diff options
| author | Dave Hansen <dave.hansen@linux.intel.com> | 2018-01-10 17:49:39 -0500 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2018-01-11 17:36:59 -0500 |
| commit | 445b69e3b75e42362a5bdc13c8b8f61599e2228a (patch) | |
| tree | 0855cd6779853158f681c3308e46fcacb19d3e23 | |
| parent | 612e8e9350fd19cae6900cf36ea0c6892d1a0dca (diff) | |
x86/pti: Make unpoison of pgd for trusted boot work for real
The inital fix for trusted boot and PTI potentially misses the pgd clearing
if pud_alloc() sets a PGD. It probably works in *practice* because for two
adjacent calls to map_tboot_page() that share a PGD entry, the first will
clear NX, *then* allocate and set the PGD (without NX clear). The second
call will *not* allocate but will clear the NX bit.
Defer the NX clearing to a point after it is known that all top-level
allocations have occurred. Add a comment to clarify why.
[ tglx: Massaged changelog ]
Fixes: 262b6b30087 ("x86/tboot: Unbreak tboot with PTI enabled")
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: "Tim Chen" <tim.c.chen@linux.intel.com>
Cc: gnomes@lxorguk.ukuu.org.uk
Cc: peterz@infradead.org
Cc: ning.sun@intel.com
Cc: tboot-devel@lists.sourceforge.net
Cc: andi@firstfloor.org
Cc: luto@kernel.org
Cc: law@redhat.com
Cc: pbonzini@redhat.com
Cc: torvalds@linux-foundation.org
Cc: gregkh@linux-foundation.org
Cc: dwmw@amazon.co.uk
Cc: nickc@redhat.com
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180110224939.2695CD47@viggo.jf.intel.com
| -rw-r--r-- | arch/x86/kernel/tboot.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index 75869a4b6c41..a2486f444073 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c | |||
| @@ -127,7 +127,6 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn, | |||
| 127 | p4d = p4d_alloc(&tboot_mm, pgd, vaddr); | 127 | p4d = p4d_alloc(&tboot_mm, pgd, vaddr); |
| 128 | if (!p4d) | 128 | if (!p4d) |
| 129 | return -1; | 129 | return -1; |
| 130 | pgd->pgd &= ~_PAGE_NX; | ||
| 131 | pud = pud_alloc(&tboot_mm, p4d, vaddr); | 130 | pud = pud_alloc(&tboot_mm, p4d, vaddr); |
| 132 | if (!pud) | 131 | if (!pud) |
| 133 | return -1; | 132 | return -1; |
| @@ -139,6 +138,17 @@ static int map_tboot_page(unsigned long vaddr, unsigned long pfn, | |||
| 139 | return -1; | 138 | return -1; |
| 140 | set_pte_at(&tboot_mm, vaddr, pte, pfn_pte(pfn, prot)); | 139 | set_pte_at(&tboot_mm, vaddr, pte, pfn_pte(pfn, prot)); |
| 141 | pte_unmap(pte); | 140 | pte_unmap(pte); |
| 141 | |||
| 142 | /* | ||
| 143 | * PTI poisons low addresses in the kernel page tables in the | ||
| 144 | * name of making them unusable for userspace. To execute | ||
| 145 | * code at such a low address, the poison must be cleared. | ||
| 146 | * | ||
| 147 | * Note: 'pgd' actually gets set in p4d_alloc() _or_ | ||
| 148 | * pud_alloc() depending on 4/5-level paging. | ||
| 149 | */ | ||
| 150 | pgd->pgd &= ~_PAGE_NX; | ||
| 151 | |||
| 142 | return 0; | 152 | return 0; |
| 143 | } | 153 | } |
| 144 | 154 | ||