queue-5.1/x86-kasan-fix-boot-with-5-level-paging-and-kasan.patch

   1 From f3176ec9420de0c385023afa3e4970129444ac2f Mon Sep 17 00:00:00 2001
   2 From: Andrey Ryabinin <aryabinin@virtuozzo.com>
   3 Date: Fri, 14 Jun 2019 17:31:49 +0300
   4 Subject: x86/kasan: Fix boot with 5-level paging and KASAN
   5
   6 From: Andrey Ryabinin <aryabinin@virtuozzo.com>
   7
   8 commit f3176ec9420de0c385023afa3e4970129444ac2f upstream.
   9
  10 Since commit d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on
  11 5-level paging") kernel doesn't boot with KASAN on 5-level paging machines.
  12 The bug is actually in early_p4d_offset() and introduced by commit
  13 12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")
  14
  15 early_p4d_offset() tries to convert pgd_val(*pgd) value to a physical
  16 address. This doesn't make sense because pgd_val() already contains the
  17 physical address.
  18
  19 It did work prior to commit d52888aa2753 because the result of
  20 "__pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK" was the same as "pgd_val(*pgd)
  21 & PTE_PFN_MASK". __pa_nodebug() just set some high bits which were masked
  22 out by applying PTE_PFN_MASK.
  23
  24 After the change of the PAGE_OFFSET offset in commit d52888aa2753
  25 __pa_nodebug(pgd_val(*pgd)) started to return a value with more high bits
  26 set and PTE_PFN_MASK wasn't enough to mask out all of them. So it returns a
  27 wrong not even canonical address and crashes on the attempt to dereference
  28 it.
  29
  30 Switch back to pgd_val() & PTE_PFN_MASK to cure the issue.
  31
  32 Fixes: 12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging")
  33 Reported-by: Kirill A. Shutemov <kirill@shutemov.name>
  34 Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
  35 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  36 Cc: Borislav Petkov <bp@alien8.de>
  37 Cc: "H. Peter Anvin" <hpa@zytor.com>
  38 Cc: Alexander Potapenko <glider@google.com>
  39 Cc: Dmitry Vyukov <dvyukov@google.com>
  40 Cc: kasan-dev@googlegroups.com
  41 Cc: stable@vger.kernel.org
  42 Cc: <stable@vger.kernel.org>
  43 Link: https://lkml.kernel.org/r/20190614143149.2227-1-aryabinin@virtuozzo.com
  44 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  45
  46 ---
  47  arch/x86/mm/kasan_init_64.c |    2 +-
  48  1 file changed, 1 insertion(+), 1 deletion(-)
  49
  50 --- a/arch/x86/mm/kasan_init_64.c
  51 +++ b/arch/x86/mm/kasan_init_64.c
  52 @@ -199,7 +199,7 @@ static inline p4d_t *early_p4d_offset(pg
  53         if (!pgtable_l5_enabled())
  54                 return (p4d_t *)pgd;
  55
  56 -       p4d = __pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK;
  57 +       p4d = pgd_val(*pgd) & PTE_PFN_MASK;
  58         p4d += __START_KERNEL_map - phys_base;
  59         return (p4d_t *)p4d + p4d_index(addr);
  60  }