linux-stable/arch/x86/mm
Andrey Ryabinin f3176ec942 x86/kasan: Fix boot with 5-level paging and KASAN
Since commit d52888aa27 ("x86/mm: Move LDT remap out of KASLR region on
5-level paging") kernel doesn't boot with KASAN on 5-level paging machines.
The bug is actually in early_p4d_offset() and introduced by commit
12a8cc7fcf ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")

early_p4d_offset() tries to convert pgd_val(*pgd) value to a physical
address. This doesn't make sense because pgd_val() already contains the
physical address.

It did work prior to commit d52888aa27 because the result of
"__pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK" was the same as "pgd_val(*pgd)
& PTE_PFN_MASK". __pa_nodebug() just set some high bits which were masked
out by applying PTE_PFN_MASK.

After the change of the PAGE_OFFSET offset in commit d52888aa27
__pa_nodebug(pgd_val(*pgd)) started to return a value with more high bits
set and PTE_PFN_MASK wasn't enough to mask out all of them. So it returns a
wrong not even canonical address and crashes on the attempt to dereference
it.

Switch back to pgd_val() & PTE_PFN_MASK to cure the issue.

Fixes: 12a8cc7fcf ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")
Reported-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: kasan-dev@googlegroups.com
Cc: stable@vger.kernel.org
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20190614143149.2227-1-aryabinin@virtuozzo.com
2019-06-14 16:37:30 +02:00
..
amdtopology.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
cpu_entry_area.c x86/exceptions: Split debug IST stack 2019-04-17 15:14:28 +02:00
debug_pagetables.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
dump_pagetables.c Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 15:32:35 -07:00
extable.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
fault.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 16:13:31 -07:00
highmem_32.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
hugetlbpage.c mm: simplify MEMORY_ISOLATION && COMPACTION || CMA into CONTIG_ALLOC 2019-05-14 09:47:47 -07:00
ident_map.c x86/mm: Stop pretending pgtable_l5_enabled is a variable 2018-05-19 11:56:57 +02:00
init.c x86/alternatives: Initialize temporary mm for patching 2019-04-30 12:37:52 +02:00
init_32.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
init_64.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
iomap_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ioremap.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
kasan_init_64.c x86/kasan: Fix boot with 5-level paging and KASAN 2019-06-14 16:37:30 +02:00
kaslr.c x86/mm/KASLR: Compute the size of the vmemmap section properly 2019-06-07 23:12:13 +02:00
kmmio.c x86/mm/kmmio: Make the tracer robust against L1TF 2018-08-08 22:28:34 +02:00
Makefile treewide: prefix header search paths with $(srctree)/ 2019-05-18 11:49:57 +09:00
mem_encrypt.c x86/mm: Do not use set_{pud, pmd}_safe() when splitting a large page 2019-05-08 19:08:35 +02:00
mem_encrypt_boot.S x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() 2018-02-21 09:05:04 +01:00
mem_encrypt_identity.c x86/mm/mem_encrypt: Fix erroneous sizeof() 2019-01-15 11:41:58 +01:00
mm_internal.h x86/mm: Do not use set_{pud, pmd}_safe() when splitting a large page 2019-05-08 19:08:35 +02:00
mmap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mmio-mod.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mpx.c Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-19 10:23:24 -07:00
numa.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
numa_32.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_64.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
numa_emulation.c Merge branch 'core/urgent' into x86/urgent, to pick up objtool fix 2018-11-03 23:42:16 +01:00
numa_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pageattr-test.c x86/mm/cpa: Simplify the code after making cpa->vaddr invariant 2018-12-17 18:54:25 +01:00
pageattr.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
pat.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
pat_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pat_rbtree.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pf_in.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pf_in.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pgtable.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 16:13:31 -07:00
pgtable_32.c x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() 2018-02-15 01:15:52 +01:00
physaddr.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
physaddr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pkeys.c x86/pkeys: Add PKRU value to init_fpstate 2019-04-12 20:21:10 +02:00
pti.c Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 15:32:35 -07:00
setup_nx.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
srat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
testmmiotrace.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tlb.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00