From: Andi Kleen ak@linux.intel.com
Patch for stable only to fix boot resets caused by the L1TF patches.
Stable trees reverted the following patch
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.
but the L1TF patch backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream
set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.
assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PMD to be set to an incorrect address shifted by 12 bits, which can cause early boot reset on some systems, like an Apollo Lake embedded system.
Convert the address to a PFN before passing it to pmd_pfn()
Thanks to Bernhard for bisecting and testing.
Cc: stable@vger.kernel.org # 4.4 and 4.9 Reported-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Tested-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Signed-off-by: Andi Kleen ak@linux.intel.com --- arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 27610c2d1821..1007fa80f5a6 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,7 +1006,7 @@ static int populate_pmd(struct cpa_data *cpa,
pmd = pmd_offset(pud, start);
- set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn >> PAGE_SHIFT, canon_pgprot(pmd_pgprot))));
start += PMD_SIZE;
On Sat, Aug 25, 2018 at 06:50:15AM -0700, Andi Kleen wrote:
From: Andi Kleen ak@linux.intel.com
Patch for stable only to fix boot resets caused by the L1TF patches.
Stable trees reverted the following patch
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.but the L1TF patch backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PMD to be set to an incorrect address shifted by 12 bits, which can cause early boot reset on some systems, like an Apollo Lake embedded system.
Convert the address to a PFN before passing it to pmd_pfn()
Thanks to Bernhard for bisecting and testing.
Cc: stable@vger.kernel.org # 4.4 and 4.9 Reported-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Tested-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Signed-off-by: Andi Kleen ak@linux.intel.com
arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for this, now queued up.
greg k-h
On Sat, Aug 25, 2018 at 06:50:15AM -0700, Andi Kleen wrote:
From: Andi Kleen ak@linux.intel.com
Patch for stable only to fix boot resets caused by the L1TF patches.
Stable trees reverted the following patch
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.but the L1TF patch backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PMD to be set to an incorrect address shifted by 12 bits, which can cause early boot reset on some systems, like an Apollo Lake embedded system.
Convert the address to a PFN before passing it to pmd_pfn()
Thanks to Bernhard for bisecting and testing.
Thanks a lot to you for tracking it down, and sorry for messing it up.
Cc: stable@vger.kernel.org # 4.4 and 4.9
LGTM for v4.4.y but ... are you sure that this patch applies to v4.9.y ? Commit edc3b9129cec is 'native' in v4.9.y and has not been reverted there.
$ git log --oneline v4.4..linux-4.9.y | grep "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" edc3b9129cec x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
Guenter
Reported-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Tested-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Signed-off-by: Andi Kleen ak@linux.intel.com
arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 27610c2d1821..1007fa80f5a6 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,7 +1006,7 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start);
set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn,
set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn >> PAGE_SHIFT, canon_pgprot(pmd_pgprot))));start += PMD_SIZE;
Cc: stable@vger.kernel.org # 4.4 and 4.9
LGTM for v4.4.y but ... are you sure that this patch applies to v4.9.y ? Commit edc3b9129cec is 'native' in v4.9.y and has not been reverted there.
You're right. I thought it was needed for 4.9 too, but yes it has the CPA pfn patch. So for 4.9 the patch is not needed and in fact incorrect.
The original report was for 4.4.
Greg can you please revert/remove it again for 4.9?
-Andi
On Sat, Aug 25, 2018 at 10:06:41PM -0700, Andi Kleen wrote:
Cc: stable@vger.kernel.org # 4.4 and 4.9
LGTM for v4.4.y but ... are you sure that this patch applies to v4.9.y ? Commit edc3b9129cec is 'native' in v4.9.y and has not been reverted there.
You're right. I thought it was needed for 4.9 too, but yes it has the CPA pfn patch. So for 4.9 the patch is not needed and in fact incorrect.
The original report was for 4.4.
Greg can you please revert/remove it again for 4.9?
Now dropped, thanks.
greg k-h
On 08/25/2018, 03:50 PM, Andi Kleen wrote:
From: Andi Kleen ak@linux.intel.com
Patch for stable only to fix boot resets caused by the L1TF patches.
Stable trees reverted the following patch
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.but the L1TF patch backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PMD to be set to an incorrect address shifted by 12 bits, which can cause early boot reset on some systems, like an Apollo Lake embedded system.
Convert the address to a PFN before passing it to pmd_pfn()
Thanks to Bernhard for bisecting and testing.
Cc: stable@vger.kernel.org # 4.4 and 4.9 Reported-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Tested-by: Bernhard Kaindl bernhard.kaindl@thalesgroup.com Signed-off-by: Andi Kleen ak@linux.intel.com
arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 27610c2d1821..1007fa80f5a6 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,7 +1006,7 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start);
set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn,
set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn >> PAGE_SHIFT, canon_pgprot(pmd_pgprot))));
And what about populate_pud? set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, canon_pgprot(pud_pgprot))));
start += PUD_SIZE; cpa->pfn += PUD_SIZE;
thanks,
Mostly recycling the commit log from adaba23ccd7d which fixed populate_pmd, but did not fix populate_pud. The same problem exists there.
Stable trees reverted the following patch: Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.
but the L1TF patch 02ff2769edbc backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream
set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.
assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PUD to be set to an incorrect address shifted by 12 bits, which can cause various failures.
Convert the address to a PFN before passing it to pud_pfn().
This is a 4.4 stable only patch to fix the L1TF patches backport there.
Cc: stable@vger.kernel.org # 4.4-only Cc: Andi Kleen ak@linux.intel.com Signed-off-by: Jiri Slaby jslaby@suse.cz --- arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 1007fa80f5a6..0e1dd7d47f05 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1079,7 +1079,7 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, * Map everything starting from the Gb boundary, possibly with 1G pages */ while (end - start >= PUD_SIZE) { - set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, + set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn >> PAGE_SHIFT, canon_pgprot(pud_pgprot))));
start += PUD_SIZE;
On Fri, Sep 07, 2018 at 11:13:07AM +0200, Jiri Slaby wrote:
Mostly recycling the commit log from adaba23ccd7d which fixed populate_pmd, but did not fix populate_pud. The same problem exists there.
Stable trees reverted the following patch: Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.but the L1TF patch 02ff2769edbc backported here
x86/mm/pat: Make set_memory_np() L1TF safe
commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits.assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PUD to be set to an incorrect address shifted by 12 bits, which can cause various failures.
Convert the address to a PFN before passing it to pud_pfn().
This is a 4.4 stable only patch to fix the L1TF patches backport there.
Cc: stable@vger.kernel.org # 4.4-only Cc: Andi Kleen ak@linux.intel.com Signed-off-by: Jiri Slaby jslaby@suse.cz
arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for this, now queued up.
greg k-h
On Thu, Sep 06, 2018 at 01:27:49PM -0700, Andi Kleen wrote:
And what about populate_pud? set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, canon_pgprot(pud_pgprot))));
start += PUD_SIZE; cpa->pfn += PUD_SIZE;Yes you're right. That case needs to be fixed too.
Are you sending a patch, or should I?
Someone needs to. Please?
greg k-h
On 09/17/2018, 01:51 PM, Greg KH wrote:
On Thu, Sep 06, 2018 at 01:27:49PM -0700, Andi Kleen wrote:
And what about populate_pud? set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, canon_pgprot(pud_pgprot))));
start += PUD_SIZE; cpa->pfn += PUD_SIZE;Yes you're right. That case needs to be fixed too.
Are you sending a patch, or should I?
Someone needs to. Please?
You already released 4.4.x with the patch :):
commit 15898df477269c981dc1ae5afa39e1bb65e1db0a Author: Jiri Slaby jslaby@suse.cz Date: Fri Sep 7 11:13:07 2018 +0200
x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call
thanks,
On Mon, Sep 17, 2018 at 02:16:33PM +0200, Jiri Slaby wrote:
On 09/17/2018, 01:51 PM, Greg KH wrote:
On Thu, Sep 06, 2018 at 01:27:49PM -0700, Andi Kleen wrote:
And what about populate_pud? set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, canon_pgprot(pud_pgprot))));
start += PUD_SIZE; cpa->pfn += PUD_SIZE;Yes you're right. That case needs to be fixed too.
Are you sending a patch, or should I?
Someone needs to. Please?
You already released 4.4.x with the patch :):
commit 15898df477269c981dc1ae5afa39e1bb65e1db0a Author: Jiri Slaby jslaby@suse.cz Date: Fri Sep 7 11:13:07 2018 +0200
x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call
Ugh, nevermind, sorry for the noise :)
greg k-h
linux-stable-mirror@lists.linaro.org
-
Andi Kleen -
Andi Kleen -
Greg KH -
Greg KH -
Guenter Roeck -
Jiri Slaby