From patchwork Thu Aug 30 12:52:33 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963856
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mpt3XX7z9ryn;
	Thu, 30 Aug 2018 22:52:54 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRL-0003tF-BQ; Thu, 30 Aug 2018 12:52:47 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRH-0003sB-GW
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:43 +0000
Received: from mail-ed1-f70.google.com ([209.85.208.70])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRH-0000c5-9R
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:43 +0000
Received: by mail-ed1-f70.google.com with SMTP id g18-v6so3626763edg.14
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=dvVEivzAqH8DYOBAGhf6rFEf9OuBEGk7TK8knq1fBo0=;
	b=aUKUWHwnhen2Pv4I/d6h01YEGAmaMNhO0TYMWyz/IVS7VRuC1LepmR/q3Osq1cpjcx
	MnZV2GMp/g8453krX/P7IjWOJ7kltDRl7hlXdquR2RAuCinudS7WL6V/wiawERtB0tP6
	wumQZ+nHn3OJUqdaArfUphI9zmmUjMotR5MiemtKrdZq4H59rgDVXVNxh81in1t2FWbl
	fz8gqS2vfmGMrRmWZQxegNHyo0P2v68eInyPdTX4KANeNczJ3eosx+JDBdzZ58bGRvyI
	qhuUhguqONMY/mVnYhAedlJjWO4xIBhVol3rdTuK9ZeVpZpdAtyct8Jt5M+r+CriWaOB
	KbEw==
X-Gm-Message-State: APzg51Ao1dnlc+08fUl63aSo+LGo5zrG5qc5PbnT2KP2aAkbCxCzZLTc
	83TTjCJLTbLBsQKnG9YcgH+GTaW21GApk1cgvJnu6EZqg0fHcCV19I0jlyhQU0f7LXgY4xEDLTC
	m1LupIWpHsYK8qndsy2+nQCB67h2QSn9GXwz/c2m4hQ==
X-Received: by 2002:a50:a207:: with SMTP id
	7-v6mr12963443edl.48.1535633562711;
	Thu, 30 Aug 2018 05:52:42 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdaa4BlKDLaJ1ZYhN/UnzB0jmEXNLdrFry5+0uicJAQZWWtOkkiUcXy2B0faX0uGGCPFz4Cytg==
X-Received: by 2002:a50:a207:: with SMTP id
	7-v6mr12963430edl.48.1535633562564;
	Thu, 30 Aug 2018 05:52:42 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.41
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:42 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 1/7] mm: x86 pgtable: drop unneeded
	preprocessor ifdef
Date: Thu, 30 Aug 2018 14:52:33 +0200
Message-Id: <20180830125239.16775-2-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Cyrill Gorcunov <gorcunov@openvz.org>

_PAGE_BIT_FILE (bit 6) is always less than _PAGE_BIT_PROTNONE (bit 8), so
drop redundant #ifdef.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Steven Noonan <steven@uplinklabs.net>
Cc: Rik van Riel <riel@redhat.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

CVE-2018-3620
CVE-2018-3646

(backported from commit 2373eaecff33db5972bde9418f92d6401b4a945c)
[juergh:
 - Added additional comment from commit bcd11afa7ada
   ("x86/speculation/l1tf: Change order of offset/type in swap entry").
 - Added a compile-time error for _PAGE_BIT_FILE > _PAGE_BIT_PROTNONE.]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/pgtable-2level.h | 10 ----------
 arch/x86/include/asm/pgtable_64.h     | 21 +++++++++++++++------
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
index c3625ecf5e3e..b405a0e5f053 100644
--- a/arch/x86/include/asm/pgtable-2level.h
+++ b/arch/x86/include/asm/pgtable-2level.h
@@ -105,13 +105,8 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
  */
 #define PTE_FILE_MAX_BITS	29
 #define PTE_FILE_SHIFT1		(_PAGE_BIT_PRESENT + 1)
-#if _PAGE_BIT_FILE < _PAGE_BIT_PROTNONE
 #define PTE_FILE_SHIFT2		(_PAGE_BIT_FILE + 1)
 #define PTE_FILE_SHIFT3		(_PAGE_BIT_PROTNONE + 1)
-#else
-#define PTE_FILE_SHIFT2		(_PAGE_BIT_PROTNONE + 1)
-#define PTE_FILE_SHIFT3		(_PAGE_BIT_FILE + 1)
-#endif
 #define PTE_FILE_BITS1		(PTE_FILE_SHIFT2 - PTE_FILE_SHIFT1 - 1)
 #define PTE_FILE_BITS2		(PTE_FILE_SHIFT3 - PTE_FILE_SHIFT2 - 1)
 
@@ -135,13 +130,8 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
 #endif /* CONFIG_MEM_SOFT_DIRTY */
 
 /* Encode and de-code a swap entry */
-#if _PAGE_BIT_FILE < _PAGE_BIT_PROTNONE
 #define SWP_TYPE_BITS (_PAGE_BIT_FILE - _PAGE_BIT_PRESENT - 1)
 #define SWP_OFFSET_SHIFT (_PAGE_BIT_PROTNONE + 1)
-#else
-#define SWP_TYPE_BITS (_PAGE_BIT_PROTNONE - _PAGE_BIT_PRESENT - 1)
-#define SWP_OFFSET_SHIFT (_PAGE_BIT_FILE + 1)
-#endif
 
 #define MAX_SWAPFILES_CHECK() BUILD_BUG_ON(MAX_SWAPFILES_SHIFT > SWP_TYPE_BITS)
 
diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
index b067c99e497b..ab974a2f48cb 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
@@ -179,19 +179,28 @@ static inline int pgd_large(pgd_t pgd) { return 0; }
 #define pte_offset_map(dir, address) pte_offset_kernel((dir), (address))
 #define pte_unmap(pte) ((void)(pte))/* NOP */
 
+#if _PAGE_BIT_FILE > _PAGE_BIT_PROTNONE
+#error "Unsupported PTE bit arrangement"
+#endif
+
 /*
  * Encode and de-code a swap entry
  *
+ * |     ...            | 11| 10|  9|8|7|6|5| 4| 3|2|1|0| <- bit number
+ * |     ...            |SW3|SW2|SW1|G|L|D|A|CD|WT|U|W|P| <- bit names
+ * | TYPE (59-63) | ~OFFSET (9-58)  |0|X|X|X| X| X|X|X|0| <- swp entry
+ *
+ * G (8) is aliased and used as a PROT_NONE indicator for
+ * !present ptes.  We need to start storing swap entries above
+ * there.  We also need to avoid using A and D because of an
+ * erratum where they can be incorrectly set by hardware on
+ * non-present PTEs.
+ *
  * The offset is inverted by a binary not operation to make the high
  * physical bits set.
-*/
-#if _PAGE_BIT_FILE < _PAGE_BIT_PROTNONE
+ */
 #define SWP_TYPE_BITS		(_PAGE_BIT_FILE - _PAGE_BIT_PRESENT - 1)
 #define SWP_OFFSET_FIRST_BIT	(_PAGE_BIT_PROTNONE + 1)
-#else
-#define SWP_TYPE_BITS		(_PAGE_BIT_PROTNONE - _PAGE_BIT_PRESENT - 1)
-#define SWP_OFFSET_FIRST_BIT	(_PAGE_BIT_FILE + 1)
-#endif
 
 /* We always extract/encode the offset by shifting it all the way up, and then down again */
 #define SWP_OFFSET_SHIFT	(SWP_OFFSET_FIRST_BIT+SWP_TYPE_BITS)

From patchwork Thu Aug 30 12:52:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963859
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mpw5HWSz9s3x;
	Thu, 30 Aug 2018 22:52:56 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRM-0003uE-Bg; Thu, 30 Aug 2018 12:52:48 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRI-0003sI-AM
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:44 +0000
Received: from mail-ed1-f70.google.com ([209.85.208.70])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRI-0000cE-3A
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:44 +0000
Received: by mail-ed1-f70.google.com with SMTP id h4-v6so3640209ede.5
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=4VLceT/I30VOGT/+WZa1RofroRkaZVw5Itxsu8HrMSU=;
	b=K2kZCT9PYqbkCYyfBd2Xk0HESrU/ESHUO0dcfTFXZZBTv71iA6j6KuGNsCSVcCMn4Z
	T4IebXJ9WRyIrh7qCl1qUdF442pK9TBKfrLCqEJ95Vwl5GflTlkfiACLPxlnM92DpB4w
	6ATGwHeEmWaMq0DY1zD9qP202p9Trc2bkQEXCHVawOqShse81xhDYeGf/fAHvMiEoUdy
	eDlTh3PBrEPDD9loh7Tz8GZBdC8j0V46zxxNFmetxCoLOdSbUWf5kTzKs0MlfFbBKrRC
	u+9HHCTEcgSVzvRbdlYwKeRJc0a1jHVyPSwGpBz7M4eV7XzPsSRKTa9xmk+RFmgb/GpJ
	ZYLA==
X-Gm-Message-State: APzg51D0+FpuccOxaUIiwuC+fLBc71Ud4Aob/3vlOFTdqvr6pnydc8Ml
	CgLtAaVTkus7dBCnweCtS/CvqKMSixwEcod06y5XfnDrfX1i09iDh0mvXKn312rM/uYfWIaYzYV
	nqq6zI/T+vyo67qgXwBtPd9jrRpDXpLPi0Rw7YHfzeQ==
X-Received: by 2002:a50:f69b:: with SMTP id
	d27-v6mr12911601edn.103.1535633563662;
	Thu, 30 Aug 2018 05:52:43 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdb3pcferb0O59y3dlRhIAaK+VtfDwwS0Q/PrYClp5d3DBspwyifctxAUQ3777kx+vsfXtZ1Sw==
X-Received: by 2002:a50:f69b:: with SMTP id
	d27-v6mr12911590edn.103.1535633563548;
	Thu, 30 Aug 2018 05:52:43 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.42
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:42 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 2/7] x86/asm: Move PUD_PAGE macros to
	page_types.h
Date: Thu, 30 Aug 2018 14:52:34 +0200
Message-Id: <20180830125239.16775-3-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshi Kani <toshi.kani@hpe.com>

PUD_SHIFT is defined according to a given kernel configuration, which
allows it be commonly used by any x86 kernels.  However, PUD_PAGE_SIZE
and PUD_PAGE_MASK, which are set from PUD_SHIFT, are defined in
page_64_types.h, which can be used by 64-bit kernel only.

Move PUD_PAGE_SIZE and PUD_PAGE_MASK to page_types.h so that they can
be used by any x86 kernels as well.

Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Juergen Gross <jgross@suse.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Robert Elliot <elliott@hpe.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/1442514264-12475-3-git-send-email-toshi.kani@hpe.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646

(cherry picked from commit 832102671855f73962e7a04fdafd48b9385ea5c6)
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/page_64_types.h | 3 ---
 arch/x86/include/asm/page_types.h    | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index d1d2972a54db..50ef295d430a 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -20,9 +20,6 @@
 #define MCE_STACK 4
 #define N_EXCEPTION_STACKS 4  /* hw limit: 7 */
 
-#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)
-#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))
-
 /*
  * Set __PAGE_OFFSET to the most negative possible address +
  * PGDIR_SIZE*16 (pgd slot 272).  The gap is to allow a space for a
diff --git a/arch/x86/include/asm/page_types.h b/arch/x86/include/asm/page_types.h
index 663ce4984f3f..80678a8775c2 100644
--- a/arch/x86/include/asm/page_types.h
+++ b/arch/x86/include/asm/page_types.h
@@ -25,6 +25,9 @@
 #define PHYSICAL_PMD_PAGE_MASK	(((signed long)PMD_PAGE_MASK) & __PHYSICAL_MASK)
 #define PHYSICAL_PUD_PAGE_MASK	(((signed long)PUD_PAGE_MASK) & __PHYSICAL_MASK)
 
+#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)
+#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))
+
 #define HPAGE_SHIFT		PMD_SHIFT
 #define HPAGE_SIZE		(_AC(1,UL) << HPAGE_SHIFT)
 #define HPAGE_MASK		(~(HPAGE_SIZE - 1))

From patchwork Thu Aug 30 12:52:35 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963857
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mpv2K89z9ryt;
	Thu, 30 Aug 2018 22:52:55 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRL-0003te-Ki; Thu, 30 Aug 2018 12:52:47 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRJ-0003sf-9D
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:45 +0000
Received: from mail-ed1-f72.google.com ([209.85.208.72])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRJ-0000cK-1l
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:45 +0000
Received: by mail-ed1-f72.google.com with SMTP id x24-v6so3624372edm.13
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=8LzN0i2SCfRSqdZGGzulhYQLWoudhGGesWsaIxzGq34=;
	b=R5TRKctxC9Oz1QXRZa5zTW/flRDrQ148IwyCbhNPCVsj+3EGm5AHf4X5j+tBtTqc7O
	Yo+hXIUMw+ZVrWUwk4rujaxAuB60GX579UJByQEVxCo0UvethRS+QbyKhxnj2HmCmqTt
	I/+4cP9deUjDrfZoIqwOU0ssUZzl++pBpbOlMuFZm7TNr8dYN6obBF1S9vd97NOAOV/9
	6560cSedAk7phIPPHwfQj+NcgpEKM6tbIVoFLtIkMZ/XlbeHG50MDlYGzVWfU+aS8S8t
	7Kz/gahrz5rtBUp7eBT6HpMhVWszGWCH+RSMCEWs0gVLvhhF2IuLgM+OOII0uk/IAsLX
	+QBw==
X-Gm-Message-State: APzg51BJO/BuhRTpOgm533QzZCu8ngqfSbETmsUkkQWNffaRhhEg+ngC
	T5pKt38bOcMnB0kZVm5uKCgnLnLwqy/Etatfz+gXj2D2UQYbN9AIhqLF7/AFmNBpL+6WnOf1DMg
	RcjeMPYSJiEOGCI0bDcg6Pj7eUZkPwrBwSg8nI7u82g==
X-Received: by 2002:aa7:d80e:: with SMTP id
	v14-v6mr12924559edq.255.1535633564608;
	Thu, 30 Aug 2018 05:52:44 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdaCnlOzXKrtXzwO9aGvRQeccPG/uxQ7KANndmwfIANmEhrq+dQd9ge/+Tr+lpZ4SXJ8wL7Sow==
X-Received: by 2002:aa7:d80e:: with SMTP id
	v14-v6mr12924544edq.255.1535633564485;
	Thu, 30 Aug 2018 05:52:44 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.43
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:43 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 3/7] x86/asm: Add pud/pmd mask interfaces to
	handle large PAT bit
Date: Thu, 30 Aug 2018 14:52:35 +0200
Message-Id: <20180830125239.16775-4-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshi Kani <toshi.kani@hpe.com>

The PAT bit gets relocated to bit 12 when PUD and PMD mappings are
used.  This bit 12, however, is not covered by PTE_FLAGS_MASK, which
is used for masking pfn and flags for all levels.

Add pud/pmd mask interfaces to handle pfn and flags properly by using
P?D_PAGE_MASK when PUD/PMD mappings are used, i.e. PSE bit is set.

Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Juergen Gross <jgross@suse.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Robert Elliot <elliott@hpe.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/1442514264-12475-4-git-send-email-toshi.kani@hpe.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646

(cherry picked from commit 4be4c1fb9a754b100466ebaec50f825be0b2050b)
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/pgtable_types.h | 36 ++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index a0c024c7478e..a71489cc88c2 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -261,10 +261,10 @@
 
 #include <linux/types.h>
 
-/* PTE_PFN_MASK extracts the PFN from a (pte|pmd|pud|pgd)val_t */
+/* Extracts the PFN from a (pte|pmd|pud|pgd)val_t of a 4KB page */
 #define PTE_PFN_MASK		((pteval_t)PHYSICAL_PAGE_MASK)
 
-/* PTE_FLAGS_MASK extracts the flags from a (pte|pmd|pud|pgd)val_t */
+/* Extracts the flags from a (pte|pmd|pud|pgd)val_t of a 4KB page */
 #define PTE_FLAGS_MASK		(~PTE_PFN_MASK)
 
 typedef struct pgprot { pgprotval_t pgprot; } pgprot_t;
@@ -328,11 +328,43 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
 }
 #endif
 
+static inline pudval_t pud_pfn_mask(pud_t pud)
+{
+	if (native_pud_val(pud) & _PAGE_PSE)
+		return PUD_PAGE_MASK & PHYSICAL_PAGE_MASK;
+	else
+		return PTE_PFN_MASK;
+}
+
+static inline pudval_t pud_flags_mask(pud_t pud)
+{
+	if (native_pud_val(pud) & _PAGE_PSE)
+		return ~(PUD_PAGE_MASK & (pudval_t)PHYSICAL_PAGE_MASK);
+	else
+		return ~PTE_PFN_MASK;
+}
+
 static inline pudval_t pud_flags(pud_t pud)
 {
 	return native_pud_val(pud) & PTE_FLAGS_MASK;
 }
 
+static inline pmdval_t pmd_pfn_mask(pmd_t pmd)
+{
+	if (native_pmd_val(pmd) & _PAGE_PSE)
+		return PMD_PAGE_MASK & PHYSICAL_PAGE_MASK;
+	else
+		return PTE_PFN_MASK;
+}
+
+static inline pmdval_t pmd_flags_mask(pmd_t pmd)
+{
+	if (native_pmd_val(pmd) & _PAGE_PSE)
+		return ~(PMD_PAGE_MASK & (pmdval_t)PHYSICAL_PAGE_MASK);
+	else
+		return ~PTE_PFN_MASK;
+}
+
 static inline pmdval_t pmd_flags(pmd_t pmd)
 {
 	return native_pmd_val(pmd) & PTE_FLAGS_MASK;

From patchwork Thu Aug 30 12:52:36 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963858
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mpw3xpPz9s2P;
	Thu, 30 Aug 2018 22:52:56 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRM-0003uZ-Lr; Thu, 30 Aug 2018 12:52:48 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRK-0003su-3A
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:46 +0000
Received: from mail-ed1-f69.google.com ([209.85.208.69])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRJ-0000cQ-S4
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:45 +0000
Received: by mail-ed1-f69.google.com with SMTP id g11-v6so3485883edi.8
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZbRYzs/WO6Zl0SZNhix+quumFV9p+WQ2Q3GAhr/bWoE=;
	b=DT4IM5gVu6UkGslDv5XQ/R8wy/r/nm25NeDNUZFLlRnkkmgTflBdbT4WL2ZR610G3o
	P5KIH0jcTxEWCJZ/tOp++aqQhlMGos9wNPSU4rSdVret3BKluGWSPf2u318UIpiJ5sS+
	Ac2kCcvhYthZCI5jlILxOdeA5UtNXWov13AF1ajloUsI1qA6vRAOeN2Q7jC+TQGC7ohi
	CtftP5CQkbZq8Asq29bwOK6JIkZxk9vj6ulNFBtrDoPcqzeKI2Pfy2qoJq5NLQd8UQdp
	72sIVyNrSFKB/ef7PnvORwWtsuHv5y7IEaexgNDnh4nqmbgF5J9c321VUEtiJum6a6XH
	Dxvw==
X-Gm-Message-State: APzg51D1E7IbK+B+QnUloMyymz+s3jajkWLdnzYrrO4Pxu+AMY31JYJq
	FX88Dhi7aHDvn8uO+gFftrO2pnd1pM2fLR12SwYh3ZU4CKx32zZr8dADWdVhM/YPWp/Cb1+tGTp
	u0n9Xy7gYxEgT79UeO6UqZTmdmbfksTvs9hMu045yvQ==
X-Received: by 2002:a50:f002:: with SMTP id
	r2-v6mr12640829edl.91.1535633565419;
	Thu, 30 Aug 2018 05:52:45 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdbx/MA2tjByUqiYFr2NOCupxpV8k+UHisuiDMFYz7CkOtDA3jZBWUvWXyg0+sTxN9YKRDP8mw==
X-Received: by 2002:a50:f002:: with SMTP id
	r2-v6mr12640819edl.91.1535633565288;
	Thu, 30 Aug 2018 05:52:45 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.44
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:44 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 4/7] x86/asm: Fix pud/pmd interfaces to
	handle large PAT bit
Date: Thu, 30 Aug 2018 14:52:36 +0200
Message-Id: <20180830125239.16775-5-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Toshi Kani <toshi.kani@hpe.com>

Now that we have pud/pmd mask interfaces, which handle pfn & flags
mask properly for the large PAT bit.

Fix pud/pmd pfn & flags interfaces by replacing PTE_PFN_MASK and
PTE_FLAGS_MASK with the pud/pmd mask interfaces.

Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Juergen Gross <jgross@suse.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Robert Elliot <elliott@hpe.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/1442514264-12475-5-git-send-email-toshi.kani@hpe.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

CVE-2018-3620
CVE-2018-3646

(backported from commit f70abb0fc3da1b2945c92751ccda2744081bf2b7)
[juergh: Adjusted for already applied commits:
 - "x86/mm: Simplify p[g4um]d_page() macros"
 - "x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation".]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/pgtable.h       | 8 ++++----
 arch/x86/include/asm/pgtable_types.h | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 6d26abf00939..9b5f836cf7ca 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -158,14 +158,14 @@ static inline unsigned long pmd_pfn(pmd_t pmd)
 {
 	phys_addr_t pfn = pmd_val(pmd);
 	pfn ^= protnone_mask(pfn);
-	return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT;
+	return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
 }
 
 static inline unsigned long pud_pfn(pud_t pud)
 {
 	phys_addr_t pfn = pud_val(pud);
 	pfn ^= protnone_mask(pfn);
-	return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT;
+	return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT;
 }
 
 static inline unsigned long pgd_pfn(pgd_t pgd)
@@ -539,7 +539,7 @@ static inline int pmd_none(pmd_t pmd)
 
 static inline unsigned long pmd_page_vaddr(pmd_t pmd)
 {
-	return (unsigned long)__va(pmd_val(pmd) & PTE_PFN_MASK);
+	return (unsigned long)__va(pmd_val(pmd) & pmd_pfn_mask(pmd));
 }
 
 /*
@@ -612,7 +612,7 @@ static inline int pud_present(pud_t pud)
 
 static inline unsigned long pud_page_vaddr(pud_t pud)
 {
-	return (unsigned long)__va((unsigned long)pud_val(pud) & PTE_PFN_MASK);
+	return (unsigned long)__va(pud_val(pud) & pud_pfn_mask(pud));
 }
 
 /*
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index a71489cc88c2..00a871c5d0af 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -346,7 +346,7 @@ static inline pudval_t pud_flags_mask(pud_t pud)
 
 static inline pudval_t pud_flags(pud_t pud)
 {
-	return native_pud_val(pud) & PTE_FLAGS_MASK;
+	return native_pud_val(pud) & pud_flags_mask(pud);
 }
 
 static inline pmdval_t pmd_pfn_mask(pmd_t pmd)
@@ -367,7 +367,7 @@ static inline pmdval_t pmd_flags_mask(pmd_t pmd)
 
 static inline pmdval_t pmd_flags(pmd_t pmd)
 {
-	return native_pmd_val(pmd) & PTE_FLAGS_MASK;
+	return native_pmd_val(pmd) & pmd_flags_mask(pmd);
 }
 
 static inline pte_t native_make_pte(pteval_t val)

From patchwork Thu Aug 30 12:52:37 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963860
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mq13XRhz9s0n;
	Thu, 30 Aug 2018 22:53:01 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRQ-0003xr-MO; Thu, 30 Aug 2018 12:52:52 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRL-0003tC-AP
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:47 +0000
Received: from mail-ed1-f71.google.com ([209.85.208.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRL-0000cW-2o
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:47 +0000
Received: by mail-ed1-f71.google.com with SMTP id m9-v6so3581312eds.17
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=W74nh2PU5G1enQawqxPrE+p10rAYXS3j9a5cFBp7qsE=;
	b=kCfmQD20hvjo5MfTG3HqTK2ojpPO2qRh76/GQDvVK9PzdkKJnNDl2gGLWAtAWON8q6
	gt8UknyTsdt4ECH+HcnAw/kQF9v5JhhNYQ4E6voz0qp7H85SOuJJg1LcVQ4elusATl6C
	CSg5FprgGGiFEeoEZJnwkhBylxWYRNB0J41C9TMl+BB9A1Ke6uo5QJu3B7mz8ktsCIV6
	XmXH+vXQjyTbtD1qRNOYPf9xN3t0Z5Yy3tbBDQL4PE4HyOoWdUnqC2sI5R+LJZPozO9+
	H03/F0qTJfoNp4yBtMrBCkFUy6PhBAEG+B2WtRk+7NJ6YrW1tZ0LvLN4jrX/L441qGHq
	Koug==
X-Gm-Message-State: APzg51BNPqoVrcq5v+usyK/21hX4d8fkKNw+YSJ9O5fG/MGCFGtWYmqP
	SvFZXkAOwQEGywH2dQmtq/NVeNZPJrkbP4HBSrwSQUkrQ+p5hrRohp4VkqwoLiCXwwVyL090H0R
	D1eFZdjqsUGBCmeU7Q1HP8WphkcRGFuw+06m+mzVThw==
X-Received: by 2002:a50:afa3:: with SMTP id
	h32-v6mr12621594edd.129.1535633566595;
	Thu, 30 Aug 2018 05:52:46 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vda8OOU/7FsQuyXpnHJm08CGps72vh60ErtBeXFlS90YSlN6lWLTJ9SywNuFn/fVTIEU0AgYig==
X-Received: by 2002:a50:afa3:: with SMTP id
	h32-v6mr12621575edd.129.1535633566422;
	Thu, 30 Aug 2018 05:52:46 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.45
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:45 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 5/7] x86/mm: Fix regression with huge pages
	on PAE
Date: Thu, 30 Aug 2018 14:52:37 +0200
Message-Id: <20180830125239.16775-6-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>

Recent PAT patchset has caused issue on 32-bit PAE machines:

  page:eea45000 count:0 mapcount:-128 mapping:  (null) index:0x0 flags: 0x40000000()
  page dumped because: VM_BUG_ON_PAGE(page_mapcount(page) < 0)
  ------------[ cut here ]------------
  kernel BUG at /home/build/linux-boris/mm/huge_memory.c:1485!
  invalid opcode: 0000 [#1] SMP
  [...]
  Call Trace:
   unmap_single_vma
   ? __wake_up
   unmap_vmas
   unmap_region
   do_munmap
   vm_munmap
   SyS_munmap
   do_fast_syscall_32
   ? __do_page_fault
   sysenter_past_esp
  Code: ...
  EIP: [<c11bde80>] zap_huge_pmd+0x240/0x260 SS:ESP 0068:f6459d98

The problem is in pmd_pfn_mask() and pmd_flags_mask(). These
helpers use PMD_PAGE_MASK to calculate resulting mask.
PMD_PAGE_MASK is 'unsigned long', not 'unsigned long long' as
phys_addr_t is on 32-bit PAE (ARCH_PHYS_ADDR_T_64BIT). As a
result, the upper bits of resulting mask get truncated.

pud_pfn_mask() and pud_flags_mask() aren't problematic since we
don't have PUD page table level on 32-bit systems, but it's
reasonable to keep them consistent with PMD counterpart.

Introduce PHYSICAL_PMD_PAGE_MASK and PHYSICAL_PUD_PAGE_MASK in
addition to existing PHYSICAL_PAGE_MASK and reworks helpers to
use them.

Reported-and-Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Fix -Woverflow warnings from the realmode code. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jürgen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: elliott@hpe.com
Cc: konrad.wilk@oracle.com
Cc: linux-mm <linux-mm@kvack.org>
Fixes: f70abb0fc3da ("x86/asm: Fix pud/pmd interfaces to handle large PAT bit")
Link: http://lkml.kernel.org/r/1448878233-11390-2-git-send-email-bp@alien8.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>

Signed-off-by: Ingo Molnar <mingo@kernel.org>

CVE-2018-3620
CVE-2018-3646

(backported from commit 70f1528747651b20c7769d3516ade369f9963237)
[juergh: Adjusted context.]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/boot/boot.h                 |  1 -
 arch/x86/boot/video-mode.c           |  2 ++
 arch/x86/boot/video.c                |  2 ++
 arch/x86/include/asm/page_types.h    |  7 ++-----
 arch/x86/include/asm/pgtable_types.h | 14 ++++----------
 arch/x86/include/asm/x86_init.h      |  1 -
 6 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
index ef72baeff484..9e3281aa02f9 100644
--- a/arch/x86/boot/boot.h
+++ b/arch/x86/boot/boot.h
@@ -23,7 +23,6 @@
 #include <stdarg.h>
 #include <linux/types.h>
 #include <linux/edd.h>
-#include <asm/boot.h>
 #include <asm/setup.h>
 #include "bitops.h"
 #include <asm/cpufeature.h>
diff --git a/arch/x86/boot/video-mode.c b/arch/x86/boot/video-mode.c
index 748e8d06290a..a0bb0ada348d 100644
--- a/arch/x86/boot/video-mode.c
+++ b/arch/x86/boot/video-mode.c
@@ -19,6 +19,8 @@
 #include "video.h"
 #include "vesa.h"
 
+#include <uapi/asm/boot.h>
+
 /*
  * Common variables
  */
diff --git a/arch/x86/boot/video.c b/arch/x86/boot/video.c
index 43eda284d27f..ef69e889bab1 100644
--- a/arch/x86/boot/video.c
+++ b/arch/x86/boot/video.c
@@ -13,6 +13,8 @@
  * Select video mode
  */
 
+#include <uapi/asm/boot.h>
+
 #include "boot.h"
 #include "video.h"
 #include "vesa.h"
diff --git a/arch/x86/include/asm/page_types.h b/arch/x86/include/asm/page_types.h
index 80678a8775c2..9d0de079af48 100644
--- a/arch/x86/include/asm/page_types.h
+++ b/arch/x86/include/asm/page_types.h
@@ -12,8 +12,8 @@
 #define PMD_PAGE_SIZE		(_AC(1, UL) << PMD_SHIFT)
 #define PMD_PAGE_MASK		(~(PMD_PAGE_SIZE-1))
 
-#define PUD_PAGE_SIZE           (_AC(1, UL) << PUD_SHIFT)
-#define PUD_PAGE_MASK           (~(PUD_PAGE_SIZE-1))
+#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)
+#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))
 
 #define __PHYSICAL_MASK		((phys_addr_t)((1ULL << __PHYSICAL_MASK_SHIFT) - 1))
 #define __VIRTUAL_MASK		((1UL << __VIRTUAL_MASK_SHIFT) - 1)
@@ -25,9 +25,6 @@
 #define PHYSICAL_PMD_PAGE_MASK	(((signed long)PMD_PAGE_MASK) & __PHYSICAL_MASK)
 #define PHYSICAL_PUD_PAGE_MASK	(((signed long)PUD_PAGE_MASK) & __PHYSICAL_MASK)
 
-#define PUD_PAGE_SIZE		(_AC(1, UL) << PUD_SHIFT)
-#define PUD_PAGE_MASK		(~(PUD_PAGE_SIZE-1))
-
 #define HPAGE_SHIFT		PMD_SHIFT
 #define HPAGE_SIZE		(_AC(1,UL) << HPAGE_SHIFT)
 #define HPAGE_MASK		(~(HPAGE_SIZE - 1))
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 00a871c5d0af..1f8c0f1cf925 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -331,17 +331,14 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
 static inline pudval_t pud_pfn_mask(pud_t pud)
 {
 	if (native_pud_val(pud) & _PAGE_PSE)
-		return PUD_PAGE_MASK & PHYSICAL_PAGE_MASK;
+		return PHYSICAL_PUD_PAGE_MASK;
 	else
 		return PTE_PFN_MASK;
 }
 
 static inline pudval_t pud_flags_mask(pud_t pud)
 {
-	if (native_pud_val(pud) & _PAGE_PSE)
-		return ~(PUD_PAGE_MASK & (pudval_t)PHYSICAL_PAGE_MASK);
-	else
-		return ~PTE_PFN_MASK;
+	return ~pud_pfn_mask(pud);
 }
 
 static inline pudval_t pud_flags(pud_t pud)
@@ -352,17 +349,14 @@ static inline pudval_t pud_flags(pud_t pud)
 static inline pmdval_t pmd_pfn_mask(pmd_t pmd)
 {
 	if (native_pmd_val(pmd) & _PAGE_PSE)
-		return PMD_PAGE_MASK & PHYSICAL_PAGE_MASK;
+		return PHYSICAL_PMD_PAGE_MASK;
 	else
 		return PTE_PFN_MASK;
 }
 
 static inline pmdval_t pmd_flags_mask(pmd_t pmd)
 {
-	if (native_pmd_val(pmd) & _PAGE_PSE)
-		return ~(PMD_PAGE_MASK & (pmdval_t)PHYSICAL_PAGE_MASK);
-	else
-		return ~PTE_PFN_MASK;
+	return ~pmd_pfn_mask(pmd);
 }
 
 static inline pmdval_t pmd_flags(pmd_t pmd)
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index 0f1be11e43d2..666e0bd02be7 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -1,7 +1,6 @@
 #ifndef _ASM_X86_PLATFORM_H
 #define _ASM_X86_PLATFORM_H
 
-#include <asm/pgtable_types.h>
 #include <asm/bootparam.h>
 
 struct mpc_bus;

From patchwork Thu Aug 30 12:52:38 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963861
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mq24k23z9s2P;
	Thu, 30 Aug 2018 22:53:02 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRR-0003yf-34; Thu, 30 Aug 2018 12:52:53 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRM-0003u7-Gg
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:48 +0000
Received: from mail-ed1-f69.google.com ([209.85.208.69])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRM-0000cd-1s
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:48 +0000
Received: by mail-ed1-f69.google.com with SMTP id h4-v6so3640278ede.5
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=muIDtoe6HpguMKEiWIix/Ul0LzksKwEM0st1N11sQbo=;
	b=Jmtn2xDM2AGToubhmHXhbZJMFvhMYanvVcGKEHHgG/kUDyV5pQVRj4wwNR7NMyBez9
	GmlDymA4OixhzmynbfJfGol1BwITs3zsk3uFCZVYVygZ69DgLSJEe5fTzCebwbliSnLk
	RffgE3E1O40s9Q4/0yBMktBJFWKqDNDAttRghjA2QNtxD8679/iAcaYhO1Fj/CLy0vza
	KncLDySx060zdAW8Me8rvCL4NcT70LWY4ZGZskWATRR7g9vH+QbQ2zaj9+dZCsBqTtxs
	x923zB3BIhl98cAhaDOvuJVMrMvkji9ekpDgk2e1FOSudsUgeVBiHxgRX+DvJU3SaknY
	2MRw==
X-Gm-Message-State: APzg51CIAobYwppvOwGaWmGlLLIVAnlAy2Z4tZ6hwvyLVjdNU+0XlkZt
	lI7QziccbE4Ua9gOIw0KpUzp4XAjBUXrIw5hxvt69elyeRX0XScXW9Bq2CpuzFxMwWE8Iqqx4ye
	HtcpoC5YaE2X9SO35GiaBt7haWwbTev0WdRVdYINzvQ==
X-Received: by 2002:a50:8dcb:: with SMTP id
	s11-v6mr12426641edh.86.1535633567544;
	Thu, 30 Aug 2018 05:52:47 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdZWBc0cnuV3phj3KdtsKBBsf5v/+k5MU3Ue3sAJs9+sp5DcK0rUSFG0HHo7RhFf/vFotR99yg==
X-Received: by 2002:a50:8dcb:: with SMTP id
	s11-v6mr12426627edh.86.1535633567419;
	Thu, 30 Aug 2018 05:52:47 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.46
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:46 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 6/7] UBUNTU: SAUCE: x86/speculation/l1tf:
	Protect NUMA hinting PTEs against speculation
Date: Thu, 30 Aug 2018 14:52:38 +0200
Message-Id: <20180830125239.16775-7-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Add NUMA page table operations that invert the PFN to protect the NUMA
hinting PTEs against speculation.

CVE-2018-3620
CVE-2018-3646

Fixes: 6b28baca9b1f ("x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation")
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/pgtable.h | 61 ++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 9b5f836cf7ca..6e94eda41315 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -500,6 +500,67 @@ static inline int pte_present(pte_t a)
 			       _PAGE_NUMA);
 }
 
+#ifdef CONFIG_NUMA_BALANCING
+/*
+ * The following is copied from include/asm-generic/pgtable.h and modified to
+ * invert the PFN part of the PTE.
+ */
+
+/*
+ * pte/pmd_mknuma sets the _PAGE_ACCESSED bitflag automatically
+ * because they're called by the NUMA hinting minor page fault. If we
+ * wouldn't set the _PAGE_ACCESSED bitflag here, the TLB miss handler
+ * would be forced to set it later while filling the TLB after we
+ * return to userland. That would trigger a second write to memory
+ * that we optimize away by setting _PAGE_ACCESSED here.
+ */
+
+#define pte_mknonnuma pte_mknonnuma
+static inline pte_t pte_mknonnuma(pte_t pte)
+{
+	pteval_t val = pte_val(pte), oldval = val;
+
+	val &= ~_PAGE_NUMA;
+	val |= (_PAGE_PRESENT|_PAGE_ACCESSED);
+	val = flip_protnone_guard(oldval, val, PTE_PFN_MASK);
+	return __pte(val);
+}
+
+#define pmd_mknonnuma pmd_mknonnuma
+static inline pmd_t pmd_mknonnuma(pmd_t pmd)
+{
+	pmdval_t val = pmd_val(pmd), oldval = val;
+
+	val &= ~_PAGE_NUMA;
+	val |= (_PAGE_PRESENT|_PAGE_ACCESSED);
+	val = flip_protnone_guard(oldval, val, PHYSICAL_PMD_PAGE_MASK);
+	return __pmd(val);
+}
+
+#define pte_mknuma pte_mknuma
+static inline pte_t pte_mknuma(pte_t pte)
+{
+	pteval_t val = pte_val(pte), oldval = val;
+
+	val &= ~_PAGE_PRESENT;
+	val |= _PAGE_NUMA;
+	val = flip_protnone_guard(oldval, val, PTE_PFN_MASK);
+	return __pte(val);
+}
+
+#define pmd_mknuma pmd_mknuma
+static inline pmd_t pmd_mknuma(pmd_t pmd)
+{
+	pmdval_t val = pmd_val(pmd), oldval = val;
+
+	val &= ~_PAGE_PRESENT;
+	val |= _PAGE_NUMA;
+	val = flip_protnone_guard(oldval, val, PHYSICAL_PMD_PAGE_MASK);
+	return __pmd(val);
+}
+
+#endif /* CONFIG_NUMA_BALANCING */
+
 #define pte_accessible pte_accessible
 static inline bool pte_accessible(struct mm_struct *mm, pte_t a)
 {

From patchwork Thu Aug 30 12:52:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 963862
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 421Mq75wQVz9s0n;
	Thu, 30 Aug 2018 22:53:07 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fvMRZ-000474-K7; Thu, 30 Aug 2018 12:53:01 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRN-0003uz-Q0
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:49 +0000
Received: from mail-ed1-f72.google.com ([209.85.208.72])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1fvMRM-0000cl-Rb
	for kernel-team@lists.ubuntu.com; Thu, 30 Aug 2018 12:52:48 +0000
Received: by mail-ed1-f72.google.com with SMTP id g29-v6so3641337edb.1
	for <kernel-team@lists.ubuntu.com>;
	Thu, 30 Aug 2018 05:52:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=nqvwJdrwhCUqJeZ1eYzRfXP4WqZ/Gmz0G/zfunhwYxE=;
	b=LwrzmAP70t/HKFDQpdJv+oD1VpZnRDmyrvV+yAW+QaKjyE4xzAnqF7iPCxgIG6Sorg
	9JUpidMTL5oEiyGFFbnQHw/H3yTjHMP+1vfPP9KeF6wsAwcbluGqr+TCZ+xyKvYVurP1
	BmEv2HAuFclenHyz9Hpscfsbes1l+f1DeYc5D3ZxbUwpFYGylS9W8k7R8ojhSepPf8rc
	HhnZVJYlsjLqyEHSK1lu3RD9JMUHhl2afVAxDF6z9OdYpybwEMhQUy07KEHcLaYLe4Js
	1KOmwUbxikqhQ78M2l78oRCL93NBEp6MTKPJfgux2tqZihMsUIKOO7uYbezWxNRgEAot
	1lNQ==
X-Gm-Message-State: APzg51AHbPRrrHRjP+dCUKdxBM1wsfXGdkD9l/8K3wvuf1aCLClfD2TC
	gaivvx/Tng2/rbhFT6Nsyu/eIUGrEEwqKCYamEzPv7of5ti5FLvP1WozvpN1h4sRnZ+tRlB9GFY
	l5IvtEA1kJT3+ityNF/lxZUbRhc4nyERLIUDKM6W8qg==
X-Received: by 2002:a50:c251:: with SMTP id
	t17-v6mr12934672edf.108.1535633568439;
	Thu, 30 Aug 2018 05:52:48 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vdb8cnn2uUcPmgKaxiHl9hz9rrh9t7HmAlKkYFu6N5hRyCX+Dwni+d1IFlIm8y+hcHS7LAcq5Q==
X-Received: by 2002:a50:c251:: with SMTP id
	t17-v6mr12934666edf.108.1535633568333;
	Thu, 30 Aug 2018 05:52:48 -0700 (PDT)
Received: from localhost.localdomain ([81.221.205.149])
	by smtp.gmail.com with ESMTPSA id
	y27-v6sm2953550edb.20.2018.08.30.05.52.47
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 30 Aug 2018 05:52:47 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][PATCH v2 7/7] Revert "UBUNTU: [Config] disable
	NUMA_BALANCING"
Date: Thu, 30 Aug 2018 14:52:39 +0200
Message-Id: <20180830125239.16775-8-juergh@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830125239.16775-1-juergh@canonical.com>
References: <20180822064021.17216-1-juergh@canonical.com>
	<20180830125239.16775-1-juergh@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: juergh@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

This reverts commit c68375ad13b90e33dcf9d5008957ecd0e9d2c331.

CVE-2018-3620
CVE-2018-3646

Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 debian.master/config/config.common.ubuntu | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index aa9d16a0d011..3689f20ba78f 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -334,6 +334,7 @@ CONFIG_ARCH_TEGRA_124_SOC=y
 CONFIG_ARCH_TEGRA_2x_SOC=y
 CONFIG_ARCH_TEGRA_3x_SOC=y
 # CONFIG_ARCH_U8500 is not set
+CONFIG_ARCH_USES_NUMA_PROT_NONE=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_USE_BUILTIN_BSWAP=y
 CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
@@ -4599,7 +4600,8 @@ CONFIG_NTB_NETDEV=m
 # CONFIG_NTFS_DEBUG is not set
 CONFIG_NTFS_FS=m
 # CONFIG_NTFS_RW is not set
-# CONFIG_NUMA_BALANCING is not set
+CONFIG_NUMA_BALANCING=y
+CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
 # CONFIG_NUMA_EMU is not set
 CONFIG_NVEC_PAZ00=m
 CONFIG_NVEC_POWER=m