Message ID | 20190311103922.21949-1-juergh@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Bionic,PULL] Fix for CVE-2017-5754 (i386) | expand |
On 11.03.19 11:39, Juerg Haefliger wrote: > This pull request contains fix(es) for the following CVE(s): > CVE-2017-5754 (i386) > > This is a pull request to add support for page table isolation for i386. > > The following patches are the orignal patchset that introduced PTI for i386: > * x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > * x86/ldt: Enable LDT user-mapping for PAE > * x86/ldt: Split out sanity check in map_ldt_struct() > * x86/ldt: Define LDT_END_ADDR > * x86/ldt: Reserve address-space range on 32 bit for the LDT > * x86/pgtable/pae: Use separate kernel PMDs for user page-table > * x86/mm/dump_pagetables: Define INIT_PGD > * x86/mm/pti: Clone entry-text again in pti_finalize() > * x86/mm/pti: Introduce pti_finalize() > * x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > * x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > * x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > * x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > * x86/mm/pti: Add an overflow check to pti_clone_pmds() > * x86/mm/legacy: Populate the user page-table with user pgd's > * x86/mm/pae: Populate the user page-table with user pgd's > * x86/mm/pae: Populate valid user PGD entries > * x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > * x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > * x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > * x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > * x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > * x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > * x86/entry: Rename update_sp0 to update_task_stack > * x86/entry/32: Add PTI CR3 switches to NMI handler code > * x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > * x86/entry/32: Simplify debug entry point > * x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > * x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > * x86/entry/32: Leave the kernel via trampoline stack > * x86/entry/32: Enter the kernel via trampoline stack > * x86/entry/32: Split off return-to-kernel path > * x86/entry/32: Unshare NMI return path > * x86/entry/32: Put ESPFIX code into a macro > * x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > * x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > * x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > > The following are prerequisites for the above: > * x86/entry/32: Add explicit 'l' instruction suffix > * x86/pti: Leave kernel text global for !PCID > * x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > * x86/pti: Enable global pages for shared areas > > The following are follow-up enhancements and cleanups of 32-bit PTI: > * x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > * x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > * x86/mm/pti: Move user W+X check into pti_finalize() > * x86/mm/pti: Clone kernel-image on PTE level for 32 bit > * x86/mm/pti: Don't clear permissions in pti_clone_pmd() > * x86/mm/init: Add helper for freeing kernel image pages > * x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > * mm: Allow non-direct-map arguments to free_reserved_area() > * x86/kexec: Allocate 8k PGDs for PTI > * x86/mm: Remove in_nmi() warning from vmalloc_fault() > * x86/entry/32: Check for VM86 mode in slow-path check > * x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > * x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > * x86/entry/32: Add debug code to check entry/exit CR3 > * x86/mm/pti: Add Warning when booting on a PCID capable CPU > > Lastly, the following are follow-up fixes for some of the above: > * x86/dump_pagetables: Fix LDT remap address marker > * x86/mm: Fix guard hole handling > * x86/ldt: Remove unused variable in map_ldt_struct() > * x86/ldt: Unmap PTEs for the slot before freeing LDT pages > * x86/mm: Move LDT remap out of KASLR region on 5-level paging > * x86/entry/32: Clear the CS high bits > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() > * x86/relocs: Add __end_rodata_aligned to S_REL > * x86/mm/pti: Fix 32 bit PCID check > * x86/mm/init: Remove freed kernel image areas from alias mapping > * x86/mm/pti: Clear Global bit more aggressively > * perf/core: Make sure the ring-buffer is mapped in all page-tables > * x86/pti: Disallow global kernel text with RANDSTRUCT > * x86/pti: Reduce amount of kernel text allowed to be Global > * x86/pti: Fix boot warning from Global-bit setting > * x86/pti: Fix boot problems from Global-bit setting > * x86/mm: Fix documentation of module mapping range with 4-level paging > > Compile-tested all architectures. Ran the PTI test (x86 selftests in > combination with perf NMI tests) for 24 hours, no issues found. Ran the > release regression tests, no issues found. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit 76db66f794c4389354ddb35f1f551e54eb67d9ab: > > tun: implement carrier change (2019-03-08 09:23:12 +0100) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/bionic-linux pti-32bit > > for you to fetch changes up to 4cb324be3f1cef481bf04f51ac16ccff3ba677a6: > > x86/dump_pagetables: Fix LDT remap address marker (2019-03-08 17:39:20 +0100) > > ---------------------------------------------------------------- > Baoquan He (1): > x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > > Dave Hansen (12): > x86/pti: Enable global pages for shared areas > x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > x86/pti: Leave kernel text global for !PCID > x86/pti: Fix boot problems from Global-bit setting > x86/pti: Fix boot warning from Global-bit setting > x86/pti: Reduce amount of kernel text allowed to be Global > x86/pti: Disallow global kernel text with RANDSTRUCT > x86/mm/pti: Clear Global bit more aggressively > mm: Allow non-direct-map arguments to free_reserved_area() > x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > x86/mm/init: Add helper for freeing kernel image pages > x86/mm/init: Remove freed kernel image areas from alias mapping > > Guenter Roeck (1): > x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > > Ingo Molnar (1): > x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > > Jan Beulich (1): > x86/entry/32: Add explicit 'l' instruction suffix > > Jan Kiszka (1): > x86/entry/32: Clear the CS high bits > > Jiang Biao (2): > x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > > Joerg Roedel (48): > x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > x86/entry/32: Put ESPFIX code into a macro > x86/entry/32: Unshare NMI return path > x86/entry/32: Split off return-to-kernel path > x86/entry/32: Enter the kernel via trampoline stack > x86/entry/32: Leave the kernel via trampoline stack > x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > x86/entry/32: Simplify debug entry point > x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > x86/entry/32: Add PTI CR3 switches to NMI handler code > x86/entry: Rename update_sp0 to update_task_stack > x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > x86/mm/pae: Populate valid user PGD entries > x86/mm/pae: Populate the user page-table with user pgd's > x86/mm/pti: Add an overflow check to pti_clone_pmds() > x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > x86/mm/pti: Introduce pti_finalize() > x86/mm/pti: Clone entry-text again in pti_finalize() > x86/mm/dump_pagetables: Define INIT_PGD > x86/pgtable/pae: Use separate kernel PMDs for user page-table > x86/ldt: Reserve address-space range on 32 bit for the LDT > x86/ldt: Define LDT_END_ADDR > x86/ldt: Split out sanity check in map_ldt_struct() > x86/ldt: Enable LDT user-mapping for PAE > x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > x86/mm/pti: Add Warning when booting on a PCID capable CPU > x86/entry/32: Add debug code to check entry/exit CR3 > perf/core: Make sure the ring-buffer is mapped in all page-tables > x86/entry/32: Check for VM86 mode in slow-path check > x86/mm: Remove in_nmi() warning from vmalloc_fault() > x86/kexec: Allocate 8k PGDs for PTI > x86/mm/pti: Fix 32 bit PCID check > x86/mm/pti: Don't clear permissions in pti_clone_pmd() > x86/mm/pti: Clone kernel-image on PTE level for 32 bit > x86/relocs: Add __end_rodata_aligned to S_REL > x86/mm/pti: Move user W+X check into pti_finalize() > x86/efi: Load fixmap GDT in efi_call_phys_epilog() > > Juerg Haefliger (1): > UBUNTU: [Config] Update PAGE_TABLE_ISOLATION annotations > > Kirill A. Shutemov (6): > x86/mm: Fix documentation of module mapping range with 4-level paging > x86/mm: Move LDT remap out of KASLR region on 5-level paging > x86/ldt: Unmap PTEs for the slot before freeing LDT pages > x86/ldt: Remove unused variable in map_ldt_struct() > x86/mm: Fix guard hole handling > x86/dump_pagetables: Fix LDT remap address marker > > Documentation/x86/x86_64/mm.txt | 173 +++++--- > arch/x86/entry/entry_32.S | 635 +++++++++++++++++++++++----- > arch/x86/include/asm/mmu_context.h | 5 - > arch/x86/include/asm/page_64_types.h | 12 +- > arch/x86/include/asm/pgtable-2level_types.h | 3 + > arch/x86/include/asm/pgtable-3level.h | 7 + > arch/x86/include/asm/pgtable-3level_types.h | 6 +- > arch/x86/include/asm/pgtable.h | 95 ++++- > arch/x86/include/asm/pgtable_32_types.h | 9 +- > arch/x86/include/asm/pgtable_64.h | 89 +--- > arch/x86/include/asm/pgtable_64_types.h | 13 +- > arch/x86/include/asm/pgtable_types.h | 28 +- > arch/x86/include/asm/processor-flags.h | 8 +- > arch/x86/include/asm/processor.h | 1 + > arch/x86/include/asm/pti.h | 1 + > arch/x86/include/asm/sections.h | 1 + > arch/x86/include/asm/set_memory.h | 1 + > arch/x86/include/asm/switch_to.h | 16 +- > arch/x86/kernel/asm-offsets.c | 5 + > arch/x86/kernel/asm-offsets_32.c | 10 +- > arch/x86/kernel/asm-offsets_64.c | 2 - > arch/x86/kernel/cpu/common.c | 5 +- > arch/x86/kernel/head_32.S | 20 +- > arch/x86/kernel/ldt.c | 192 +++++++-- > arch/x86/kernel/machine_kexec_32.c | 5 +- > arch/x86/kernel/process.c | 2 - > arch/x86/kernel/process_32.c | 2 +- > arch/x86/kernel/process_64.c | 2 +- > arch/x86/kernel/vm86_32.c | 4 +- > arch/x86/kernel/vmlinux.lds.S | 17 +- > arch/x86/mm/cpu_entry_area.c | 14 +- > arch/x86/mm/dump_pagetables.c | 42 +- > arch/x86/mm/fault.c | 2 - > arch/x86/mm/init.c | 45 +- > arch/x86/mm/init_64.c | 8 +- > arch/x86/mm/pageattr.c | 75 +++- > arch/x86/mm/pgtable.c | 105 ++++- > arch/x86/mm/pti.c | 341 +++++++++++++-- > arch/x86/platform/efi/efi_32.c | 7 +- > arch/x86/tools/relocs.c | 1 + > arch/x86/xen/mmu_pv.c | 17 +- > debian.master/config/annotations | 2 +- > include/linux/pti.h | 1 + > init/main.c | 7 + > kernel/events/ring_buffer.c | 16 + > mm/page_alloc.c | 16 +- > security/Kconfig | 2 +- > 47 files changed, 1604 insertions(+), 466 deletions(-) > No way one can review this. From the commit messages it sounds like all parts fall into an expected class of things and are x86 specific, so we need to have a close look at 32bit and 64bit test results in the cycle with this applied. But since there is no other way around than trying... Acked-by: Stefan Bader <stefan.bader@canonical.com>
That was a lot to review. I only spotted one missing commit (mentioned below). I am relying a lot on your testing and the time that these changes have had to bake upstream. On 2019-03-11 11:39:22, Juerg Haefliger wrote: > This pull request contains fix(es) for the following CVE(s): > CVE-2017-5754 (i386) > > This is a pull request to add support for page table isolation for i386. > > The following patches are the orignal patchset that introduced PTI for i386: > * x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > * x86/ldt: Enable LDT user-mapping for PAE > * x86/ldt: Split out sanity check in map_ldt_struct() > * x86/ldt: Define LDT_END_ADDR > * x86/ldt: Reserve address-space range on 32 bit for the LDT > * x86/pgtable/pae: Use separate kernel PMDs for user page-table > * x86/mm/dump_pagetables: Define INIT_PGD > * x86/mm/pti: Clone entry-text again in pti_finalize() > * x86/mm/pti: Introduce pti_finalize() > * x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > * x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > * x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > * x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > * x86/mm/pti: Add an overflow check to pti_clone_pmds() > * x86/mm/legacy: Populate the user page-table with user pgd's > * x86/mm/pae: Populate the user page-table with user pgd's > * x86/mm/pae: Populate valid user PGD entries > * x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > * x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > * x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > * x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > * x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > * x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > * x86/entry: Rename update_sp0 to update_task_stack > * x86/entry/32: Add PTI CR3 switches to NMI handler code > * x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > * x86/entry/32: Simplify debug entry point > * x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > * x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > * x86/entry/32: Leave the kernel via trampoline stack > * x86/entry/32: Enter the kernel via trampoline stack > * x86/entry/32: Split off return-to-kernel path > * x86/entry/32: Unshare NMI return path > * x86/entry/32: Put ESPFIX code into a macro > * x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > * x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > * x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > > The following are prerequisites for the above: > * x86/entry/32: Add explicit 'l' instruction suffix > * x86/pti: Leave kernel text global for !PCID > * x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > * x86/pti: Enable global pages for shared areas > > The following are follow-up enhancements and cleanups of 32-bit PTI: > * x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > * x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > * x86/mm/pti: Move user W+X check into pti_finalize() > * x86/mm/pti: Clone kernel-image on PTE level for 32 bit > * x86/mm/pti: Don't clear permissions in pti_clone_pmd() > * x86/mm/init: Add helper for freeing kernel image pages > * x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > * mm: Allow non-direct-map arguments to free_reserved_area() > * x86/kexec: Allocate 8k PGDs for PTI > * x86/mm: Remove in_nmi() warning from vmalloc_fault() > * x86/entry/32: Check for VM86 mode in slow-path check > * x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > * x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > * x86/entry/32: Add debug code to check entry/exit CR3 > * x86/mm/pti: Add Warning when booting on a PCID capable CPU > > Lastly, the following are follow-up fixes for some of the above: > * x86/dump_pagetables: Fix LDT remap address marker > * x86/mm: Fix guard hole handling > * x86/ldt: Remove unused variable in map_ldt_struct() > * x86/ldt: Unmap PTEs for the slot before freeing LDT pages > * x86/mm: Move LDT remap out of KASLR region on 5-level paging > * x86/entry/32: Clear the CS high bits > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() > * x86/relocs: Add __end_rodata_aligned to S_REL > * x86/mm/pti: Fix 32 bit PCID check > * x86/mm/init: Remove freed kernel image areas from alias mapping > * x86/mm/pti: Clear Global bit more aggressively > * perf/core: Make sure the ring-buffer is mapped in all page-tables I think that you should include commit 0e664eee6533 ("Revert "perf/core: Make sure the ring-buffer is mapped in all page-tables"") thanks to the fact that you included commit 6863ea0cda87 ("x86/mm: Remove in_nmi() warning from vmalloc_fault()") I don't think that this is critical but it would be good to include. Either way, Acked-by: Tyler Hicks <tyhicks@canonical.com> Tyler > * x86/pti: Disallow global kernel text with RANDSTRUCT > * x86/pti: Reduce amount of kernel text allowed to be Global > * x86/pti: Fix boot warning from Global-bit setting > * x86/pti: Fix boot problems from Global-bit setting > * x86/mm: Fix documentation of module mapping range with 4-level paging > > Compile-tested all architectures. Ran the PTI test (x86 selftests in > combination with perf NMI tests) for 24 hours, no issues found. Ran the > release regression tests, no issues found. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit 76db66f794c4389354ddb35f1f551e54eb67d9ab: > > tun: implement carrier change (2019-03-08 09:23:12 +0100) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/bionic-linux pti-32bit > > for you to fetch changes up to 4cb324be3f1cef481bf04f51ac16ccff3ba677a6: > > x86/dump_pagetables: Fix LDT remap address marker (2019-03-08 17:39:20 +0100) > > ---------------------------------------------------------------- > Baoquan He (1): > x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > > Dave Hansen (12): > x86/pti: Enable global pages for shared areas > x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > x86/pti: Leave kernel text global for !PCID > x86/pti: Fix boot problems from Global-bit setting > x86/pti: Fix boot warning from Global-bit setting > x86/pti: Reduce amount of kernel text allowed to be Global > x86/pti: Disallow global kernel text with RANDSTRUCT > x86/mm/pti: Clear Global bit more aggressively > mm: Allow non-direct-map arguments to free_reserved_area() > x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > x86/mm/init: Add helper for freeing kernel image pages > x86/mm/init: Remove freed kernel image areas from alias mapping > > Guenter Roeck (1): > x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > > Ingo Molnar (1): > x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > > Jan Beulich (1): > x86/entry/32: Add explicit 'l' instruction suffix > > Jan Kiszka (1): > x86/entry/32: Clear the CS high bits > > Jiang Biao (2): > x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > > Joerg Roedel (48): > x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > x86/entry/32: Put ESPFIX code into a macro > x86/entry/32: Unshare NMI return path > x86/entry/32: Split off return-to-kernel path > x86/entry/32: Enter the kernel via trampoline stack > x86/entry/32: Leave the kernel via trampoline stack > x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > x86/entry/32: Simplify debug entry point > x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > x86/entry/32: Add PTI CR3 switches to NMI handler code > x86/entry: Rename update_sp0 to update_task_stack > x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > x86/mm/pae: Populate valid user PGD entries > x86/mm/pae: Populate the user page-table with user pgd's > x86/mm/pti: Add an overflow check to pti_clone_pmds() > x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > x86/mm/pti: Introduce pti_finalize() > x86/mm/pti: Clone entry-text again in pti_finalize() > x86/mm/dump_pagetables: Define INIT_PGD > x86/pgtable/pae: Use separate kernel PMDs for user page-table > x86/ldt: Reserve address-space range on 32 bit for the LDT > x86/ldt: Define LDT_END_ADDR > x86/ldt: Split out sanity check in map_ldt_struct() > x86/ldt: Enable LDT user-mapping for PAE > x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > x86/mm/pti: Add Warning when booting on a PCID capable CPU > x86/entry/32: Add debug code to check entry/exit CR3 > perf/core: Make sure the ring-buffer is mapped in all page-tables > x86/entry/32: Check for VM86 mode in slow-path check > x86/mm: Remove in_nmi() warning from vmalloc_fault() > x86/kexec: Allocate 8k PGDs for PTI > x86/mm/pti: Fix 32 bit PCID check > x86/mm/pti: Don't clear permissions in pti_clone_pmd() > x86/mm/pti: Clone kernel-image on PTE level for 32 bit > x86/relocs: Add __end_rodata_aligned to S_REL > x86/mm/pti: Move user W+X check into pti_finalize() > x86/efi: Load fixmap GDT in efi_call_phys_epilog() > > Juerg Haefliger (1): > UBUNTU: [Config] Update PAGE_TABLE_ISOLATION annotations > > Kirill A. Shutemov (6): > x86/mm: Fix documentation of module mapping range with 4-level paging > x86/mm: Move LDT remap out of KASLR region on 5-level paging > x86/ldt: Unmap PTEs for the slot before freeing LDT pages > x86/ldt: Remove unused variable in map_ldt_struct() > x86/mm: Fix guard hole handling > x86/dump_pagetables: Fix LDT remap address marker > > Documentation/x86/x86_64/mm.txt | 173 +++++--- > arch/x86/entry/entry_32.S | 635 +++++++++++++++++++++++----- > arch/x86/include/asm/mmu_context.h | 5 - > arch/x86/include/asm/page_64_types.h | 12 +- > arch/x86/include/asm/pgtable-2level_types.h | 3 + > arch/x86/include/asm/pgtable-3level.h | 7 + > arch/x86/include/asm/pgtable-3level_types.h | 6 +- > arch/x86/include/asm/pgtable.h | 95 ++++- > arch/x86/include/asm/pgtable_32_types.h | 9 +- > arch/x86/include/asm/pgtable_64.h | 89 +--- > arch/x86/include/asm/pgtable_64_types.h | 13 +- > arch/x86/include/asm/pgtable_types.h | 28 +- > arch/x86/include/asm/processor-flags.h | 8 +- > arch/x86/include/asm/processor.h | 1 + > arch/x86/include/asm/pti.h | 1 + > arch/x86/include/asm/sections.h | 1 + > arch/x86/include/asm/set_memory.h | 1 + > arch/x86/include/asm/switch_to.h | 16 +- > arch/x86/kernel/asm-offsets.c | 5 + > arch/x86/kernel/asm-offsets_32.c | 10 +- > arch/x86/kernel/asm-offsets_64.c | 2 - > arch/x86/kernel/cpu/common.c | 5 +- > arch/x86/kernel/head_32.S | 20 +- > arch/x86/kernel/ldt.c | 192 +++++++-- > arch/x86/kernel/machine_kexec_32.c | 5 +- > arch/x86/kernel/process.c | 2 - > arch/x86/kernel/process_32.c | 2 +- > arch/x86/kernel/process_64.c | 2 +- > arch/x86/kernel/vm86_32.c | 4 +- > arch/x86/kernel/vmlinux.lds.S | 17 +- > arch/x86/mm/cpu_entry_area.c | 14 +- > arch/x86/mm/dump_pagetables.c | 42 +- > arch/x86/mm/fault.c | 2 - > arch/x86/mm/init.c | 45 +- > arch/x86/mm/init_64.c | 8 +- > arch/x86/mm/pageattr.c | 75 +++- > arch/x86/mm/pgtable.c | 105 ++++- > arch/x86/mm/pti.c | 341 +++++++++++++-- > arch/x86/platform/efi/efi_32.c | 7 +- > arch/x86/tools/relocs.c | 1 + > arch/x86/xen/mmu_pv.c | 17 +- > debian.master/config/annotations | 2 +- > include/linux/pti.h | 1 + > init/main.c | 7 + > kernel/events/ring_buffer.c | 16 + > mm/page_alloc.c | 16 +- > security/Kconfig | 2 +- > 47 files changed, 1604 insertions(+), 466 deletions(-) > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On 2019-03-11 11:39:22 , Juerg Haefliger wrote: > This pull request contains fix(es) for the following CVE(s): > CVE-2017-5754 (i386) > > This is a pull request to add support for page table isolation for i386. > > The following patches are the orignal patchset that introduced PTI for i386: > * x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > * x86/ldt: Enable LDT user-mapping for PAE > * x86/ldt: Split out sanity check in map_ldt_struct() > * x86/ldt: Define LDT_END_ADDR > * x86/ldt: Reserve address-space range on 32 bit for the LDT > * x86/pgtable/pae: Use separate kernel PMDs for user page-table > * x86/mm/dump_pagetables: Define INIT_PGD > * x86/mm/pti: Clone entry-text again in pti_finalize() > * x86/mm/pti: Introduce pti_finalize() > * x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > * x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > * x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > * x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > * x86/mm/pti: Add an overflow check to pti_clone_pmds() > * x86/mm/legacy: Populate the user page-table with user pgd's > * x86/mm/pae: Populate the user page-table with user pgd's > * x86/mm/pae: Populate valid user PGD entries > * x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > * x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > * x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > * x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > * x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > * x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > * x86/entry: Rename update_sp0 to update_task_stack > * x86/entry/32: Add PTI CR3 switches to NMI handler code > * x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > * x86/entry/32: Simplify debug entry point > * x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > * x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > * x86/entry/32: Leave the kernel via trampoline stack > * x86/entry/32: Enter the kernel via trampoline stack > * x86/entry/32: Split off return-to-kernel path > * x86/entry/32: Unshare NMI return path > * x86/entry/32: Put ESPFIX code into a macro > * x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > * x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > * x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > > The following are prerequisites for the above: > * x86/entry/32: Add explicit 'l' instruction suffix > * x86/pti: Leave kernel text global for !PCID > * x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > * x86/pti: Enable global pages for shared areas > > The following are follow-up enhancements and cleanups of 32-bit PTI: > * x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > * x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > * x86/mm/pti: Move user W+X check into pti_finalize() > * x86/mm/pti: Clone kernel-image on PTE level for 32 bit > * x86/mm/pti: Don't clear permissions in pti_clone_pmd() > * x86/mm/init: Add helper for freeing kernel image pages > * x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > * mm: Allow non-direct-map arguments to free_reserved_area() > * x86/kexec: Allocate 8k PGDs for PTI > * x86/mm: Remove in_nmi() warning from vmalloc_fault() > * x86/entry/32: Check for VM86 mode in slow-path check > * x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > * x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > * x86/entry/32: Add debug code to check entry/exit CR3 > * x86/mm/pti: Add Warning when booting on a PCID capable CPU > > Lastly, the following are follow-up fixes for some of the above: > * x86/dump_pagetables: Fix LDT remap address marker > * x86/mm: Fix guard hole handling > * x86/ldt: Remove unused variable in map_ldt_struct() > * x86/ldt: Unmap PTEs for the slot before freeing LDT pages > * x86/mm: Move LDT remap out of KASLR region on 5-level paging > * x86/entry/32: Clear the CS high bits > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > * x86/efi: Load fixmap GDT in efi_call_phys_epilog() > * x86/relocs: Add __end_rodata_aligned to S_REL > * x86/mm/pti: Fix 32 bit PCID check > * x86/mm/init: Remove freed kernel image areas from alias mapping > * x86/mm/pti: Clear Global bit more aggressively > * perf/core: Make sure the ring-buffer is mapped in all page-tables > * x86/pti: Disallow global kernel text with RANDSTRUCT > * x86/pti: Reduce amount of kernel text allowed to be Global > * x86/pti: Fix boot warning from Global-bit setting > * x86/pti: Fix boot problems from Global-bit setting > * x86/mm: Fix documentation of module mapping range with 4-level paging > > Compile-tested all architectures. Ran the PTI test (x86 selftests in > combination with perf NMI tests) for 24 hours, no issues found. Ran the > release regression tests, no issues found. > > Signed-off-by: Juerg Haefliger <juergh@canonical.com> > --- > > The following changes since commit 76db66f794c4389354ddb35f1f551e54eb67d9ab: > > tun: implement carrier change (2019-03-08 09:23:12 +0100) > > are available in the Git repository at: > > git://git.launchpad.net/~juergh/+git/bionic-linux pti-32bit > > for you to fetch changes up to 4cb324be3f1cef481bf04f51ac16ccff3ba677a6: > > x86/dump_pagetables: Fix LDT remap address marker (2019-03-08 17:39:20 +0100) > > ---------------------------------------------------------------- > Baoquan He (1): > x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions > > Dave Hansen (12): > x86/pti: Enable global pages for shared areas > x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image > x86/pti: Leave kernel text global for !PCID > x86/pti: Fix boot problems from Global-bit setting > x86/pti: Fix boot warning from Global-bit setting > x86/pti: Reduce amount of kernel text allowed to be Global > x86/pti: Disallow global kernel text with RANDSTRUCT > x86/mm/pti: Clear Global bit more aggressively > mm: Allow non-direct-map arguments to free_reserved_area() > x86/mm/init: Pass unconverted symbol addresses to free_init_pages() > x86/mm/init: Add helper for freeing kernel image pages > x86/mm/init: Remove freed kernel image areas from alias mapping > > Guenter Roeck (1): > x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 > > Ingo Molnar (1): > x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions > > Jan Beulich (1): > x86/entry/32: Add explicit 'l' instruction suffix > > Jan Kiszka (1): > x86/entry/32: Clear the CS high bits > > Jiang Biao (2): > x86/pti: Check the return value of pti_user_pagetable_walk_p4d() > x86/pti: Check the return value of pti_user_pagetable_walk_pmd() > > Joerg Roedel (48): > x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c > x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack > x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler > x86/entry/32: Put ESPFIX code into a macro > x86/entry/32: Unshare NMI return path > x86/entry/32: Split off return-to-kernel path > x86/entry/32: Enter the kernel via trampoline stack > x86/entry/32: Leave the kernel via trampoline stack > x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI > x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack > x86/entry/32: Simplify debug entry point > x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points > x86/entry/32: Add PTI CR3 switches to NMI handler code > x86/entry: Rename update_sp0 to update_task_stack > x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() > x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled > x86/pgtable/32: Allocate 8k page-tables when PTI is enabled > x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h > x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h > x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h > x86/mm/pae: Populate valid user PGD entries > x86/mm/pae: Populate the user page-table with user pgd's > x86/mm/pti: Add an overflow check to pti_clone_pmds() > x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 > x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 > x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit > x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() > x86/mm/pti: Introduce pti_finalize() > x86/mm/pti: Clone entry-text again in pti_finalize() > x86/mm/dump_pagetables: Define INIT_PGD > x86/pgtable/pae: Use separate kernel PMDs for user page-table > x86/ldt: Reserve address-space range on 32 bit for the LDT > x86/ldt: Define LDT_END_ADDR > x86/ldt: Split out sanity check in map_ldt_struct() > x86/ldt: Enable LDT user-mapping for PAE > x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 > x86/mm/pti: Add Warning when booting on a PCID capable CPU > x86/entry/32: Add debug code to check entry/exit CR3 > perf/core: Make sure the ring-buffer is mapped in all page-tables > x86/entry/32: Check for VM86 mode in slow-path check > x86/mm: Remove in_nmi() warning from vmalloc_fault() > x86/kexec: Allocate 8k PGDs for PTI > x86/mm/pti: Fix 32 bit PCID check > x86/mm/pti: Don't clear permissions in pti_clone_pmd() > x86/mm/pti: Clone kernel-image on PTE level for 32 bit > x86/relocs: Add __end_rodata_aligned to S_REL > x86/mm/pti: Move user W+X check into pti_finalize() > x86/efi: Load fixmap GDT in efi_call_phys_epilog() > > Juerg Haefliger (1): > UBUNTU: [Config] Update PAGE_TABLE_ISOLATION annotations > > Kirill A. Shutemov (6): > x86/mm: Fix documentation of module mapping range with 4-level paging > x86/mm: Move LDT remap out of KASLR region on 5-level paging > x86/ldt: Unmap PTEs for the slot before freeing LDT pages > x86/ldt: Remove unused variable in map_ldt_struct() > x86/mm: Fix guard hole handling > x86/dump_pagetables: Fix LDT remap address marker > > Documentation/x86/x86_64/mm.txt | 173 +++++--- > arch/x86/entry/entry_32.S | 635 +++++++++++++++++++++++----- > arch/x86/include/asm/mmu_context.h | 5 - > arch/x86/include/asm/page_64_types.h | 12 +- > arch/x86/include/asm/pgtable-2level_types.h | 3 + > arch/x86/include/asm/pgtable-3level.h | 7 + > arch/x86/include/asm/pgtable-3level_types.h | 6 +- > arch/x86/include/asm/pgtable.h | 95 ++++- > arch/x86/include/asm/pgtable_32_types.h | 9 +- > arch/x86/include/asm/pgtable_64.h | 89 +--- > arch/x86/include/asm/pgtable_64_types.h | 13 +- > arch/x86/include/asm/pgtable_types.h | 28 +- > arch/x86/include/asm/processor-flags.h | 8 +- > arch/x86/include/asm/processor.h | 1 + > arch/x86/include/asm/pti.h | 1 + > arch/x86/include/asm/sections.h | 1 + > arch/x86/include/asm/set_memory.h | 1 + > arch/x86/include/asm/switch_to.h | 16 +- > arch/x86/kernel/asm-offsets.c | 5 + > arch/x86/kernel/asm-offsets_32.c | 10 +- > arch/x86/kernel/asm-offsets_64.c | 2 - > arch/x86/kernel/cpu/common.c | 5 +- > arch/x86/kernel/head_32.S | 20 +- > arch/x86/kernel/ldt.c | 192 +++++++-- > arch/x86/kernel/machine_kexec_32.c | 5 +- > arch/x86/kernel/process.c | 2 - > arch/x86/kernel/process_32.c | 2 +- > arch/x86/kernel/process_64.c | 2 +- > arch/x86/kernel/vm86_32.c | 4 +- > arch/x86/kernel/vmlinux.lds.S | 17 +- > arch/x86/mm/cpu_entry_area.c | 14 +- > arch/x86/mm/dump_pagetables.c | 42 +- > arch/x86/mm/fault.c | 2 - > arch/x86/mm/init.c | 45 +- > arch/x86/mm/init_64.c | 8 +- > arch/x86/mm/pageattr.c | 75 +++- > arch/x86/mm/pgtable.c | 105 ++++- > arch/x86/mm/pti.c | 341 +++++++++++++-- > arch/x86/platform/efi/efi_32.c | 7 +- > arch/x86/tools/relocs.c | 1 + > arch/x86/xen/mmu_pv.c | 17 +- > debian.master/config/annotations | 2 +- > include/linux/pti.h | 1 + > init/main.c | 7 + > kernel/events/ring_buffer.c | 16 + > mm/page_alloc.c | 16 +- > security/Kconfig | 2 +- > 47 files changed, 1604 insertions(+), 466 deletions(-) > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
This pull request contains fix(es) for the following CVE(s): CVE-2017-5754 (i386) This is a pull request to add support for page table isolation for i386. The following patches are the orignal patchset that introduced PTI for i386: * x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 * x86/ldt: Enable LDT user-mapping for PAE * x86/ldt: Split out sanity check in map_ldt_struct() * x86/ldt: Define LDT_END_ADDR * x86/ldt: Reserve address-space range on 32 bit for the LDT * x86/pgtable/pae: Use separate kernel PMDs for user page-table * x86/mm/dump_pagetables: Define INIT_PGD * x86/mm/pti: Clone entry-text again in pti_finalize() * x86/mm/pti: Introduce pti_finalize() * x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() * x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit * x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 * x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 * x86/mm/pti: Add an overflow check to pti_clone_pmds() * x86/mm/legacy: Populate the user page-table with user pgd's * x86/mm/pae: Populate the user page-table with user pgd's * x86/mm/pae: Populate valid user PGD entries * x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h * x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h * x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h * x86/pgtable/32: Allocate 8k page-tables when PTI is enabled * x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled * x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() * x86/entry: Rename update_sp0 to update_task_stack * x86/entry/32: Add PTI CR3 switches to NMI handler code * x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points * x86/entry/32: Simplify debug entry point * x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack * x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI * x86/entry/32: Leave the kernel via trampoline stack * x86/entry/32: Enter the kernel via trampoline stack * x86/entry/32: Split off return-to-kernel path * x86/entry/32: Unshare NMI return path * x86/entry/32: Put ESPFIX code into a macro * x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler * x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack * x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c The following are prerequisites for the above: * x86/entry/32: Add explicit 'l' instruction suffix * x86/pti: Leave kernel text global for !PCID * x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image * x86/pti: Enable global pages for shared areas The following are follow-up enhancements and cleanups of 32-bit PTI: * x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions * x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions * x86/mm/pti: Move user W+X check into pti_finalize() * x86/mm/pti: Clone kernel-image on PTE level for 32 bit * x86/mm/pti: Don't clear permissions in pti_clone_pmd() * x86/mm/init: Add helper for freeing kernel image pages * x86/mm/init: Pass unconverted symbol addresses to free_init_pages() * mm: Allow non-direct-map arguments to free_reserved_area() * x86/kexec: Allocate 8k PGDs for PTI * x86/mm: Remove in_nmi() warning from vmalloc_fault() * x86/entry/32: Check for VM86 mode in slow-path check * x86/pti: Check the return value of pti_user_pagetable_walk_pmd() * x86/pti: Check the return value of pti_user_pagetable_walk_p4d() * x86/entry/32: Add debug code to check entry/exit CR3 * x86/mm/pti: Add Warning when booting on a PCID capable CPU Lastly, the following are follow-up fixes for some of the above: * x86/dump_pagetables: Fix LDT remap address marker * x86/mm: Fix guard hole handling * x86/ldt: Remove unused variable in map_ldt_struct() * x86/ldt: Unmap PTEs for the slot before freeing LDT pages * x86/mm: Move LDT remap out of KASLR region on 5-level paging * x86/entry/32: Clear the CS high bits * x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 * x86/efi: Load fixmap GDT in efi_call_phys_epilog() * x86/relocs: Add __end_rodata_aligned to S_REL * x86/mm/pti: Fix 32 bit PCID check * x86/mm/init: Remove freed kernel image areas from alias mapping * x86/mm/pti: Clear Global bit more aggressively * perf/core: Make sure the ring-buffer is mapped in all page-tables * x86/pti: Disallow global kernel text with RANDSTRUCT * x86/pti: Reduce amount of kernel text allowed to be Global * x86/pti: Fix boot warning from Global-bit setting * x86/pti: Fix boot problems from Global-bit setting * x86/mm: Fix documentation of module mapping range with 4-level paging Compile-tested all architectures. Ran the PTI test (x86 selftests in combination with perf NMI tests) for 24 hours, no issues found. Ran the release regression tests, no issues found. Signed-off-by: Juerg Haefliger <juergh@canonical.com> --- The following changes since commit 76db66f794c4389354ddb35f1f551e54eb67d9ab: tun: implement carrier change (2019-03-08 09:23:12 +0100) are available in the Git repository at: git://git.launchpad.net/~juergh/+git/bionic-linux pti-32bit for you to fetch changes up to 4cb324be3f1cef481bf04f51ac16ccff3ba677a6: x86/dump_pagetables: Fix LDT remap address marker (2019-03-08 17:39:20 +0100) ---------------------------------------------------------------- Baoquan He (1): x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions Dave Hansen (12): x86/pti: Enable global pages for shared areas x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image x86/pti: Leave kernel text global for !PCID x86/pti: Fix boot problems from Global-bit setting x86/pti: Fix boot warning from Global-bit setting x86/pti: Reduce amount of kernel text allowed to be Global x86/pti: Disallow global kernel text with RANDSTRUCT x86/mm/pti: Clear Global bit more aggressively mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Guenter Roeck (1): x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3 Ingo Molnar (1): x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions Jan Beulich (1): x86/entry/32: Add explicit 'l' instruction suffix Jan Kiszka (1): x86/entry/32: Clear the CS high bits Jiang Biao (2): x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Joerg Roedel (48): x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler x86/entry/32: Put ESPFIX code into a macro x86/entry/32: Unshare NMI return path x86/entry/32: Split off return-to-kernel path x86/entry/32: Enter the kernel via trampoline stack x86/entry/32: Leave the kernel via trampoline stack x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack x86/entry/32: Simplify debug entry point x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points x86/entry/32: Add PTI CR3 switches to NMI handler code x86/entry: Rename update_sp0 to update_task_stack x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl() x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled x86/pgtable/32: Allocate 8k page-tables when PTI is enabled x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h x86/mm/pae: Populate valid user PGD entries x86/mm/pae: Populate the user page-table with user pgd's x86/mm/pti: Add an overflow check to pti_clone_pmds() x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32 x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32 x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit x86/mm/pti: Keep permissions when cloning kernel text in pti_clone_kernel_text() x86/mm/pti: Introduce pti_finalize() x86/mm/pti: Clone entry-text again in pti_finalize() x86/mm/dump_pagetables: Define INIT_PGD x86/pgtable/pae: Use separate kernel PMDs for user page-table x86/ldt: Reserve address-space range on 32 bit for the LDT x86/ldt: Define LDT_END_ADDR x86/ldt: Split out sanity check in map_ldt_struct() x86/ldt: Enable LDT user-mapping for PAE x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 x86/mm/pti: Add Warning when booting on a PCID capable CPU x86/entry/32: Add debug code to check entry/exit CR3 perf/core: Make sure the ring-buffer is mapped in all page-tables x86/entry/32: Check for VM86 mode in slow-path check x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI x86/mm/pti: Fix 32 bit PCID check x86/mm/pti: Don't clear permissions in pti_clone_pmd() x86/mm/pti: Clone kernel-image on PTE level for 32 bit x86/relocs: Add __end_rodata_aligned to S_REL x86/mm/pti: Move user W+X check into pti_finalize() x86/efi: Load fixmap GDT in efi_call_phys_epilog() Juerg Haefliger (1): UBUNTU: [Config] Update PAGE_TABLE_ISOLATION annotations Kirill A. Shutemov (6): x86/mm: Fix documentation of module mapping range with 4-level paging x86/mm: Move LDT remap out of KASLR region on 5-level paging x86/ldt: Unmap PTEs for the slot before freeing LDT pages x86/ldt: Remove unused variable in map_ldt_struct() x86/mm: Fix guard hole handling x86/dump_pagetables: Fix LDT remap address marker Documentation/x86/x86_64/mm.txt | 173 +++++--- arch/x86/entry/entry_32.S | 635 +++++++++++++++++++++++----- arch/x86/include/asm/mmu_context.h | 5 - arch/x86/include/asm/page_64_types.h | 12 +- arch/x86/include/asm/pgtable-2level_types.h | 3 + arch/x86/include/asm/pgtable-3level.h | 7 + arch/x86/include/asm/pgtable-3level_types.h | 6 +- arch/x86/include/asm/pgtable.h | 95 ++++- arch/x86/include/asm/pgtable_32_types.h | 9 +- arch/x86/include/asm/pgtable_64.h | 89 +--- arch/x86/include/asm/pgtable_64_types.h | 13 +- arch/x86/include/asm/pgtable_types.h | 28 +- arch/x86/include/asm/processor-flags.h | 8 +- arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/pti.h | 1 + arch/x86/include/asm/sections.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/include/asm/switch_to.h | 16 +- arch/x86/kernel/asm-offsets.c | 5 + arch/x86/kernel/asm-offsets_32.c | 10 +- arch/x86/kernel/asm-offsets_64.c | 2 - arch/x86/kernel/cpu/common.c | 5 +- arch/x86/kernel/head_32.S | 20 +- arch/x86/kernel/ldt.c | 192 +++++++-- arch/x86/kernel/machine_kexec_32.c | 5 +- arch/x86/kernel/process.c | 2 - arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kernel/vm86_32.c | 4 +- arch/x86/kernel/vmlinux.lds.S | 17 +- arch/x86/mm/cpu_entry_area.c | 14 +- arch/x86/mm/dump_pagetables.c | 42 +- arch/x86/mm/fault.c | 2 - arch/x86/mm/init.c | 45 +- arch/x86/mm/init_64.c | 8 +- arch/x86/mm/pageattr.c | 75 +++- arch/x86/mm/pgtable.c | 105 ++++- arch/x86/mm/pti.c | 341 +++++++++++++-- arch/x86/platform/efi/efi_32.c | 7 +- arch/x86/tools/relocs.c | 1 + arch/x86/xen/mmu_pv.c | 17 +- debian.master/config/annotations | 2 +- include/linux/pti.h | 1 + init/main.c | 7 + kernel/events/ring_buffer.c | 16 + mm/page_alloc.c | 16 +- security/Kconfig | 2 +- 47 files changed, 1604 insertions(+), 466 deletions(-)