[Devel] [PATCH RHEL7 COMMIT] ms/x86/kasan: Fix boot crash on AMD processors

Konstantin Khorenko khorenko at virtuozzo.com
Thu Sep 3 08:27:51 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.6
------>
commit 1551fd8cc2353656479158d30ad46940290098da
Author: Andrey Ryabinin <aryabinin at odin.com>
Date:   Thu Sep 3 19:27:51 2015 +0400

    ms/x86/kasan: Fix boot crash on AMD processors
    
    https://jira.sw.ru/browse/PSBM-26429
    
    From: Andrey Ryabinin <a.ryabinin at samsung.com>
    
    commit d4f86beacc21d538dc41e1fc75a22e084f547edf upstream.
    
    While populating zero shadow wrong bits in upper level page
    tables used. __PAGE_KERNEL_RO that was used for pgd/pud/pmd has
    _PAGE_BIT_GLOBAL set. Global bit is present only in the lowest
    level of the page translation hierarchy (ptes), and it should be
    zero in upper levels.
    
    This bug seems doesn't cause any troubles on Intel cpus, while
    on AMDs it cause kernel crash on boot.
    
    Use _KERNPG_TABLE bits for pgds/puds/pmds to fix this.
    
    Reported-by: Borislav Petkov <bp at alien8.de>
    Signed-off-by: Andrey Ryabinin <a.ryabinin at samsung.com>
    Cc: <stable at vger.kernel.org> # 4.0+
    Cc: Alexander Popov <alpopov at ptsecurity.com>
    Cc: Alexander Potapenko <glider at google.com>
    Cc: Andrey Konovalov <adech.fo at gmail.com>
    Cc: Dmitry Vyukov <dvyukov at google.com>
    Cc: Linus Torvalds <torvalds at linux-foundation.org>
    Cc: Peter Zijlstra <peterz at infradead.org>
    Cc: Thomas Gleixner <tglx at linutronix.de>
    Link: http://lkml.kernel.org/r/1435828178-10975-5-git-send-email-a.ryabinin@samsung.com
    Signed-off-by: Ingo Molnar <mingo at kernel.org>
    Signed-off-by: Andrey Ryabinin <aryabinin at odin.com>
    
    Signed-off-by: Andrey Ryabinin <aryabinin at odin.com>
---
 arch/x86/mm/kasan_init_64.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c
index 0ada6cc..ef3dea9 100644
--- a/arch/x86/mm/kasan_init_64.c
+++ b/arch/x86/mm/kasan_init_64.c
@@ -85,7 +85,7 @@ static int __init zero_pmd_populate(pud_t *pud, unsigned long addr,
 	while (IS_ALIGNED(addr, PMD_SIZE) && addr + PMD_SIZE <= end) {
 		WARN_ON(!pmd_none(*pmd));
 		set_pmd(pmd, __pmd(__pa_nodebug(kasan_zero_pte)
-					| __PAGE_KERNEL_RO));
+					| _KERNPG_TABLE));
 		addr += PMD_SIZE;
 		pmd = pmd_offset(pud, addr);
 	}
@@ -111,7 +111,7 @@ static int __init zero_pud_populate(pgd_t *pgd, unsigned long addr,
 	while (IS_ALIGNED(addr, PUD_SIZE) && addr + PUD_SIZE <= end) {
 		WARN_ON(!pud_none(*pud));
 		set_pud(pud, __pud(__pa_nodebug(kasan_zero_pmd)
-					| __PAGE_KERNEL_RO));
+					| _KERNPG_TABLE));
 		addr += PUD_SIZE;
 		pud = pud_offset(pgd, addr);
 	}
@@ -136,7 +136,7 @@ static int __init zero_pgd_populate(unsigned long addr, unsigned long end)
 	while (IS_ALIGNED(addr, PGDIR_SIZE) && addr + PGDIR_SIZE <= end) {
 		WARN_ON(!pgd_none(*pgd));
 		set_pgd(pgd, __pgd(__pa_nodebug(kasan_zero_pud)
-					| __PAGE_KERNEL_RO));
+					| _KERNPG_TABLE));
 		addr += PGDIR_SIZE;
 		pgd = pgd_offset_k(addr);
 	}

More information about the Devel mailing list