* [PATCH 1/3] x86_64: kasan: flush tlbs after switching cr3
@ 2015-06-19 17:17 Andrey Ryabinin
2015-06-19 17:17 ` [PATCH 2/3] x86_64: kasan: fix boot crash on AMD processors Andrey Ryabinin
[not found] ` <1434734247-29153-3-git-send-email-a.ryabinin@samsung.com>
0 siblings, 2 replies; 4+ messages in thread
From: Andrey Ryabinin @ 2015-06-19 17:17 UTC (permalink / raw
To: Ingo Molnar, H. Peter Anvin, Thomas Gleixner, x86
Cc: Andrey Konovalov, Andrew Morton, Borislav Petkov, Alexander Popov,
Dmitry Vyukov, Alexander Potapenko, Andrey Ryabinin, 4.0
load_cr3() doesn't cause tlb_flush if PGE enabled.
This may cause tons of false positive reports spamming
kernel to death.
To fix this __flush_tlb_all() should be called explicitly
after cr3 changed.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: stable@vger.kernel.org # 4.0
---
arch/x86/mm/kasan_init_64.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
index 0e4a05f..5d26642 100644
--- a/arch/x86/mm/kasan_init_64.c
+++ b/arch/x86/mm/kasan_init_64.c
@@ -208,6 +208,7 @@ void __init kasan_init(void)
memcpy(early_level4_pgt, init_level4_pgt, sizeof(early_level4_pgt));
load_cr3(early_level4_pgt);
+ __flush_tlb_all();
clear_pgds(KASAN_SHADOW_START, KASAN_SHADOW_END);
@@ -234,5 +235,6 @@ void __init kasan_init(void)
memset(kasan_zero_page, 0, PAGE_SIZE);
load_cr3(init_level4_pgt);
+ __flush_tlb_all();
init_task.kasan_depth = 0;
}
--
2.4.4
--
To unsubscribe from this list: send the line "unsubscribe stable" in
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] x86_64: kasan: fix boot crash on AMD processors
2015-06-19 17:17 [PATCH 1/3] x86_64: kasan: flush tlbs after switching cr3 Andrey Ryabinin
@ 2015-06-19 17:17 ` Andrey Ryabinin
[not found] ` <1434734247-29153-3-git-send-email-a.ryabinin@samsung.com>
1 sibling, 0 replies; 4+ messages in thread
From: Andrey Ryabinin @ 2015-06-19 17:17 UTC (permalink / raw
To: Ingo Molnar, H. Peter Anvin, Thomas Gleixner, x86
Cc: Andrey Konovalov, Andrew Morton, Borislav Petkov, Alexander Popov,
Dmitry Vyukov, Alexander Potapenko, Andrey Ryabinin, 4.0
While populating zero shadow wrong bits in upper level page tables
used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has
_PAGE_BIT_GLOBAL set. Global bit is present only in the lowest
level of the page translation hierarchy (ptes), and it should be zero
in upper levels.
This bug seems doesn't cause any troubles on Intel cpus, while on AMDs
it cause kernel crash on boot.
Use _KERNPG_TABLE bits for pgds/puds/pmds to fix this.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Reported-by: Borislav Petkov <bp@alien8.de>
Cc: stable@vger.kernel.org # 4.0
---
arch/x86/mm/kasan_init_64.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
index 5d26642..9a54dbe 100644
--- a/arch/x86/mm/kasan_init_64.c
+++ b/arch/x86/mm/kasan_init_64.c
@@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr,
while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) {
WARN_ON(!pmd_none(*pmd));
set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PMD_SIZE;
pmd = pmd_offset(pud, addr);
}
@@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr,
while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) {
WARN_ON(!pud_none(*pud));
set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PUD_SIZE;
pud = pud_offset(pgd, addr);
}
@@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end)
while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) {
WARN_ON(!pgd_none(*pgd));
set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud)
- | __PAGE_KERNEL_RO));
+ | _KERNPG_TABLE));
addr += PGDIR_SIZE;
pgd = pgd_offset_k(addr);
}
--
2.4.4
--
To unsubscribe from this list: send the line "unsubscribe stable" in
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 3/3] x86_64: kasan: add message about kasan being initialized
[not found] ` <20150620131813.GA6534@gmail.com>
@ 2015-06-22 16:06 ` Andrey Ryabinin
2015-06-30 5:23 ` Ingo Molnar
0 siblings, 1 reply; 4+ messages in thread
From: Andrey Ryabinin @ 2015-06-22 16:06 UTC (permalink / raw
To: Ingo Molnar, Dmitry Vyukov
Cc: Ingo Molnar, H. Peter Anvin, Thomas Gleixner, x86@kernel.org,
Andrey Konovalov, Andrew Morton, Borislav Petkov, Alexander Popov,
Alexander Potapenko, open list
On 06/20/2015 04:18 PM, Ingo Molnar wrote:
>
> Please call it 'kasan' or 'KASAN', and also explain it in the message and prefix
> it properly with the subsystem name (kasan), so something like:
>
> pr_info("kasan: Kernel Address SANitizer (KASAN) initialized\n");
>
> Other kasan messages should also carry a 'kasan: ' prefix, so that it's
> unambiguous what generated the message, and also to make it easier to grep out of
> logs.
>
This patch adds "kasan: " prefix for all messages from this file ( +#define pr_fmt(fmt) "kasan: " fmt )
I'm agree with Dmitry, I would choose kasan name too.
In this case, adding explanation in the message will produce too much kasans in one short message:
kasan: Kernel address sanitizer (kasan) initialized
Perhaps it would be better to keep this patch as is. Ok?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 3/3] x86_64: kasan: add message about kasan being initialized
2015-06-22 16:06 ` [PATCH 3/3] x86_64: kasan: add message about kasan being initialized Andrey Ryabinin
@ 2015-06-30 5:23 ` Ingo Molnar
0 siblings, 0 replies; 4+ messages in thread
From: Ingo Molnar @ 2015-06-30 5:23 UTC (permalink / raw
To: Andrey Ryabinin
Cc: Dmitry Vyukov, Ingo Molnar, H. Peter Anvin, Thomas Gleixner,
x86@kernel.org, Andrey Konovalov, Andrew Morton, Borislav Petkov,
Alexander Popov, Alexander Potapenko, open list
* Andrey Ryabinin <a.ryabinin@samsung.com> wrote:
> On 06/20/2015 04:18 PM, Ingo Molnar wrote:
> >
> > Please call it 'kasan' or 'KASAN', and also explain it in the message and prefix
> > it properly with the subsystem name (kasan), so something like:
> >
> > pr_info("kasan: Kernel Address SANitizer (KASAN) initialized\n");
> >
> > Other kasan messages should also carry a 'kasan: ' prefix, so that it's
> > unambiguous what generated the message, and also to make it easier to grep out of
> > logs.
> >
>
> This patch adds "kasan: " prefix for all messages from this file ( +#define pr_fmt(fmt) "kasan: " fmt )
>
> I'm agree with Dmitry, I would choose kasan name too.
> In this case, adding explanation in the message will produce too much kasans in one short message:
>
> kasan: Kernel address sanitizer (kasan) initialized
>
> Perhaps it would be better to keep this patch as is. Ok?
So if there's a latest series of fixes to apply, please send it.
Thanks,
Ingo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-30 5:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-19 17:17 [PATCH 1/3] x86_64: kasan: flush tlbs after switching cr3 Andrey Ryabinin
2015-06-19 17:17 ` [PATCH 2/3] x86_64: kasan: fix boot crash on AMD processors Andrey Ryabinin
[not found] ` <1434734247-29153-3-git-send-email-a.ryabinin@samsung.com>
[not found] ` <CACT4Y+ZRJk+6QHGhN3Vz=Hnv=PjB2P-P-Y9UiZAHNsvO=7v_MA@mail.gmail.com>
[not found] ` <20150620131813.GA6534@gmail.com>
2015-06-22 16:06 ` [PATCH 3/3] x86_64: kasan: add message about kasan being initialized Andrey Ryabinin
2015-06-30 5:23 ` Ingo Molnar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.