[thirdparty/kernel/stable-queue.git] / pending-4.14 / arm64-mm-inhibit-huge-vmap-with-ptdump.patch

From a120d6592c3daa5925840efb3f72c74a05c3ace8 Mon Sep 17 00:00:00 2001
From: Mark Rutland <mark.rutland@arm.com>
Date: Tue, 14 May 2019 14:30:06 +0530
Subject: arm64/mm: Inhibit huge-vmap with ptdump

[ Upstream commit 7ba36eccb3f83983a651efd570b4f933ecad1b5c ]

The arm64 ptdump code can race with concurrent modification of the
kernel page tables. At the time this was added, this was sound as:

* Modifications to leaf entries could result in stale information being
  logged, but would not result in a functional problem.

* Boot time modifications to non-leaf entries (e.g. freeing of initmem)
  were performed when the ptdump code cannot be invoked.

* At runtime, modifications to non-leaf entries only occurred in the
  vmalloc region, and these were strictly additive, as intermediate
  entries were never freed.

However, since commit:

  commit 324420bf91f6 ("arm64: add support for ioremap() block mappings")

... it has been possible to create huge mappings in the vmalloc area at
runtime, and as part of this existing intermediate levels of table my be
removed and freed.

It's possible for the ptdump code to race with this, and continue to
walk tables which have been freed (and potentially poisoned or
reallocated). As a result of this, the ptdump code may dereference bogus
addresses, which could be fatal.

Since huge-vmap is a TLB and memory optimization, we can disable it when
the runtime ptdump code is in use to avoid this problem.

Cc: Catalin Marinas <catalin.marinas@arm.com>
Fixes: 324420bf91f60582 ("arm64: add support for ioremap() block mappings")
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/mm/mmu.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 6ac0d32d60a5..abb9d2ecc675 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -899,13 +899,18 @@ void *__init fixmap_remap_fdt(phys_addr_t dt_phys)
 
 int __init arch_ioremap_pud_supported(void)
 {
-	/* only 4k granule supports level 1 block mappings */
-	return IS_ENABLED(CONFIG_ARM64_4K_PAGES);
+	/*
+	 * Only 4k granule supports level 1 block mappings.
+	 * SW table walks can't handle removal of intermediate entries.
+	 */
+	return IS_ENABLED(CONFIG_ARM64_4K_PAGES) &&
+	       !IS_ENABLED(CONFIG_ARM64_PTDUMP_DEBUGFS);
 }
 
 int __init arch_ioremap_pmd_supported(void)
 {
-	return 1;
+	/* See arch_ioremap_pud_supported() */
+	return !IS_ENABLED(CONFIG_ARM64_PTDUMP_DEBUGFS);
 }
 
 int pud_set_huge(pud_t *pud, phys_addr_t phys, pgprot_t prot)
-- 
2.20.1
Commit	Line	Data
1cd4ef76 SL	1	From a120d6592c3daa5925840efb3f72c74a05c3ace8 Mon Sep 17 00:00:00 2001
	2	From: Mark Rutland <mark.rutland@arm.com>
	3	Date: Tue, 14 May 2019 14:30:06 +0530
	4	Subject: arm64/mm: Inhibit huge-vmap with ptdump
	5
	6	[ Upstream commit 7ba36eccb3f83983a651efd570b4f933ecad1b5c ]
	7
	8	The arm64 ptdump code can race with concurrent modification of the
	9	kernel page tables. At the time this was added, this was sound as:
	10
	11	* Modifications to leaf entries could result in stale information being
	12	logged, but would not result in a functional problem.
	13
	14	* Boot time modifications to non-leaf entries (e.g. freeing of initmem)
	15	were performed when the ptdump code cannot be invoked.
	16
	17	* At runtime, modifications to non-leaf entries only occurred in the
	18	vmalloc region, and these were strictly additive, as intermediate
	19	entries were never freed.
	20
	21	However, since commit:
	22
	23	commit 324420bf91f6 ("arm64: add support for ioremap() block mappings")
	24
	25	... it has been possible to create huge mappings in the vmalloc area at
	26	runtime, and as part of this existing intermediate levels of table my be
	27	removed and freed.
	28
	29	It's possible for the ptdump code to race with this, and continue to
	30	walk tables which have been freed (and potentially poisoned or
	31	reallocated). As a result of this, the ptdump code may dereference bogus
	32	addresses, which could be fatal.
	33
	34	Since huge-vmap is a TLB and memory optimization, we can disable it when
	35	the runtime ptdump code is in use to avoid this problem.
	36
	37	Cc: Catalin Marinas <catalin.marinas@arm.com>
	38	Fixes: 324420bf91f60582 ("arm64: add support for ioremap() block mappings")
	39	Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
	40	Signed-off-by: Mark Rutland <mark.rutland@arm.com>
	41	Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
	42	Signed-off-by: Will Deacon <will.deacon@arm.com>
	43	Signed-off-by: Sasha Levin <sashal@kernel.org>
	44	---
	45	arch/arm64/mm/mmu.c \| 11 ++++++++---
	46	1 file changed, 8 insertions(+), 3 deletions(-)
	47
	48	diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
	49	index 6ac0d32d60a5..abb9d2ecc675 100644
	50	--- a/arch/arm64/mm/mmu.c
	51	+++ b/arch/arm64/mm/mmu.c
	52	@@ -899,13 +899,18 @@ void *__init fixmap_remap_fdt(phys_addr_t dt_phys)
	53
	54	int __init arch_ioremap_pud_supported(void)
	55	{
	56	- /* only 4k granule supports level 1 block mappings */
	57	- return IS_ENABLED(CONFIG_ARM64_4K_PAGES);
	58	+ /*
	59	+ * Only 4k granule supports level 1 block mappings.
	60	+ * SW table walks can't handle removal of intermediate entries.
	61	+ */
	62	+ return IS_ENABLED(CONFIG_ARM64_4K_PAGES) &&
	63	+ !IS_ENABLED(CONFIG_ARM64_PTDUMP_DEBUGFS);
	64	}
65
66	int __init arch_ioremap_pmd_supported(void)
67	{
68	- return 1;
69	+ /* See arch_ioremap_pud_supported() */
70	+ return !IS_ENABLED(CONFIG_ARM64_PTDUMP_DEBUGFS);
71	}
72
73	int pud_set_huge(pud_t *pud, phys_addr_t phys, pgprot_t prot)
74	--
75	2.20.1
76