2018-01-06 14:13:39 +00:00
|
|
|
From 7fe019fa29881889890256644249222a0c93697a Mon Sep 17 00:00:00 2001
|
|
|
|
From: Andy Lutomirski <luto@kernel.org>
|
|
|
|
Date: Tue, 12 Dec 2017 07:56:44 -0800
|
2018-01-07 12:17:59 +00:00
|
|
|
Subject: [PATCH 204/233] x86/mm/64: Make a full PGD-entry size hole in the
|
2018-01-06 14:13:39 +00:00
|
|
|
memory map
|
|
|
|
MIME-Version: 1.0
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
|
|
|
|
CVE-2017-5754
|
|
|
|
|
|
|
|
Shrink vmalloc space from 16384TiB to 12800TiB to enlarge the hole starting
|
|
|
|
at 0xff90000000000000 to be a full PGD entry.
|
|
|
|
|
|
|
|
A subsequent patch will use this hole for the pagetable isolation LDT
|
|
|
|
alias.
|
|
|
|
|
|
|
|
Signed-off-by: Andy Lutomirski <luto@kernel.org>
|
|
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
|
|
Cc: Borislav Petkov <bp@alien8.de>
|
|
|
|
Cc: Brian Gerst <brgerst@gmail.com>
|
|
|
|
Cc: Dave Hansen <dave.hansen@intel.com>
|
|
|
|
Cc: Dave Hansen <dave.hansen@linux.intel.com>
|
|
|
|
Cc: David Laight <David.Laight@aculab.com>
|
|
|
|
Cc: H. Peter Anvin <hpa@zytor.com>
|
|
|
|
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
|
|
Cc: Juergen Gross <jgross@suse.com>
|
|
|
|
Cc: Kees Cook <keescook@chromium.org>
|
|
|
|
Cc: Kirill A. Shutemov <kirill@shutemov.name>
|
|
|
|
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
|
|
|
Cc: Peter Zijlstra <peterz@infradead.org>
|
|
|
|
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
|
|
(cherry picked from commit 9f449772a3106bcdd4eb8fdeb281147b0e99fb30)
|
|
|
|
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
|
|
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
|
|
|
|
(cherry picked from commit 29b1c137d449dfc8fdcb476158f236625691fd28)
|
|
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
|
|
---
|
|
|
|
Documentation/x86/x86_64/mm.txt | 4 ++--
|
|
|
|
arch/x86/include/asm/pgtable_64_types.h | 4 ++--
|
|
|
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt
|
|
|
|
index 51101708a03a..496a1dbf139d 100644
|
|
|
|
--- a/Documentation/x86/x86_64/mm.txt
|
|
|
|
+++ b/Documentation/x86/x86_64/mm.txt
|
|
|
|
@@ -29,8 +29,8 @@ Virtual memory map with 5 level page tables:
|
|
|
|
hole caused by [56:63] sign extension
|
|
|
|
ff00000000000000 - ff0fffffffffffff (=52 bits) guard hole, reserved for hypervisor
|
|
|
|
ff10000000000000 - ff8fffffffffffff (=55 bits) direct mapping of all phys. memory
|
|
|
|
-ff90000000000000 - ff91ffffffffffff (=49 bits) hole
|
|
|
|
-ff92000000000000 - ffd1ffffffffffff (=54 bits) vmalloc/ioremap space
|
|
|
|
+ff90000000000000 - ff9fffffffffffff (=52 bits) hole
|
|
|
|
+ffa0000000000000 - ffd1ffffffffffff (=54 bits) vmalloc/ioremap space (12800 TB)
|
|
|
|
ffd2000000000000 - ffd3ffffffffffff (=49 bits) hole
|
|
|
|
ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB)
|
|
|
|
... unused hole ...
|
|
|
|
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
|
|
|
|
index 42e2750da525..5932dead34ee 100644
|
|
|
|
--- a/arch/x86/include/asm/pgtable_64_types.h
|
|
|
|
+++ b/arch/x86/include/asm/pgtable_64_types.h
|
|
|
|
@@ -78,8 +78,8 @@ typedef struct { pteval_t pte; } pte_t;
|
|
|
|
#define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL)
|
|
|
|
|
|
|
|
#ifdef CONFIG_X86_5LEVEL
|
|
|
|
-# define VMALLOC_SIZE_TB _AC(16384, UL)
|
|
|
|
-# define __VMALLOC_BASE _AC(0xff92000000000000, UL)
|
|
|
|
+# define VMALLOC_SIZE_TB _AC(12800, UL)
|
|
|
|
+# define __VMALLOC_BASE _AC(0xffa0000000000000, UL)
|
|
|
|
# define __VMEMMAP_BASE _AC(0xffd4000000000000, UL)
|
|
|
|
#else
|
|
|
|
# define VMALLOC_SIZE_TB _AC(32, UL)
|
|
|
|
--
|
|
|
|
2.14.2
|
|
|
|
|