New issue
Advanced search Search tips

Issue 807797 link

Starred by 1 user
Status: Fixed
Owner:
jorgelo@chromium.org
Closed: Feb 2018
Cc:
bhthompson@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Incorporate KAISER patches to Chrome OS 3.8 kernel

Project Member Reported by jorgelo@chromium.org, Jan 31 2018 
For Meltdown (SSCA variant 3).
Project Member

Comment 1 by bugdroid1@chromium.org, Feb 2 2018

Labels: merge-merged-chromeos-3.8
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/3276f7ccdee96f54412d92ec4815529e4c52fe1d

commit 3276f7ccdee96f54412d92ec4815529e4c52fe1d
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Thu Feb 01 20:28:04 2018

CHROMIUM: Merge 'kaiser-3.8-reqs' into chromeos-3.8

We have a working KPTI backport to 3.8 kernels. While we decide what
to do with the current need to use "nopcid" in the kernel commandline,
let's land the bulk of the prep work. This merge is up to (and
including) the "nopcid" patch just in case we need it later.

Hugh Dickins suggested getting the 'espfix' CLs in before landing KPTI,
so this merge includes that as well.

BUG= chromium:807797 
TEST=Build and boot on link, run browser benchmarks as stress test.
TEST=panther, falco tryjobs.

Changelog:
----------------------------------------------------------------
Aaron Lu (1):
      UPSTREAM: x86/irq: Do not substract irq_tlb_count from irq_call_count

Andy Lutomirski (21):
      UPSTREAM: x86_64/entry/xen: Do not invoke espfix64 on Xen
      UPSTREAM: x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
      BACKPORT: x86_64, traps: Stop using IST for #SS
      UPSTREAM: x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
      UPSTREAM: x86, tls, ldt: Stop checking lm in LDT_empty
      UPSTREAM: x86, tls: Interpret an all-zero struct user_desc as "no segment"
      UPSTREAM: x86/mm: Add INVPCID helpers
      UPSTREAM: x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
      UPSTREAM: x86/mm: If INVPCID is available, use it to flush global mappings
      UPSTREAM: sched/core: Add switch_mm_irqs_off() and use it in the scheduler
      UPSTREAM: x86/mm: Build arch/x86/mm/tlb.c even on !SMP
      BACKPORT: x86/mm, sched/core: Uninline switch_mm()
      UPSTREAM: x86/mm, sched/core: Turn off IRQs in switch_mm()
      UPSTREAM: sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
      UPSTREAM: x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
      UPSTREAM: x86/mm: Remove flush_tlb() and flush_tlb_current_task()
      UPSTREAM: x86/mm: Fix flush_tlb_page() on Xen
      UPSTREAM: x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
      BACKPORT: x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
      UPSTREAM: x86/mm: Disable PCID on 32-bit kernels
      BACKPORT: x86/mm: Add the 'nopcid' boot option to turn off PCID

Boris Ostrovsky (1):
      UPSTREAM: x86/espfix/xen: Fix allocation of pages for paravirt page tables

Borislav Petkov (1):
      UPSTREAM: x86/mm: Fix INVPCID asm constraint

Frederic Weisbecker (4):
      UPSTREAM: context_tracking: Export context state for generic vtime
      BACKPORT: context_tracking: Move exception handling to generic code
      BACKPORT: context_tracking: Restore correct previous context state on exception exit
      BACKPORT: kvm: Move guest entry/exit APIs to context_tracking

H. Peter Anvin (6):
      UPSTREAM: x86-32, espfix: Remove filter for espfix32 due to race
      UPSTREAM: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
      UPSTREAM: x86, espfix: Move espfix definitions into a separate header file
      UPSTREAM: x86, espfix: Fix broken header guard
      UPSTREAM: x86, espfix: Make espfix64 a Kconfig option, fix UML
      UPSTREAM: x86, espfix: Make it possible to disable 16-bit support

Ingo Molnar (1):
      UPSTREAM: mm/mmu_context, sched/core: Fix mmu_context.h assumption

Jorge Lucangeli Obes (1):
      Merge branch 'linux/kaiser-3.8-reqs-new-tag' into merge/chromeos-3.8-kaiser-3.8-reqs-new-tag

Sebastian Andrzej Siewior (1):
      UPSTREAM: x86/mm: Disable preemption during CR3 read+write

 Documentation/kernel-parameters.txt     |   4 +
 Documentation/x86/x86_64/mm.txt         |   2 +
 arch/x86/Kconfig                        |  25 +++-
 arch/x86/include/asm/context_tracking.h |  21 ----
 arch/x86/include/asm/desc.h             |  20 ++-
 arch/x86/include/asm/espfix.h           |  16 +++
 arch/x86/include/asm/hardirq.h          |   6 +-
 arch/x86/include/asm/irqflags.h         |   2 +-
 arch/x86/include/asm/mmu.h              |   6 -
 arch/x86/include/asm/mmu_context.h      |  46 +------
 arch/x86/include/asm/pgtable_64_types.h |   2 +
 arch/x86/include/asm/setup.h            |   2 +
 arch/x86/include/asm/tlbflush.h         | 129 +++++++++++---------
 arch/x86/kernel/Makefile                |   1 +
 arch/x86/kernel/cpu/bugs.c              |   8 ++
 arch/x86/kernel/cpu/common.c            |  39 ++++++
 arch/x86/kernel/entry_32.S              |  17 ++-
 arch/x86/kernel/entry_64.S              |  45 ++++++-
 arch/x86/kernel/espfix_64.c             | 208 ++++++++++++++++++++++++++++++++
 arch/x86/kernel/irq.c                   |   3 +-
 arch/x86/kernel/kvm.c                   |  17 ++-
 arch/x86/kernel/kvmclock.c              |   1 -
 arch/x86/kernel/ldt.c                   |   8 +-
 arch/x86/kernel/paravirt_patch_64.c     |   2 -
 arch/x86/kernel/smpboot.c               |   7 ++
 arch/x86/kernel/tls.c                   |  25 +++-
 arch/x86/kernel/traps.c                 |  89 ++++++++++----
 arch/x86/kernel/vm86_32.c               |   2 +-
 arch/x86/mm/Makefile                    |   3 +-
 arch/x86/mm/dump_pagetables.c           |  39 ++++--
 arch/x86/mm/fault.c                     |   8 +-
 arch/x86/mm/tlb.c                       |  80 +++++++-----
 include/linux/context_tracking.h        |  85 ++++++++++++-
 include/linux/kvm_host.h                |   2 +
 include/linux/mmu_context.h             |   7 ++
 init/main.c                             |   4 +
 kernel/context_tracking.c               |  16 +--
 kernel/sched/core.c                     |   4 +-
 mm/mmu_context.c                        |   2 +-
 39 files changed, 737 insertions(+), 266 deletions(-)
 create mode 100644 arch/x86/include/asm/espfix.h
 create mode 100644 arch/x86/kernel/espfix_64.c

BUG= chromium:807797 
TEST=Build and test on various affected systems
Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

Change-Id: I4a823a9c9e49ca7164ba20b7100301bdc23ae993
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 3 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/06ba5525027f87f379af9ae1e7e6e0b9c16401cf

commit 06ba5525027f87f379af9ae1e7e6e0b9c16401cf
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Feb 02 20:57:25 2018

CHROMIUM: Merge 'kaiser-3.8-tag' into chromeos-3.8

Implement KAISER/KPTI on 3.8 kernels.

Changelog:
----------------------------------------------------------------
Andrea Arcangeli (1):
      BACKPORT: x86/mm/kaiser: re-enable vsyscalls

Andy Lutomirski (2):
      BACKPORT: x86/mm: Enable CR4.PCIDE on supported systems
      UPSTREAM: x86/mm/64: Fix reboot interaction with CR4.PCIDE

Borislav Petkov (1):
      UPSTREAM: x86/mm: fix bad backport to disable PCID on Xen

Hugh Dickins (3):
      CHROMIUM: KAISER: Kernel Address Isolation
      CHROMIUM: kaiser: user_map __kprobes_text too
      CHROMIUM: kaiser: setup_pcid() beware in setting X86_CR4_PCIDE

Jorge Lucangeli Obes (2):
      CHROMIUM: kaiser: Fix kernel_stack.
      Merge branch 'linux/kaiser-3.8-tag' into merge/chromeos-3.8-kaiser-3.8-tag

Kees Cook (1):
      UPSTREAM: kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER

 arch/x86/boot/compressed/misc.h             |   1 +
 arch/x86/ia32/ia32entry.S                   |   7 +
 arch/x86/include/asm/cpufeature.h           |   1 +
 arch/x86/include/asm/desc.h                 |   2 +-
 arch/x86/include/asm/hw_irq.h               |   2 +-
 arch/x86/include/asm/kaiser.h               | 126 +++++++++
 arch/x86/include/asm/pgtable.h              |  18 +-
 arch/x86/include/asm/pgtable_64.h           |  29 +-
 arch/x86/include/asm/pgtable_types.h        |  33 ++-
 arch/x86/include/asm/processor.h            |   4 +-
 arch/x86/include/asm/tlbflush.h             |  72 ++++-
 arch/x86/include/asm/vsyscall.h             |   1 +
 arch/x86/include/uapi/asm/processor-flags.h |   3 +-
 arch/x86/kernel/cpu/common.c                |  57 +++-
 arch/x86/kernel/cpu/perf_event_intel_ds.c   |  54 +++-
 arch/x86/kernel/entry_64.S                  | 101 +++++--
 arch/x86/kernel/head_64.S                   |  24 +-
 arch/x86/kernel/hpet.c                      |   3 +
 arch/x86/kernel/irqinit.c                   |   2 +-
 arch/x86/kernel/ldt.c                       |  16 ++
 arch/x86/kernel/process.c                   |   2 +-
 arch/x86/kernel/process_64.c                |   2 +-
 arch/x86/kernel/reboot.c                    |   4 +
 arch/x86/kernel/vsyscall_64.c               |   7 +-
 arch/x86/kvm/x86.c                          |   3 +-
 arch/x86/mm/Makefile                        |   1 +
 arch/x86/mm/kaiser.c                        | 401 ++++++++++++++++++++++++++++
 arch/x86/mm/pgtable.c                       |  31 ++-
 arch/x86/mm/tlb.c                           |  41 ++-
 arch/x86/xen/enlighten.c                    |   6 +
 include/asm-generic/vmlinux.lds.h           |   7 +
 include/linux/kaiser.h                      |  52 ++++
 include/linux/mmzone.h                      |   3 +-
 include/linux/percpu-defs.h                 |  32 ++-
 init/main.c                                 |   2 +
 kernel/fork.c                               |   9 +-
 mm/vmstat.c                                 |   1 +
 security/Kconfig                            |  10 +
 38 files changed, 1105 insertions(+), 65 deletions(-)
 create mode 100644 arch/x86/include/asm/kaiser.h
 create mode 100644 arch/x86/mm/kaiser.c
 create mode 100644 include/linux/kaiser.h

BUG= chromium:807797 
TEST=Build and test on various affected systems
Signed-off-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

Change-Id: Ia8134927121ece9c389c811acb7a4e8e490e2c76

Comment 3 by jorgelo@chromium.org, Feb 3 2018

Status: Fixed (was: Untriaged)

Comment 4 by bhthompson@google.com, Mar 8 2018

Labels: Merge-Approved-65
Given the potential high impact nature of a nefarious actor leveraging the vulnerability this closes up, I believe we should consider bringing this into 65.

The patches have been live on 66 for over a month now with no reported negative impact, so the risk here is believed to be low.

If this does cause problems in stable promotion we can always revert.
Project Member

Comment 5 by sheriffbot@chromium.org, Mar 12 2018

Cc: bhthompson@google.com
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 6 by sheriffbot@chromium.org, Mar 15 2018 

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by jorgelo@chromium.org, Mar 15 2018

Labels: -Merge-Approved-65 Disable-Nags

Sign in to add a comment