From patchwork Thu Aug 30 12:52:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 963855 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 421Mpp6Hh2z9ryt; Thu, 30 Aug 2018 22:52:50 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1fvMRI-0003sJ-69; Thu, 30 Aug 2018 12:52:44 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1fvMRG-0003s5-GG for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:42 +0000 Received: from mail-ed1-f71.google.com ([209.85.208.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fvMRG-0000c0-8u for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:42 +0000 Received: by mail-ed1-f71.google.com with SMTP id b4-v6so3638267ede.4 for ; Thu, 30 Aug 2018 05:52:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=x/scKWcaG0n8PefhD5BIPo6tbxRBRCi9isPvdDH6d5w=; b=T3micVIO8nbSy3nLfqPOz8fLnOHOF3AriwnoPGfcALrRQyI4kPSKHWDfSzhsEKQccG y2qV/OVqeexB44xWOsLhGbwgLzTKDt5reAvxKkcaUbui3095XWuEjQC6fHhilRnLvB4J RYLqLxyhySgiWntjyh+BPWrS9K9/nocWyQUeEbd6dO8EgV71ecpL0XXVCUk+ZFZkpFkP j2cJbjSe84TycbfTzL4qdT4JKHl1ScdTFzAyynRsZW/Eav81KUbUehR+NnSre2jwbZb5 21aLb1s3CfbyLH6i+8qL8XvFSB0h8RztR9/xDzlZahw8LKLKHwV79Q4PQpwNI4pW8im5 fYWA== X-Gm-Message-State: APzg51DDMLFMrRIbJE0bp6Q6rdgP7vU/Xv/NF/XzBjgI7WIyZtrJZsTM OVCMjiv1JWx40XJ3tsLf5Bya9Z9Jd6X/SvHkHEupNmEK/SjgjBp8rmBYPzBOLQRh4X3PaawpIh2 ww8WO7HelQMJxkqcFA9iwtCQSEf6laK+OpnkKIP9kxw== X-Received: by 2002:a50:d9c6:: with SMTP id x6-v6mr13195148edj.63.1535633561847; Thu, 30 Aug 2018 05:52:41 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZ0YeFURlVEMEj4+pY8HD0GW/DhS/DSt7VI/2Bg3oqCPNQDSYJeVvSp5alX7mtn4rrjy6iPJA== X-Received: by 2002:a50:d9c6:: with SMTP id x6-v6mr13195141edj.63.1535633561698; Thu, 30 Aug 2018 05:52:41 -0700 (PDT) Received: from localhost.localdomain ([81.221.205.149]) by smtp.gmail.com with ESMTPSA id y27-v6sm2953550edb.20.2018.08.30.05.52.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Aug 2018 05:52:41 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][PATCH v2 0/7] Follow-up fixes for CVE-2018-3620/CVE-2018-3646 Date: Thu, 30 Aug 2018 14:52:32 +0200 Message-Id: <20180830125239.16775-1-juergh@canonical.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180822064021.17216-1-juergh@canonical.com> References: <20180822064021.17216-1-juergh@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: juergh@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Turns out that the problem with L1TF and NUMA balancing isn't the aliasing of _PAGE_NUMA and _PAGE_PROTNONE but the following two issues: 1) 3.13 defines NUMA page table operations like pte_mknuma, pmd_mknuma and such, that manipulate NUMA hinting PTEs. These need to be protected against speculation just like the PROT_NONE PTEs, for example. Fix that by adding x86 specific NUMA page table operations. 2) Commit "x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation" modified pud_pfn() and pmd_pfn() to do the PFN bits inversion using pmd_pfn_mask() and pud_pfn_mask() helpers to only invert the relevant part of the PUD/PMD. 3.13 doesn't have these masking helpers and the backport of using PTE_PFN_MASK instead was incorrect. Fix that by backporting the commits that introduce the mask helpers. Compile tested all supported architectures. Ran stress and boot tests both on a physical NUMA machine and a NUMA (and non-NUMA) VM. Colin also ran some extended tests on real NUMA HW and reported no problems. Signed-off-by: Juerg Haefliger Cyrill Gorcunov (1): mm: x86 pgtable: drop unneeded preprocessor ifdef Juerg Haefliger (2): UBUNTU: SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation Revert "UBUNTU: [Config] disable NUMA_BALANCING" Kirill A. Shutemov (1): x86/mm: Fix regression with huge pages on PAE Toshi Kani (3): x86/asm: Move PUD_PAGE macros to page_types.h x86/asm: Add pud/pmd mask interfaces to handle large PAT bit x86/asm: Fix pud/pmd interfaces to handle large PAT bit arch/x86/boot/boot.h | 1 - arch/x86/boot/video-mode.c | 2 + arch/x86/boot/video.c | 2 + arch/x86/include/asm/page_64_types.h | 3 - arch/x86/include/asm/page_types.h | 4 +- arch/x86/include/asm/pgtable-2level.h | 10 ---- arch/x86/include/asm/pgtable.h | 69 +++++++++++++++++++++-- arch/x86/include/asm/pgtable_64.h | 21 +++++-- arch/x86/include/asm/pgtable_types.h | 34 +++++++++-- arch/x86/include/asm/x86_init.h | 1 - debian.master/config/config.common.ubuntu | 4 +- 11 files changed, 119 insertions(+), 32 deletions(-) Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza