3 files changed, 38 insertions, 2 deletions

diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
index bd090367236c..34cffcef7375 100644
--- a/arch/x86/include/asm/set_memory.h
+++ b/arch/x86/include/asm/set_memory.h
@@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages);
 int set_memory_4k(unsigned long addr, int numpages);
 int set_memory_encrypted(unsigned long addr, int numpages);
 int set_memory_decrypted(unsigned long addr, int numpages);
+int set_memory_np_noalias(unsigned long addr, int numpages);
 
 int set_memory_array_uc(unsigned long *addr, int addrinarray);
 int set_memory_array_wc(unsigned long *addr, int addrinarray);
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index bc11dedffc45..74b157ac078d 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -780,8 +780,30 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
  */
 void free_kernel_image_pages(void *begin, void *end)
 {
-        free_init_pages("unused kernel image",
-                        (unsigned long)begin, (unsigned long)end);
+        unsigned long begin_ul = (unsigned long)begin;
+        unsigned long end_ul = (unsigned long)end;
+        unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT;
+
+
+        free_init_pages("unused kernel image", begin_ul, end_ul);
+
+        /*
+         * PTI maps some of the kernel into userspace.  For performance,
+         * this includes some kernel areas that do not contain secrets.
+         * Those areas might be adjacent to the parts of the kernel image
+         * being freed, which may contain secrets.  Remove the "high kernel
+         * image mapping" for these freed areas, ensuring they are not even
+         * potentially vulnerable to Meltdown regardless of the specific
+         * optimizations PTI is currently using.
+         *
+         * The "noalias" prevents unmapping the direct map alias which is
+         * needed to access the freed pages.
+         *
+         * This is only valid for 64bit kernels. 32bit has only one mapping
+         * which can't be treated in this way for obvious reasons.
+         */
+        if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI))
+                set_memory_np_noalias(begin_ul, len_pages);
 }
 
 void __ref free_initmem(void)
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index c04153796f61..0a74996a1149 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock);
 #define CPA_FLUSHTLB 1
 #define CPA_ARRAY 2
 #define CPA_PAGES_ARRAY 4
+#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */
 
 #ifdef CONFIG_PROC_FS
 static unsigned long direct_pages_count[PG_LEVEL_NUM];
@@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
 
         /* No alias checking for _NX bit modifications */
         checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX;
+        /* Has caller explicitly disabled alias checking? */
+        if (in_flag & CPA_NO_CHECK_ALIAS)
+                checkalias = 0;
 
         ret = __change_page_attr_set_clr(&cpa, checkalias);
 
@@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages)
         return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0);
 }
 
+int set_memory_np_noalias(unsigned long addr, int numpages)
+{
+        int cpa_flags = CPA_NO_CHECK_ALIAS;
+
+        return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
+                                        __pgprot(_PAGE_PRESENT), 0,
+                                        cpa_flags, NULL);
+}
+
 int set_memory_4k(unsigned long addr, int numpages)
 {
         return change_page_attr_set_clr(&addr, numpages, __pgprot(0),