	for (asid = 0; asid < TLB_NR_DYN_ASIDS; asid++) {
    188. 

  188.  		if (this_cpu_read(cpu_tlbstate.ctxs[asid].ctx_id) !=
    189. 

  189.  		    next->context.ctx_id)
    190. 

  190. -- 
    191. 

  191. 2.14.2
    192. 

  192.