KPTI on 3.14 kernels causing segfaults |
||||||||||
Issue description[ 823.340732] powerd[1435]: segfault at 701884d70658 ip 0000701884d70658 sp 00007fff9b68a500 error 15 in libbase-core-395517.so[701884cc6000+158000] [ 823.376805] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 823.381562] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 823.421659] init: powerd main process (1435) killed by SEGV signal [ 823.421716] init: powerd main process ended, respawning [ 1246.517029] SELinux: initialized (dev proc, type proc), uses genfs_contexts [ 1246.539672] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 2236.249945] shill[1731]: segfault at 759c810a4071 ip 0000759c810a4071 sp 00007ffcfd6dffd0 error 15 in libdbus-1.so.3.14.8[759c81082000+45000] [ 2236.282651] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 2236.287397] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 2236.306198] dhcpcd[3119]: segfault at 80c8 ip 00005b76c4f34268 sp 00007fff5aff7ce0 error 6 in dhcpcd[5b76c4f2a000+3e000] [ 2236.306310] init: shill main process (1731) killed by SEGV signal [ 2236.306344] init: shill main process ended, respawning [ 2236.640908] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 2236.647692] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 3049.566275] atmel_mxt_ts i2c-ATML0000:01: Status: 10 Config Checksum: 7ac2bc [ 3049.619659] atmel_mxt_ts i2c-ATML0000:01: Status: 00 Config Checksum: 7ac2bc [ 3609.701200] tpm_tis tpm_tis: command 0x65 (size 20) returned code 0x0 [ 3609.731175] tpm_tis tpm_tis: command 0x65 (size 22) returned code 0x0 [ 3609.761473] tpm_tis tpm_tis: command 0x65 (size 22) returned code 0x0 [ 3854.480075] atmel_mxt_ts i2c-ATML0000:01: Status: 10 Config Checksum: 7ac2bc [ 3854.531717] atmel_mxt_ts i2c-ATML0000:01: Status: 00 Config Checksum: 7ac2bc [ 4179.324808] atmel_mxt_ts i2c-ATML0000:01: Status: 10 Config Checksum: 7ac2bc [ 4179.375718] atmel_mxt_ts i2c-ATML0000:01: Status: 00 Config Checksum: 7ac2bc [ 4464.205104] shill[5823]: segfault at 748dcf47fb31 ip 0000748dcf47fb31 sp 00007ffccef9a370 error 15 in libpthread-2.23.so[748dcf476000+17000] [ 4464.236744] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 4464.243496] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [ 4464.258454] init: shill main process (5823) killed by SEGV signal [ 4464.258524] init: shill main process ended, respawning [ 4464.266338] dhcpcd[5873]: segfault at 80c8 ip 0000600193242268 sp 00007ffd9ed29e40 error 6 in dhcpcd[600193238000+3e000] These go away with CONFIG_KAISER=n. KAISER patchset at refs/sandbox/jorgelo/kaiser-3.14
,
Jan 22 2018
Hmm so it at least kind of boots? Which device was this on -- Samus?
,
Jan 22 2018
This is on Samus, and it does boot. Kees thinks this is TLB-related.
,
Jan 22 2018
I think I probably mis-resolved some conflicts when I applied the 3.14 series from upstream stable onto the Chrome OS kernel.
,
Jan 23 2018
ah ok -- I can take a look at your backport after I finish some of my current work. Did you start with the 3.18 series?
,
Jan 23 2018
What's at refs/sandbox/jorgelo/kaiser-3.14 is my cherry-picking of the 3.14 stable KPTI backport done by Kees. This in turn is based on the 3.18 backport done by Hugh Dickins (hughd@google.com), which we cherry-picked (with some conflict resolution) onto our chromeos-3.18 on M63. Kees has tested that his 3.14 works correctly, so that suggests the bug was introduced when I took his set and cherry-picked it to chromeos-3.14.
,
Jan 23 2018
Attached for reference: Kees' 3.14 and Hugh's 3.18. Our 3.18 can be seen at https://chromium-review.googlesource.com/q/topic:kaiser-3.18-upload and https://chromium-review.googlesource.com/q/topic:add-pcid-3.18.
,
Feb 2 2018
I figured this out. We were missing a patch on 3.14.
,
Feb 5 2018
,
Feb 5 2018
Full KAISER patches on 3.14 Intel up at https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/901963.
,
Feb 7 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1869c728d9d4f109cb46e33da84d9cc367d3eea9 commit 1869c728d9d4f109cb46e33da84d9cc367d3eea9 Author: Jorge Lucangeli Obes <jorgelo@chromium.org> Date: Tue Feb 06 00:20:03 2018 CHROMIUM: Merge 'kaiser-3.14-merge-tag' into chromeos-3.14 Implement KAISER/KPTI for 3.14 kernels on Intel. Changelog: ---------------------------------------------------------------- Aaron Lu (1): UPSTREAM: x86/irq: Do not substract irq_tlb_count from irq_call_count Andrea Arcangeli (1): CHROMIUM: x86/mm/kaiser: re-enable vsyscalls Andrew Morton (1): UPSTREAM: include/linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() Andy Lutomirski (20): UPSTREAM: x86/mm: Add INVPCID helpers UPSTREAM: x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID UPSTREAM: x86/mm: If INVPCID is available, use it to flush global mappings UPSTREAM: sched/core: Add switch_mm_irqs_off() and use it in the scheduler UPSTREAM: x86/mm: Build arch/x86/mm/tlb.c even on !SMP UPSTREAM: x86/mm, sched/core: Uninline switch_mm() UPSTREAM: x86/mm, sched/core: Turn off IRQs in switch_mm() UPSTREAM: sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() UPSTREAM: x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() UPSTREAM: x86/mm: Remove flush_tlb() and flush_tlb_current_task() UPSTREAM: x86/mm: Make flush_tlb_mm_range() more predictable UPSTREAM: x86/mm: Fix flush_tlb_page() on Xen UPSTREAM: x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() UPSTREAM: x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code UPSTREAM: x86/mm: Disable PCID on 32-bit kernels UPSTREAM: x86/mm: Add the 'nopcid' boot option to turn off PCID UPSTREAM: x86/mm: Enable CR4.PCIDE on supported systems UPSTREAM: x86/paravirt: Replace the paravirt nop with a bona fide empty function UPSTREAM: x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code CHROMIUM: x86/mm/64: Fix reboot interaction with CR4.PCIDE Ben Serebrin (1): UPSTREAM: KVM: VMX: Preserve host CR4.MCE value while in guest mode. Borislav Petkov (4): UPSTREAM: kbuild: Steal gcc's pie from the very beginning UPSTREAM: x86, cpu: Kill cpu_has_mp UPSTREAM: x86/mm: Fix INVPCID asm constraint CHROMIUM: x86/mm: fix bad backport to disable PCID on Xen Christian Borntraeger (1): UPSTREAM: kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) Dave Hansen (11): UPSTREAM: x86/mm: Clean up the TLB flushing code UPSTREAM: x86/mm: Rip out complicated, out-of-date, buggy TLB flushing UPSTREAM: x86/mm: Fix missed global TLB flush stat UPSTREAM: x86/mm: Unify remote INVLPG code UPSTREAM: x86/mm: Add tracepoints for TLB flushes UPSTREAM: x86/mm: New tunable for single vs full TLB flush UPSTREAM: x86/mm: Set TLB flush tunable to sane value (33) UPSTREAM: x86/mm: Fix RCU splat from new TLB tracepoints UPSTREAM: x86: Axe the lightly-used cpu_has_pae UPSTREAM: x86: Introduce disabled-features UPSTREAM: x86: Add more disabled features Denys Vlasenko (1): UPSTREAM: include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header Fenghua Yu (2): UPSTREAM: x86/xsaves: Detect xsaves/xrstors feature UPSTREAM: x86/xsaves: Add a kernel parameter noxsaves to disable xsaves/xrstors H. Peter Anvin (6): UPSTREAM: x86, cpufeature: Rename X86_FEATURE_CLFLSH to X86_FEATURE_CLFLUSH UPSTREAM: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack UPSTREAM: x86, espfix: Move espfix definitions into a separate header file UPSTREAM: x86, espfix: Fix broken header guard UPSTREAM: x86, espfix: Make espfix64 a Kconfig option, fix UML UPSTREAM: x86, espfix: Make it possible to disable 16-bit support Hugh Dickins (25): CHROMIUM: kaiser: merged update CHROMIUM: kaiser: do not set _PAGE_NX on pgd_none CHROMIUM: kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE CHROMIUM: kaiser: fix build and FIXME in alloc_ldt_struct() CHROMIUM: kaiser: KAISER depends on SMP CHROMIUM: kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER CHROMIUM: kaiser: fix perf crashes CHROMIUM: kaiser: ENOMEM if kaiser_pagetable_walk() NULL CHROMIUM: kaiser: tidied up asm/kaiser.h somewhat CHROMIUM: kaiser: tidied up kaiser_add/remove_mapping slightly CHROMIUM: kaiser: kaiser_remove_mapping() move along the pgd CHROMIUM: kaiser: align addition to x86/mm/Makefile CHROMIUM: kaiser: cleanups while trying for gold link CHROMIUM: kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET CHROMIUM: kaiser: delete KAISER_REAL_SWITCH option CHROMIUM: kaiser: vmstat show NR_KAISERTABLE as nr_overhead CHROMIUM: kaiser: enhanced by kernel and user PCIDs CHROMIUM: kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user CHROMIUM: kaiser: PCID 0 for kernel and 128 for user CHROMIUM: kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user CHROMIUM: kaiser: paranoid_entry pass cr3 need to paranoid_exit CHROMIUM: kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls CHROMIUM: kaiser: fix unlikely error in alloc_ldt_struct() CHROMIUM: kaiser: alloc_ldt_struct() use get_zeroed_page() CHROMIUM: kaiser: user_map __kprobes_text too Ingo Molnar (1): UPSTREAM: mm/mmu_context, sched/core: Fix mmu_context.h assumption Jan Beulich (1): CHROMIUM: x86/debug: Drop several unnecessary CFI annotations Jeremiah Mahler (1): UPSTREAM: x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the variable read-mostly Jiri Olsa (1): CHROMIUM: perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2 Jorge Lucangeli Obes (2): CHROMIUM: kaiser: Fix kernel_stack. Merge branch 'linux/kaiser-3.14-merge-tag' into merge/chromeos-3.14-kaiser-3.14-merge-tag Kees Cook (3): UPSTREAM: kbuild: Silence unused stuff UPSTREAM: cgroup: Silence paren warning CHROMIUM: kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER Linus Torvalds (2): UPSTREAM: Disable "frame-address" warning UPSTREAM: kernel: make READ_ONCE() valid on const arguments Marcelo Tosatti (1): UPSTREAM: kvmclock: export kvmclock clocksource and data pointers Martin Schwidefsky (1): UPSTREAM: sched/mm: call finish_arch_post_lock_switch in idle_task_exit and use_mm Masami Hiramatsu (1): CHROMIUM: kprobes: Prohibit probing on .entry.text code Paolo Bonzini (1): UPSTREAM: x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is read-only Paul E. McKenney (1): UPSTREAM: rcu: Provide counterpart to rcu_dereference() for non-RCU situations Richard Fellner (1): CHROMIUM: KAISER: Kernel Address Isolation Steven Rostedt (1): UPSTREAM: ARM: Hide finish_arch_post_lock_switch() from modules Tim Gardner (2): UPSTREAM: fs: namespace: suppress 'may be used uninitialized' warnings UPSTREAM: scripts/sortextable: suppress warning: `relocs_size' may be used uninitialized Zhengyu He (1): UPSTREAM: core: fix typo in percpu read_mostly section Documentation/kernel-parameters.txt | 23 +- Documentation/x86/tlb.txt | 75 +++++ Documentation/x86/x86_64/mm.txt | 2 + Makefile | 7 +- arch/arm/include/asm/mmu_context.h | 2 + arch/x86/Kconfig | 25 +- arch/x86/boot/compressed/misc.h | 1 + arch/x86/boot/mkcpustr.c | 1 + arch/x86/ia32/ia32entry.S | 81 +++--- arch/x86/include/asm/cpufeature.h | 73 ++--- arch/x86/include/asm/desc.h | 2 +- arch/x86/include/asm/disabled-features.h | 41 +++ arch/x86/include/asm/espfix.h | 16 ++ arch/x86/include/asm/hardirq.h | 6 +- arch/x86/include/asm/hw_irq.h | 2 +- arch/x86/include/asm/kaiser.h | 126 +++++++++ arch/x86/include/asm/kvm_para.h | 10 +- arch/x86/include/asm/kvmclock.h | 6 + arch/x86/include/asm/mmu.h | 6 - arch/x86/include/asm/mmu_context.h | 55 +--- arch/x86/include/asm/pgtable.h | 18 +- arch/x86/include/asm/pgtable_64.h | 30 +- arch/x86/include/asm/pgtable_64_types.h | 2 + arch/x86/include/asm/pgtable_types.h | 33 ++- arch/x86/include/asm/processor.h | 5 +- arch/x86/include/asm/setup.h | 2 + arch/x86/include/asm/tlbflush.h | 227 +++++++++------ arch/x86/include/asm/vsyscall.h | 1 + arch/x86/include/uapi/asm/msr-index.h | 2 + arch/x86/include/uapi/asm/processor-flags.h | 3 +- arch/x86/kernel/Makefile | 1 + arch/x86/kernel/cpu/amd.c | 14 +- arch/x86/kernel/cpu/bugs.c | 8 + arch/x86/kernel/cpu/common.c | 110 ++++++-- arch/x86/kernel/cpu/intel.c | 26 -- arch/x86/kernel/cpu/mtrr/main.c | 6 +- arch/x86/kernel/cpu/perf_event.h | 1 + arch/x86/kernel/cpu/perf_event_intel_ds.c | 67 ++++- arch/x86/kernel/cpu/scattered.c | 1 - arch/x86/kernel/entry_32.S | 45 +-- arch/x86/kernel/entry_64.S | 358 ++++++++++++++++++------ arch/x86/kernel/espfix_64.c | 218 +++++++++++++++ arch/x86/kernel/head_64.S | 31 ++- arch/x86/kernel/hpet.c | 3 + arch/x86/kernel/irq.c | 3 +- arch/x86/kernel/irqinit.c | 2 +- arch/x86/kernel/kprobes/core.c | 8 + arch/x86/kernel/kvmclock.c | 4 +- arch/x86/kernel/ldt.c | 32 ++- arch/x86/kernel/machine_kexec_32.c | 3 +- arch/x86/kernel/paravirt.c | 16 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kernel/reboot.c | 4 + arch/x86/kernel/smpboot.c | 9 +- arch/x86/kernel/tracepoint.c | 2 + arch/x86/kernel/vm86_32.c | 2 +- arch/x86/kernel/vsyscall_64.c | 7 +- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/vmx.c | 12 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/Makefile | 4 +- arch/x86/mm/dump_pagetables.c | 31 ++- arch/x86/mm/init.c | 9 +- arch/x86/mm/kaiser.c | 414 ++++++++++++++++++++++++++++ arch/x86/mm/pageattr.c | 63 +++-- arch/x86/mm/pgtable.c | 31 ++- arch/x86/mm/tlb.c | 247 +++++++++++------ arch/x86/xen/enlighten.c | 6 + drivers/gpu/drm/gma500/mmu.c | 2 +- fs/compat.c | 10 +- fs/internal.h | 2 +- fs/namespace.c | 26 +- include/asm-generic/vmlinux.lds.h | 9 +- include/linux/compiler.h | 16 +- include/linux/kaiser.h | 52 ++++ include/linux/kprobes.h | 1 + include/linux/mm_types.h | 8 + include/linux/mmdebug.h | 4 + include/linux/mmu_context.h | 7 + include/linux/mmzone.h | 3 +- include/linux/percpu-defs.h | 36 ++- include/linux/rcupdate.h | 15 + include/linux/stddef.h | 9 + include/linux/vfio.h | 14 - include/trace/events/tlb.h | 40 +++ init/main.c | 6 + kernel/cgroup.c | 6 +- kernel/fork.c | 6 + kernel/kprobes.c | 13 +- kernel/sched/core.c | 8 +- mm/mmu_context.c | 5 +- mm/vmstat.c | 1 + scripts/sortextable.h | 2 +- security/Kconfig | 10 + 95 files changed, 2372 insertions(+), 629 deletions(-) create mode 100644 Documentation/x86/tlb.txt create mode 100644 arch/x86/include/asm/disabled-features.h create mode 100644 arch/x86/include/asm/espfix.h create mode 100644 arch/x86/include/asm/kaiser.h create mode 100644 arch/x86/include/asm/kvmclock.h create mode 100644 arch/x86/kernel/espfix_64.c create mode 100644 arch/x86/mm/kaiser.c create mode 100644 include/linux/kaiser.h create mode 100644 include/trace/events/tlb.h BUG= chromium:804387 TEST=Build and test on various affected systems Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Change-Id: I18dc0fa2d8e39d248d511c77b16c78bd83142eb2
,
Feb 9 2018
KPTI on 3.14 seems to have stuck.
,
Mar 8 2018
Given the potential high impact nature of a nefarious actor leveraging the vulnerability this closes up, I believe we should consider bringing this into 65. The patches have been live on 66 for over a month now with no reported negative impact, so the risk here is believed to be low. If this does cause problems in stable promotion we can always revert.
,
Mar 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a commit cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a Author: Jorge Lucangeli Obes <jorgelo@chromium.org> Date: Thu Mar 08 15:34:34 2018 CHROMIUM: Merge 'kaiser-3.14-merge-tag' into chromeos-3.14 Implement KAISER/KPTI for 3.14 kernels on Intel. Changelog: ---------------------------------------------------------------- Aaron Lu (1): UPSTREAM: x86/irq: Do not substract irq_tlb_count from irq_call_count Andrea Arcangeli (1): CHROMIUM: x86/mm/kaiser: re-enable vsyscalls Andrew Morton (1): UPSTREAM: include/linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() Andy Lutomirski (20): UPSTREAM: x86/mm: Add INVPCID helpers UPSTREAM: x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID UPSTREAM: x86/mm: If INVPCID is available, use it to flush global mappings UPSTREAM: sched/core: Add switch_mm_irqs_off() and use it in the scheduler UPSTREAM: x86/mm: Build arch/x86/mm/tlb.c even on !SMP UPSTREAM: x86/mm, sched/core: Uninline switch_mm() UPSTREAM: x86/mm, sched/core: Turn off IRQs in switch_mm() UPSTREAM: sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() UPSTREAM: x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() UPSTREAM: x86/mm: Remove flush_tlb() and flush_tlb_current_task() UPSTREAM: x86/mm: Make flush_tlb_mm_range() more predictable UPSTREAM: x86/mm: Fix flush_tlb_page() on Xen UPSTREAM: x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() UPSTREAM: x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code UPSTREAM: x86/mm: Disable PCID on 32-bit kernels UPSTREAM: x86/mm: Add the 'nopcid' boot option to turn off PCID UPSTREAM: x86/mm: Enable CR4.PCIDE on supported systems UPSTREAM: x86/paravirt: Replace the paravirt nop with a bona fide empty function UPSTREAM: x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code CHROMIUM: x86/mm/64: Fix reboot interaction with CR4.PCIDE Ben Serebrin (1): UPSTREAM: KVM: VMX: Preserve host CR4.MCE value while in guest mode. Borislav Petkov (4): UPSTREAM: kbuild: Steal gcc's pie from the very beginning UPSTREAM: x86, cpu: Kill cpu_has_mp UPSTREAM: x86/mm: Fix INVPCID asm constraint CHROMIUM: x86/mm: fix bad backport to disable PCID on Xen Christian Borntraeger (1): UPSTREAM: kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) Dave Hansen (11): UPSTREAM: x86/mm: Clean up the TLB flushing code UPSTREAM: x86/mm: Rip out complicated, out-of-date, buggy TLB flushing UPSTREAM: x86/mm: Fix missed global TLB flush stat UPSTREAM: x86/mm: Unify remote INVLPG code UPSTREAM: x86/mm: Add tracepoints for TLB flushes UPSTREAM: x86/mm: New tunable for single vs full TLB flush UPSTREAM: x86/mm: Set TLB flush tunable to sane value (33) UPSTREAM: x86/mm: Fix RCU splat from new TLB tracepoints UPSTREAM: x86: Axe the lightly-used cpu_has_pae UPSTREAM: x86: Introduce disabled-features UPSTREAM: x86: Add more disabled features Denys Vlasenko (1): UPSTREAM: include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header Fenghua Yu (2): UPSTREAM: x86/xsaves: Detect xsaves/xrstors feature UPSTREAM: x86/xsaves: Add a kernel parameter noxsaves to disable xsaves/xrstors H. Peter Anvin (6): UPSTREAM: x86, cpufeature: Rename X86_FEATURE_CLFLSH to X86_FEATURE_CLFLUSH UPSTREAM: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack UPSTREAM: x86, espfix: Move espfix definitions into a separate header file UPSTREAM: x86, espfix: Fix broken header guard UPSTREAM: x86, espfix: Make espfix64 a Kconfig option, fix UML UPSTREAM: x86, espfix: Make it possible to disable 16-bit support Hugh Dickins (25): CHROMIUM: kaiser: merged update CHROMIUM: kaiser: do not set _PAGE_NX on pgd_none CHROMIUM: kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE CHROMIUM: kaiser: fix build and FIXME in alloc_ldt_struct() CHROMIUM: kaiser: KAISER depends on SMP CHROMIUM: kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER CHROMIUM: kaiser: fix perf crashes CHROMIUM: kaiser: ENOMEM if kaiser_pagetable_walk() NULL CHROMIUM: kaiser: tidied up asm/kaiser.h somewhat CHROMIUM: kaiser: tidied up kaiser_add/remove_mapping slightly CHROMIUM: kaiser: kaiser_remove_mapping() move along the pgd CHROMIUM: kaiser: align addition to x86/mm/Makefile CHROMIUM: kaiser: cleanups while trying for gold link CHROMIUM: kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET CHROMIUM: kaiser: delete KAISER_REAL_SWITCH option CHROMIUM: kaiser: vmstat show NR_KAISERTABLE as nr_overhead CHROMIUM: kaiser: enhanced by kernel and user PCIDs CHROMIUM: kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user CHROMIUM: kaiser: PCID 0 for kernel and 128 for user CHROMIUM: kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user CHROMIUM: kaiser: paranoid_entry pass cr3 need to paranoid_exit CHROMIUM: kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls CHROMIUM: kaiser: fix unlikely error in alloc_ldt_struct() CHROMIUM: kaiser: alloc_ldt_struct() use get_zeroed_page() CHROMIUM: kaiser: user_map __kprobes_text too Ingo Molnar (1): UPSTREAM: mm/mmu_context, sched/core: Fix mmu_context.h assumption Jan Beulich (1): CHROMIUM: x86/debug: Drop several unnecessary CFI annotations Jeremiah Mahler (1): UPSTREAM: x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the variable read-mostly Jiri Olsa (1): CHROMIUM: perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2 Jorge Lucangeli Obes (2): CHROMIUM: kaiser: Fix kernel_stack. Merge branch 'linux/kaiser-3.14-merge-tag' into merge/chromeos-3.14-kaiser-3.14-merge-tag Kees Cook (3): UPSTREAM: kbuild: Silence unused stuff UPSTREAM: cgroup: Silence paren warning CHROMIUM: kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER Linus Torvalds (2): UPSTREAM: Disable "frame-address" warning UPSTREAM: kernel: make READ_ONCE() valid on const arguments Marcelo Tosatti (1): UPSTREAM: kvmclock: export kvmclock clocksource and data pointers Martin Schwidefsky (1): UPSTREAM: sched/mm: call finish_arch_post_lock_switch in idle_task_exit and use_mm Masami Hiramatsu (1): CHROMIUM: kprobes: Prohibit probing on .entry.text code Paolo Bonzini (1): UPSTREAM: x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is read-only Paul E. McKenney (1): UPSTREAM: rcu: Provide counterpart to rcu_dereference() for non-RCU situations Richard Fellner (1): CHROMIUM: KAISER: Kernel Address Isolation Steven Rostedt (1): UPSTREAM: ARM: Hide finish_arch_post_lock_switch() from modules Tim Gardner (2): UPSTREAM: fs: namespace: suppress 'may be used uninitialized' warnings UPSTREAM: scripts/sortextable: suppress warning: `relocs_size' may be used uninitialized Zhengyu He (1): UPSTREAM: core: fix typo in percpu read_mostly section Documentation/kernel-parameters.txt | 23 +- Documentation/x86/tlb.txt | 75 +++++ Documentation/x86/x86_64/mm.txt | 2 + Makefile | 7 +- arch/arm/include/asm/mmu_context.h | 2 + arch/x86/Kconfig | 25 +- arch/x86/boot/compressed/misc.h | 1 + arch/x86/boot/mkcpustr.c | 1 + arch/x86/ia32/ia32entry.S | 81 +++--- arch/x86/include/asm/cpufeature.h | 73 ++--- arch/x86/include/asm/desc.h | 2 +- arch/x86/include/asm/disabled-features.h | 41 +++ arch/x86/include/asm/espfix.h | 16 ++ arch/x86/include/asm/hardirq.h | 6 +- arch/x86/include/asm/hw_irq.h | 2 +- arch/x86/include/asm/kaiser.h | 126 +++++++++ arch/x86/include/asm/kvm_para.h | 10 +- arch/x86/include/asm/kvmclock.h | 6 + arch/x86/include/asm/mmu.h | 6 - arch/x86/include/asm/mmu_context.h | 55 +--- arch/x86/include/asm/pgtable.h | 18 +- arch/x86/include/asm/pgtable_64.h | 30 +- arch/x86/include/asm/pgtable_64_types.h | 2 + arch/x86/include/asm/pgtable_types.h | 33 ++- arch/x86/include/asm/processor.h | 5 +- arch/x86/include/asm/setup.h | 2 + arch/x86/include/asm/tlbflush.h | 227 +++++++++------ arch/x86/include/asm/vsyscall.h | 1 + arch/x86/include/uapi/asm/msr-index.h | 2 + arch/x86/include/uapi/asm/processor-flags.h | 3 +- arch/x86/kernel/Makefile | 1 + arch/x86/kernel/cpu/amd.c | 14 +- arch/x86/kernel/cpu/bugs.c | 8 + arch/x86/kernel/cpu/common.c | 110 ++++++-- arch/x86/kernel/cpu/intel.c | 26 -- arch/x86/kernel/cpu/mtrr/main.c | 6 +- arch/x86/kernel/cpu/perf_event.h | 1 + arch/x86/kernel/cpu/perf_event_intel_ds.c | 67 ++++- arch/x86/kernel/cpu/scattered.c | 1 - arch/x86/kernel/entry_32.S | 45 +-- arch/x86/kernel/entry_64.S | 358 ++++++++++++++++++------ arch/x86/kernel/espfix_64.c | 218 +++++++++++++++ arch/x86/kernel/head_64.S | 31 ++- arch/x86/kernel/hpet.c | 3 + arch/x86/kernel/irq.c | 3 +- arch/x86/kernel/irqinit.c | 2 +- arch/x86/kernel/kprobes/core.c | 8 + arch/x86/kernel/kvmclock.c | 4 +- arch/x86/kernel/ldt.c | 32 ++- arch/x86/kernel/machine_kexec_32.c | 3 +- arch/x86/kernel/paravirt.c | 16 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kernel/reboot.c | 4 + arch/x86/kernel/smpboot.c | 9 +- arch/x86/kernel/tracepoint.c | 2 + arch/x86/kernel/vm86_32.c | 2 +- arch/x86/kernel/vsyscall_64.c | 7 +- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/vmx.c | 12 +- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/Makefile | 4 +- arch/x86/mm/dump_pagetables.c | 31 ++- arch/x86/mm/init.c | 9 +- arch/x86/mm/kaiser.c | 414 ++++++++++++++++++++++++++++ arch/x86/mm/pageattr.c | 63 +++-- arch/x86/mm/pgtable.c | 31 ++- arch/x86/mm/tlb.c | 247 +++++++++++------ arch/x86/xen/enlighten.c | 6 + drivers/gpu/drm/gma500/mmu.c | 2 +- fs/compat.c | 10 +- fs/internal.h | 2 +- fs/namespace.c | 26 +- include/asm-generic/vmlinux.lds.h | 9 +- include/linux/compiler.h | 16 +- include/linux/kaiser.h | 52 ++++ include/linux/kprobes.h | 1 + include/linux/mm_types.h | 8 + include/linux/mmdebug.h | 4 + include/linux/mmu_context.h | 7 + include/linux/mmzone.h | 3 +- include/linux/percpu-defs.h | 36 ++- include/linux/rcupdate.h | 15 + include/linux/stddef.h | 9 + include/linux/vfio.h | 14 - include/trace/events/tlb.h | 40 +++ init/main.c | 6 + kernel/cgroup.c | 6 +- kernel/fork.c | 6 + kernel/kprobes.c | 13 +- kernel/sched/core.c | 8 +- mm/mmu_context.c | 5 +- mm/vmstat.c | 1 + scripts/sortextable.h | 2 +- security/Kconfig | 10 + 95 files changed, 2372 insertions(+), 629 deletions(-) create mode 100644 Documentation/x86/tlb.txt create mode 100644 arch/x86/include/asm/disabled-features.h create mode 100644 arch/x86/include/asm/espfix.h create mode 100644 arch/x86/include/asm/kaiser.h create mode 100644 arch/x86/include/asm/kvmclock.h create mode 100644 arch/x86/kernel/espfix_64.c create mode 100644 arch/x86/mm/kaiser.c create mode 100644 include/linux/kaiser.h create mode 100644 include/trace/events/tlb.h BUG= chromium:804387 TEST=Build and test on various affected systems Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Change-Id: I18dc0fa2d8e39d248d511c77b16c78bd83142eb2 (cherry picked from commit 1869c728d9d4f109cb46e33da84d9cc367d3eea9) Reviewed-on: https://chromium-review.googlesource.com/955822 Reviewed-by: Bernie Thompson <bhthompson@chromium.org> Commit-Queue: Bernie Thompson <bhthompson@chromium.org> Tested-by: Bernie Thompson <bhthompson@chromium.org> [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/drivers/gpu/drm/gma500/mmu.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/boot/compressed/misc.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/vfio.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/kernel/fork.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/vm86_32.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/disabled-features.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/mmdebug.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/Kconfig [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/perf_event_intel_ds.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/vsyscall.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/vsyscall_64.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/dump_pagetables.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/kernel/kprobes.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/Documentation/kernel-parameters.txt [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/uapi/asm/msr-index.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/Makefile [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/compiler.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/xen/enlighten.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/mm_types.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/security/Kconfig [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/Makefile [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/mmzone.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kvm/cpuid.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/mmu.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/smpboot.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/irqinit.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/setup.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/kernel/cgroup.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/pgtable_types.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/percpu-defs.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/pgtable_64.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/desc.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/ia32/ia32entry.S [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/fs/namespace.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/processor.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/uapi/asm/processor-flags.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/tracepoint.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/pageattr.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/kernel/sched/core.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/head_64.S [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/kprobes.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/rcupdate.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/mtrr/main.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/fs/compat.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/common.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/paravirt.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/Makefile [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/hardirq.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/bugs.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/arm/include/asm/mmu_context.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/process_64.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/boot/mkcpustr.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/hw_irq.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/kvm_para.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/reboot.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/kaiser.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/pgtable.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/stddef.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/perf_event.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/fs/internal.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/mm/vmstat.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/mmu_context.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/pgtable_64_types.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/pgtable.h [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/kaiser.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/tlb.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/mm/mmu_context.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/scripts/sortextable.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/asm-generic/vmlinux.lds.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/process.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/Documentation/x86/tlb.txt [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/entry_64.S [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/scattered.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/tlbflush.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kvm/x86.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/entry_32.S [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/Documentation/x86/x86_64/mm.txt [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/init.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/amd.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/machine_kexec_32.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/init/main.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/espfix.h [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/kvmclock.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/kprobes/core.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/linux/mmu_context.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kvm/vmx.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/cpu/intel.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/include/trace/events/tlb.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/irq.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/ldt.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/include/asm/cpufeature.h [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/hpet.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/espfix_64.c [modify] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/kernel/kvmclock.c [add] https://crrev.com/cf6e6ca942037005f3717c15f7ddaa0f2bcdc37a/arch/x86/mm/kaiser.c
,
Mar 12 2018
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 15 2018
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 15 2018
,
Mar 19 2018
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by jorgelo@chromium.org
, Jan 22 2018