From patchwork Thu Nov 10 20:35:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 18315 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp365082wru; Thu, 10 Nov 2022 12:40:29 -0800 (PST) X-Google-Smtp-Source: AMsMyM4da1M3ElWSCY8KaygYvdli9nDkeYyIblqNDYl0reEL0gQ176qhLhp3b6Lx3zUCu3pga1S7 X-Received: by 2002:a17:90b:4fc2:b0:212:e52e:dfeb with SMTP id qa2-20020a17090b4fc200b00212e52edfebmr1936981pjb.227.1668112829139; Thu, 10 Nov 2022 12:40:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668112829; cv=none; d=google.com; s=arc-20160816; b=Id979RavbUEvA1C/+TJoO24bJA88qccFznm966rkOdBUowVo44HDr/fKpeMVoEyNTf qJZrhEcQ4Wy5++4auUhIGJHSGyuSLE2kW5ydYEIQ4A4ZcDka1IXralyyS70y1KhnsK+h gqWf51MCOOMi5rOs4EEEuteVqcHn+7VFJGfsYPqyLWxzxq9Fx1MSXbmrHLs7gidVV97g 2ourqaAfGc0njxtk8rZQ1kKcR7VcQQWFXYxjakbx0pApcFbU6yzjUqxICfDrtd5YMqQb C1UymACJtcICqunYZM9wJdMQAepOaxqFUG8P3umpyHBbgcUWFg3xVkWCClneXUEdcOaC 2veQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=ORwfmj6kJY3MPYNwljMh0Ojz+sLVhyTdNLlUMLv1/pk=; b=DWlXLd5ywxtsp5uGlKhSoyktOvCbxvnUOhnMgAi7Qgy+tBXJdt+hRp4tF/zpZE8LAs n6DiCWV0AaNheTaEaZHT86bqLPFXvd3K1jb1sKFL+fkNlbNrpdpgTIEcgtF0EOA+mYr5 TkjN1bMU7ednHltiOohhpggbkVh7yKDjK1S36aLal0DCDabCAmdA57BtT02XUkqmApkM Y1xAQcpwX9xzPLqpyNVrCI6+aSGfR5oCOFNHsCDqtmZ/VsftW4p1Scsa93KKcLnBfdmN ZQ+MTIv1YFEYoYvFvxsXSckgS57xjz+/BAOBmevNiFm0WMC3hYuTqIW99c9zyKBlCKeK 3/Jw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=dPenHzAE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a170903244100b00187204b35besi347589pls.203.2022.11.10.12.40.14; Thu, 10 Nov 2022 12:40:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=dPenHzAE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231890AbiKJUfN (ORCPT + 99 others); Thu, 10 Nov 2022 15:35:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231881AbiKJUfK (ORCPT ); Thu, 10 Nov 2022 15:35:10 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E253A51C0F for ; Thu, 10 Nov 2022 12:35:08 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id oo18-20020a17090b1c9200b0020bdba475afso4052961pjb.4 for ; Thu, 10 Nov 2022 12:35:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=ORwfmj6kJY3MPYNwljMh0Ojz+sLVhyTdNLlUMLv1/pk=; b=dPenHzAEbJW8kC8ElMo2seQwuBWhbPC+xdFHerkhEDaAFKmywZZmJt5EKYxFYx5PvA ZmSN46xKFXiQ+Pp97CdEflEmOOgwFrIBLmkwqYRhzHE6W0scPyPsk0g6pP92RC/Ms9wg woHe+rgbZW5FUymKr5zW6CoWWcEtiAQ3zG7XADhtXqsxKkXfPN6Thqvc4vg12tOaeb+Z wBHu6IfhDia8qZ3HVCY2+V7n3w8UE+GKuXGOmdst2gOndCJ3rWo9fi3pSCWN+QAHJRq4 ujCkQcGcl63h8ZV0ZSYMEHo4r5MMH8TrJED7BWIrVPMrWFIyW5MApHTDpEWqRIhumVS/ IGCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ORwfmj6kJY3MPYNwljMh0Ojz+sLVhyTdNLlUMLv1/pk=; b=uVIia9Ypxd0jvbeMe3hIxLaj7AnvRbu62OtrI1U3kMv8A99IaITsOiduphPUH6Ew9f 9B8HNx9Y1NbIqR2TRP2DFD0AhVDQ6DKBD4bjd+OLUpjFcGXVZnbc+p3KOKAyYFiU+X9K t3sFlWnJ8hUlebohSdQUG1lA5iRMiDvUyeVcXvGzET4f4J4PtVAfak7SrvcZwHSlFGS/ dZ81iWOOyRLfD2mhxjilKy9xWLZVaM3x1GWBpCvs8LRgmADquSgv1pz7u3T8lpzDaGK7 Mg/Dd87UqN4rlfhwNDBT8tSc8P0ypbf3l4NkqMyRHteD/BcAfN/ypehaJQCLujZVAhh2 uVxg== X-Gm-Message-State: ACrzQf1zoY1or6cM2uihAQLV5Ma0MG5PZJ2xcJhJqrcyKUfsw34poMDM ldU6Xvi8ACpgrlJS5CNq6Za9CH4NKKg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:9894:b0:185:57b6:13c3 with SMTP id s20-20020a170902989400b0018557b613c3mr1968715plp.116.1668112508403; Thu, 10 Nov 2022 12:35:08 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 20:35:00 +0000 In-Reply-To: <20221110203504.1985010-1-seanjc@google.com> Mime-Version: 1.0 References: <20221110203504.1985010-1-seanjc@google.com> X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110203504.1985010-2-seanjc@google.com> Subject: [PATCH v2 1/5] x86/mm: Recompute physical address for every page of per-CPU CEA mapping From: Sean Christopherson To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Andrey Ryabinin Cc: "H. Peter Anvin" , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Sean Christopherson , syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com, syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749143078140208181?= X-GMAIL-MSGID: =?utf-8?q?1749143078140208181?= Recompute the physical address for each per-CPU page in the CPU entry area, a recent commit inadvertantly modified cea_map_percpu_pages() such that every PTE is mapped to the physical address of the first page. Fixes: 9fd429c28073 ("x86/kasan: Map shadow for percpu pages on demand") Cc: Andrey Ryabinin Signed-off-by: Sean Christopherson Reviewed-by: Andrey Ryabinin --- arch/x86/mm/cpu_entry_area.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c index dff9001e5e12..d831aae94b41 100644 --- a/arch/x86/mm/cpu_entry_area.c +++ b/arch/x86/mm/cpu_entry_area.c @@ -97,7 +97,7 @@ cea_map_percpu_pages(void *cea_vaddr, void *ptr, int pages, pgprot_t prot) early_pfn_to_nid(PFN_DOWN(pa))); for ( ; pages; pages--, cea_vaddr+= PAGE_SIZE, ptr += PAGE_SIZE) - cea_set_pte(cea_vaddr, pa, prot); + cea_set_pte(cea_vaddr, per_cpu_ptr_to_phys(ptr), prot); } static void __init percpu_setup_debug_store(unsigned int cpu) From patchwork Thu Nov 10 20:35:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 18316 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp365216wru; Thu, 10 Nov 2022 12:40:50 -0800 (PST) X-Google-Smtp-Source: AMsMyM5pD9du6VkyjyHON5RDplYLbusy0CbeIrAMXCbJ62+FOPnClCM1/voKX2qCLh07zhkrNu8o X-Received: by 2002:a17:906:341b:b0:79e:9d9b:d41f with SMTP id c27-20020a170906341b00b0079e9d9bd41fmr3892344ejb.404.1668112850255; Thu, 10 Nov 2022 12:40:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668112850; cv=none; d=google.com; s=arc-20160816; b=WJDnBo7cJd/ssrvQ1h3tLUVmw9LkNt9QDPg0Z6FiiBdkyr1Vntk+APb3OmdEWe01VE MX5B9WVKOxL8OjYAF/tjAts/oD0XlRTGCkcWH1t4cmvw7Q7pD/z87fHLKjWU25fqJjpJ gVg3hPvEPTrKdMzdPTC0NORlZtG1Z/tMPgiwNEEKMdcXki1u6VUb1+LL/uowWwWPk/Fu QKW7r9HYwsf3uI+QtkSbMPAokRpi0A1dL5LTQZxhr7Lc5Y0/DrZOMZVvo+ZPjjN1m4SB HLQFpvAKmIO+aM6WqdJ54rGeve9GaYinVR+urLJIE9DxOgCNrdP2bEN4lECuP5rrGuUY lJrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=Q9x7ezoTY10MerxwSgds+z/5z/6k15MGNtHnWLn8Ah8=; b=heMdnlG1XbiMBlakBNtnq+5L+O77ztrMbCuJcwnEehxtarE7KdEgc6K0m/TxlpvJ8Z LizfWtlxzxpxHPWbo/LaYVy0WTkvypWUTIJvaQAAVS9zUFguL6Kf+6ebXmXLeXvSJELO PYZZpcMjN6XYUeuEpvsV5leqKlLEV+c219BIx16kaghJ9e4xoc12xnqRbzOO5hqL/8O3 upWT8vvGv0nKeH6UyZjMNSafWlJcWL2AYtWDQ17k8A1GUPunYAYCywyb1XDk16CfJMLz zBICa2hHZG9jSGJL/eaQy+njNlM8Y5HJid7XZFNBla5a1kbz2MUXmcdLHTUschdFZOfI bHAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=pY2zGdbH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t5-20020a05640203c500b00461f2136969si508908edw.242.2022.11.10.12.40.26; Thu, 10 Nov 2022 12:40:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=pY2zGdbH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231955AbiKJUfR (ORCPT + 99 others); Thu, 10 Nov 2022 15:35:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231686AbiKJUfL (ORCPT ); Thu, 10 Nov 2022 15:35:11 -0500 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C38C56397 for ; Thu, 10 Nov 2022 12:35:10 -0800 (PST) Received: by mail-pl1-x649.google.com with SMTP id t3-20020a170902e84300b00186ab03043dso2075860plg.20 for ; Thu, 10 Nov 2022 12:35:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=Q9x7ezoTY10MerxwSgds+z/5z/6k15MGNtHnWLn8Ah8=; b=pY2zGdbHb7cw1f5XJ56nl3aps6H5XcgxKLQV4ftuzo3flY4sAjrnuFMHXN7m7Ce+Zj d/xYoolxvxFqCZx0jgivinhEb8M7BMYJFnrtRdBmlzEhNQmy4pmZEl6disDUenuPmrUL VOr74QV1qC/IfcXQ2jijKjsEGh8XiYgjLYN2Gkjt0J4WTpTd7A2eYjNoXMeR7Lka1cLr 5mW0bp8iysa5R33fjOmvrgWoM9nlAteckOgLOdohHRlscFFaA878N86pmSu10I4YciQ2 ZNk4w14WTzkuUs1T8RnaAwcm5ax48SYxJ4NSgMVFZQp5EmSTYwPHp/BCR9oXl5vWSZpe CnrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Q9x7ezoTY10MerxwSgds+z/5z/6k15MGNtHnWLn8Ah8=; b=4mzCUeU/IopYVKBJ2BJ+ibmJuSZ+rxyO11DC93hXGi7hMybLsEkZ/H7t2dQ5ArLWJ5 uEoUoQsvKR/2fFf0Gr7iQ8OdiBmr00MoOYqBafx9nu1xuqUGy8bPSm+hOfyDGBmBwgeI pRSoRVuo5FLi9NnrC14oi0nkwjDbB+nHsb5DSLjeOhQv/FBFoqdxRJ2bGG0alDyo3MvA qJ/i5vJ3v5+w6TPLFN5NaFUHGxib1jxEPjjkMiycyjPDQFwiYg+dNRSlFjwfgi6k/AZl yaTq3yk+kvDUEZvRuQMPNCO7Krr6f0JqYgX1i89hkVe5Wene/QPX7Db3Cs2vetnoIWNe Exnw== X-Gm-Message-State: ACrzQf0tZShRCut8yCTNmi7vSxNsQ8mXHKfTac7LUyvdcQWaW1EaIIXl iCWdFgVpK2eavF4VAYaAyzup/V8bcyc= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:d510:b0:186:61a7:ae94 with SMTP id b16-20020a170902d51000b0018661a7ae94mr1897055plg.2.1668112510143; Thu, 10 Nov 2022 12:35:10 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 20:35:01 +0000 In-Reply-To: <20221110203504.1985010-1-seanjc@google.com> Mime-Version: 1.0 References: <20221110203504.1985010-1-seanjc@google.com> X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110203504.1985010-3-seanjc@google.com> Subject: [PATCH v2 2/5] x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area From: Sean Christopherson To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Andrey Ryabinin Cc: "H. Peter Anvin" , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Sean Christopherson , syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com, syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749143100218294532?= X-GMAIL-MSGID: =?utf-8?q?1749143100218294532?= Populate a KASAN shadow for the entire possible per-CPU range of the CPU entry area instead of requiring that each individual chunk map a shadow. Mapping shadows individually is error prone, e.g. the per-CPU GDT mapping was left behind, which can lead to not-present page faults during KASAN validation if the kernel performs a software lookup into the GDT. The DS buffer is also likely affected. The motivation for mapping the per-CPU areas on-demand was to avoid mapping the entire 512GiB range that's reserved for the CPU entry area, shaving a few bytes by not creating shadows for potentially unused memory was not a goal. The bug is most easily reproduced by doing a sigreturn with a garbage CS in the sigcontext, e.g. int main(void) { struct sigcontext regs; syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); memset(®s, 0, sizeof(regs)); regs.cs = 0x1d0; syscall(__NR_rt_sigreturn); return 0; } to coerce the kernel into doing a GDT lookup to compute CS.base when reading the instruction bytes on the subsequent #GP to determine whether or not the #GP is something the kernel should handle, e.g. to fixup UMIP violations or to emulate CLI/STI for IOPL=3 applications. BUG: unable to handle page fault for address: fffffbc8379ace00 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 16c03a067 P4D 16c03a067 PUD 15b990067 PMD 15b98f067 PTE 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 3 PID: 851 Comm: r2 Not tainted 6.1.0-rc3-next-20221103+ #432 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:kasan_check_range+0xdf/0x190 Call Trace: get_desc+0xb0/0x1d0 insn_get_seg_base+0x104/0x270 insn_fetch_from_user+0x66/0x80 fixup_umip_exception+0xb1/0x530 exc_general_protection+0x181/0x210 asm_exc_general_protection+0x22/0x30 RIP: 0003:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0003:0000000000000000 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000001d0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Fixes: 9fd429c28073 ("x86/kasan: Map shadow for percpu pages on demand") Reported-by: syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com Suggested-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Dmitry Vyukov Cc: Vincenzo Frascino Cc: kasan-dev@googlegroups.com Signed-off-by: Sean Christopherson Reviewed-by: Andrey Ryabinin --- arch/x86/mm/cpu_entry_area.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c index d831aae94b41..7c855dffcdc2 100644 --- a/arch/x86/mm/cpu_entry_area.c +++ b/arch/x86/mm/cpu_entry_area.c @@ -91,11 +91,6 @@ void cea_set_pte(void *cea_vaddr, phys_addr_t pa, pgprot_t flags) static void __init cea_map_percpu_pages(void *cea_vaddr, void *ptr, int pages, pgprot_t prot) { - phys_addr_t pa = per_cpu_ptr_to_phys(ptr); - - kasan_populate_shadow_for_vaddr(cea_vaddr, pages * PAGE_SIZE, - early_pfn_to_nid(PFN_DOWN(pa))); - for ( ; pages; pages--, cea_vaddr+= PAGE_SIZE, ptr += PAGE_SIZE) cea_set_pte(cea_vaddr, per_cpu_ptr_to_phys(ptr), prot); } @@ -195,6 +190,9 @@ static void __init setup_cpu_entry_area(unsigned int cpu) pgprot_t tss_prot = PAGE_KERNEL; #endif + kasan_populate_shadow_for_vaddr(cea, CPU_ENTRY_AREA_SIZE, + early_cpu_to_node(cpu)); + cea_set_pte(&cea->gdt, get_cpu_gdt_paddr(cpu), gdt_prot); cea_map_percpu_pages(&cea->entry_stack_page, From patchwork Thu Nov 10 20:35:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 18317 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp365288wru; Thu, 10 Nov 2022 12:41:00 -0800 (PST) X-Google-Smtp-Source: AA0mqf5U/QZK1bJ4eKXKNU4A+rTm7IV7v2l7ANHKG9keStoLdyV3EJjdzACT1H8U4XeYOMNV0KJ6 X-Received: by 2002:a17:903:2cd:b0:188:6ccd:f2c5 with SMTP id s13-20020a17090302cd00b001886ccdf2c5mr1625032plk.6.1668112860578; Thu, 10 Nov 2022 12:41:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668112860; cv=none; d=google.com; s=arc-20160816; b=IUBt6C0SjuFwE4DLh6nB+0Ye4JWHT1nnRTH6JaS+79SVaug5VNXP1LoBFjJHhPGYKH hJDinpnp+TzfBdhzXgGVeKXh+LoYEVZynWVdR0kwGzL1nTe/k20hjhjUkXJyXrHedstK nCRMMd0/LtsdIwsYhQiW8qWCMVrzBRz1Q0x0yQNshF65SkUDPTI5nnocfcBPORCZHDnm HTfVjq2Y8DpBPm1zBZYKlyZEYlDFQp7IudpF9hXNdLZIuST11bHN2hLz2XYxB6hjUzeA 3z4qqFM7sQ50l4M3wOpAYcPHZ5PkLa+FtlcUja2IUMLRyXe1pzzQKExh8jbsZC3T0GG8 lbig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=XS7y2dqHGNcxgJtQwV0riGq39Rt6nVME96ygRYhND24=; b=B3OmJHGen4ypHp2r2N3CamxuQy970an1x9Gzz8bSryb8cCkO80VDanS8NoCSjk80NR fxCvWPkIQcnK2+gjT4yTVxMi8WQ4BKTzpPmmfSX9i7HGJhi837fqFYARZldzxqZJb+cc whq4g3NXg/Z5vTQxLqvEoirUwlPX+JP8KfuttXHl11uPXwT6gDt4A9+RQWYdoFanst2N EQzX5cVOHPA2fTMRIMxEL36ocrcuMUzTNwd1IVxA+0LygsH6OaU/I35ith5XPGefZnWg 39dXtyOV/iQlxeOpirx+YKafL2iKZraPYfUjjRpaEumJlFh4ZN3U0VI9wmjGBJLXjRRD NRrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Qw3kbAB+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y131-20020a626489000000b00558991a667esi155231pfb.359.2022.11.10.12.40.46; Thu, 10 Nov 2022 12:41:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Qw3kbAB+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231986AbiKJUfX (ORCPT + 99 others); Thu, 10 Nov 2022 15:35:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231868AbiKJUfN (ORCPT ); Thu, 10 Nov 2022 15:35:13 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39A051D30F for ; Thu, 10 Nov 2022 12:35:12 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id nl16-20020a17090b385000b002138288fd51so4048050pjb.6 for ; Thu, 10 Nov 2022 12:35:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XS7y2dqHGNcxgJtQwV0riGq39Rt6nVME96ygRYhND24=; b=Qw3kbAB+E1OduRUrhVsKsgtgd5I2wewKT6KoO0Y9ijqeZACVtTZ/XHViHG3gOPunM7 hLyU3uMXWnVPGcTkGBVwL0g3cCAymIbjfK6bWFPxJzUhdPfL+XW8u72DYtptNgO7bcGa yMqpnFsksm9T3SeElwUPRO97HFhV/o+3xSs4idxDnalvW3kbPte5DJzgoLL5iVOB+M8Z H8XB+oHbgeOb7qyL4eLJW2r+zMqVAuqFqcof546vGbBfA0G/NoV0LL8eghXlclaOpR9U JZovawC8tI4gfPIoiOo5sS8BHPrMuWQNbZlRmFwyIRc4zdTeIlLrRa6R/b63gTdKr5aX vLug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XS7y2dqHGNcxgJtQwV0riGq39Rt6nVME96ygRYhND24=; b=EHR3Ccsk5jOHJ44KiQI2Zw4qbWcW6emunvLY/kn226sE+2j0QHJMJcEB71W2HReSV6 VeNIno1lx32uKjhXcsqH2fDQlc2818B5Yt9tFY3Rr+5KJaaUvr6kZHgU8Lmib79XTX/T xhIZERQyKhJ9xRyhzzk2Lk7QKqBWmF7SvUmUuiZHi89b9jtygfPQcjdbJT6M7abEpvOU 9pFy9900h7RZ9rFRVY8OUToZc1CgsoEJdTl67/vY8Sf6qrvp4w7TP25G/U3KyBKh0MNh /Nu3mG2gJpks7xlSwWzrKU5BapTCSzAsxi2JgOYZ2tfNZAw/ETl0Q1oZNo1lgrOvQ89/ rPUQ== X-Gm-Message-State: ACrzQf1nMAJinlVQSeelYyjcBfleeMJ71LMhJ2J/CcSBo8or/RAYXS1T jabavgceWr3bJ+oQtiY3x1juYN0f63g= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:7523:b0:213:8a69:c502 with SMTP id q32-20020a17090a752300b002138a69c502mr67876165pjk.153.1668112511765; Thu, 10 Nov 2022 12:35:11 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 20:35:02 +0000 In-Reply-To: <20221110203504.1985010-1-seanjc@google.com> Mime-Version: 1.0 References: <20221110203504.1985010-1-seanjc@google.com> X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110203504.1985010-4-seanjc@google.com> Subject: [PATCH v2 3/5] x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names From: Sean Christopherson To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Andrey Ryabinin Cc: "H. Peter Anvin" , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Sean Christopherson , syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com, syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749143110604702838?= X-GMAIL-MSGID: =?utf-8?q?1749143110604702838?= Rename the CPU entry area variables in kasan_init() to shorten their names, a future fix will reference the beginning of the per-CPU portion of the CPU entry area, and shadow_cpu_entry_per_cpu_begin is a bit much. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Andrey Ryabinin --- arch/x86/mm/kasan_init_64.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index d1416926ad52..ad7872ae10ed 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -331,7 +331,7 @@ void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid) void __init kasan_init(void) { int i; - void *shadow_cpu_entry_begin, *shadow_cpu_entry_end; + void *shadow_cea_begin, *shadow_cea_end; memcpy(early_top_pgt, init_top_pgt, sizeof(early_top_pgt)); @@ -372,16 +372,16 @@ void __init kasan_init(void) map_range(&pfn_mapped[i]); } - shadow_cpu_entry_begin = (void *)CPU_ENTRY_AREA_BASE; - shadow_cpu_entry_begin = kasan_mem_to_shadow(shadow_cpu_entry_begin); - shadow_cpu_entry_begin = (void *)round_down( - (unsigned long)shadow_cpu_entry_begin, PAGE_SIZE); + shadow_cea_begin = (void *)CPU_ENTRY_AREA_BASE; + shadow_cea_begin = kasan_mem_to_shadow(shadow_cea_begin); + shadow_cea_begin = (void *)round_down( + (unsigned long)shadow_cea_begin, PAGE_SIZE); - shadow_cpu_entry_end = (void *)(CPU_ENTRY_AREA_BASE + + shadow_cea_end = (void *)(CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_MAP_SIZE); - shadow_cpu_entry_end = kasan_mem_to_shadow(shadow_cpu_entry_end); - shadow_cpu_entry_end = (void *)round_up( - (unsigned long)shadow_cpu_entry_end, PAGE_SIZE); + shadow_cea_end = kasan_mem_to_shadow(shadow_cea_end); + shadow_cea_end = (void *)round_up( + (unsigned long)shadow_cea_end, PAGE_SIZE); kasan_populate_early_shadow( kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), @@ -403,9 +403,9 @@ void __init kasan_init(void) kasan_populate_early_shadow( kasan_mem_to_shadow((void *)VMALLOC_END + 1), - shadow_cpu_entry_begin); + shadow_cea_begin); - kasan_populate_early_shadow(shadow_cpu_entry_end, + kasan_populate_early_shadow(shadow_cea_end, kasan_mem_to_shadow((void *)__START_KERNEL_map)); kasan_populate_shadow((unsigned long)kasan_mem_to_shadow(_stext), From patchwork Thu Nov 10 20:35:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 18318 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp365501wru; Thu, 10 Nov 2022 12:41:39 -0800 (PST) X-Google-Smtp-Source: AMsMyM4sRlPhBFJyeEjNyRSNphSHOrCb9z1FufCg+d4c4lozrwk7StoqjWuscNrDv9w0Ca5HOqPD X-Received: by 2002:aa7:d797:0:b0:462:1e07:1dd7 with SMTP id s23-20020aa7d797000000b004621e071dd7mr3457550edq.293.1668112899294; Thu, 10 Nov 2022 12:41:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668112899; cv=none; d=google.com; s=arc-20160816; b=l8xe9QELGzD2rQDhvL4WCDM9OtfayKfdi5XDXqhY2c2Jils+S3HhjRd+9focgGcFZR a9IVHJghx7E+hQDMUdDLKrkYJiVwpq9MNO+hYhhlSCwennYcXOWgEPbv7XmaXcb3vPaG CTCqPL2zqvDfq14Apk4HWZoZrlwQEf7cjMlQmGCdwGH+oIb8siMXmLprclTBNCOHixWF eyQZEVliGanZO8t6il0u0AKlo0sXc5wtJOh2TlWtGuAzpp9h+cHOewHJdNMesDRmlGJv 0bCA4exNbZsPfTIiuhRUHIpqNzzXUVf9zNE1m8FdbyW1X7cbRxTUPULpuyFklCytOHP3 1GrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=NyjCQLTGMZRdycUacwFyAxLckz0Mzvzm9v3NS3Lsp2Q=; b=iHEk8GcJXJ8VIbsd2UN0gW+iQ2w9VkPolDF8xToIVmjq29kstESwxtRR0+FAtInlhy jXjs5Chv9kv+8hhhJkT/Anfitx5MMwwermB0X7AwDlgEhldNMkT301ul4m8x1YDiItPJ 1n4uerRuWKl05dqSP0ZwXbJ7kZ+Na96d+YCKtGRAYqZJJ1VXXOR/cYr3czpTRD/IwSaH fduCLnJladsmTSeuXUkk1y6Fqo8GfJKqzc1qlcYyTGoOThSIZi0mUXIQuY8yJWRj6Baa meueEbuHy/FT6QPx3zJqZwsWxHY4mFxb6+ZiEBKealjHkzHYvGJaYO+GJNciQNuz1+JN 6WbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ica0cDCU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hr22-20020a1709073f9600b007ae743c61ccsi213756ejc.848.2022.11.10.12.41.15; Thu, 10 Nov 2022 12:41:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ica0cDCU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231995AbiKJUf2 (ORCPT + 99 others); Thu, 10 Nov 2022 15:35:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231924AbiKJUfO (ORCPT ); Thu, 10 Nov 2022 15:35:14 -0500 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE9926397 for ; Thu, 10 Nov 2022 12:35:13 -0800 (PST) Received: by mail-pl1-x649.google.com with SMTP id b2-20020a170902d50200b001871a3c51afso2060910plg.8 for ; Thu, 10 Nov 2022 12:35:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=NyjCQLTGMZRdycUacwFyAxLckz0Mzvzm9v3NS3Lsp2Q=; b=ica0cDCUID9I3SR6IOAWlSBXbXnnWiD8g//aKt7PzSybddsy+Uza8seX3JWpahv96N ii+SEb49m9HRiW0UzQwvzGN0CGk36fKeab0Fjd03cE1ylLgV713LcAbVoqO+sdoDUju7 IY44yRTBvl+jC+38xrbv5eGrlp2tqaKQxIsGsxD40M8Lr5zcIhNc5RI8j32X1tx3glTf NEZE09UOJjAVgMoQyII9XQXRLjc7N93J4Rw8/kv5Zv0lCt8K3Bipge9Fze2z4oOerTMd Dtm3F+4nv4LczFbQ44PV+4bMlwbrXTorjZIqsXOxRKe7U1SXL9bd5vCLy20dvKrmcJfO n2tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NyjCQLTGMZRdycUacwFyAxLckz0Mzvzm9v3NS3Lsp2Q=; b=w4LZr9KCM/oJ/Es5klQwaTKe+kbt+I2OolJyYrGuLdql9G6kGbgFlVxI/Vznx/GlE7 ucJZzMtCD7IxOL8HRC0IE/D1D2BUDgnFi9JYMjP4w+s3va4IVHm3Z9rcBA919DxKa/fn Iqa9dbWzpB38Mul/ttCdtl2J+huDRp8PGct0lDMXJFEaYV1CLkmhcAWXXo1Rrfr0a+dQ 13NHTSvynhlBDdQbZjtTXThRriGCgCc4rcGCNsSgxkJXEvDjii9Kcaf4IzIFNMfqWmLJ Vn/dLh2BrqDQbBbHu2pGR5Q4vqAK9Ly8ma/V/m6KSh2QwsrzDCj+S+mVfrc3tIxYGQn+ SXGA== X-Gm-Message-State: ACrzQf28T6wQvbR663VgNREM49FIuT1DQwGSwu+UNdcCzTtsZ0bDq9Mc M1z/lI842FzXaOgEVRg5drkXDRWP8bQ= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:2bcb:b0:200:462f:6419 with SMTP id n11-20020a17090a2bcb00b00200462f6419mr1968927pje.135.1668112513500; Thu, 10 Nov 2022 12:35:13 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 20:35:03 +0000 In-Reply-To: <20221110203504.1985010-1-seanjc@google.com> Mime-Version: 1.0 References: <20221110203504.1985010-1-seanjc@google.com> X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110203504.1985010-5-seanjc@google.com> Subject: [PATCH v2 4/5] x86/kasan: Add helpers to align shadow addresses up and down From: Sean Christopherson To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Andrey Ryabinin Cc: "H. Peter Anvin" , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Sean Christopherson , syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com, syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749143151432589867?= X-GMAIL-MSGID: =?utf-8?q?1749143151432589867?= Add helpers to dedup code for aligning shadow address up/down to page boundaries when translating an address to its shadow. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Andrey Ryabinin --- arch/x86/mm/kasan_init_64.c | 40 ++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index ad7872ae10ed..afc5e129ca7b 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -316,22 +316,33 @@ void __init kasan_early_init(void) kasan_map_early_shadow(init_top_pgt); } +static unsigned long kasan_mem_to_shadow_align_down(unsigned long va) +{ + unsigned long shadow = (unsigned long)kasan_mem_to_shadow((void *)va); + + return round_down(shadow, PAGE_SIZE); +} + +static unsigned long kasan_mem_to_shadow_align_up(unsigned long va) +{ + unsigned long shadow = (unsigned long)kasan_mem_to_shadow((void *)va); + + return round_up(shadow, PAGE_SIZE); +} + void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid) { unsigned long shadow_start, shadow_end; - shadow_start = (unsigned long)kasan_mem_to_shadow(va); - shadow_start = round_down(shadow_start, PAGE_SIZE); - shadow_end = (unsigned long)kasan_mem_to_shadow(va + size); - shadow_end = round_up(shadow_end, PAGE_SIZE); - + shadow_start = kasan_mem_to_shadow_align_down((unsigned long)va); + shadow_end = kasan_mem_to_shadow_align_up((unsigned long)va + size); kasan_populate_shadow(shadow_start, shadow_end, nid); } void __init kasan_init(void) { + unsigned long shadow_cea_begin, shadow_cea_end; int i; - void *shadow_cea_begin, *shadow_cea_end; memcpy(early_top_pgt, init_top_pgt, sizeof(early_top_pgt)); @@ -372,16 +383,9 @@ void __init kasan_init(void) map_range(&pfn_mapped[i]); } - shadow_cea_begin = (void *)CPU_ENTRY_AREA_BASE; - shadow_cea_begin = kasan_mem_to_shadow(shadow_cea_begin); - shadow_cea_begin = (void *)round_down( - (unsigned long)shadow_cea_begin, PAGE_SIZE); - - shadow_cea_end = (void *)(CPU_ENTRY_AREA_BASE + - CPU_ENTRY_AREA_MAP_SIZE); - shadow_cea_end = kasan_mem_to_shadow(shadow_cea_end); - shadow_cea_end = (void *)round_up( - (unsigned long)shadow_cea_end, PAGE_SIZE); + shadow_cea_begin = kasan_mem_to_shadow_align_down(CPU_ENTRY_AREA_BASE); + shadow_cea_end = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_BASE + + CPU_ENTRY_AREA_MAP_SIZE); kasan_populate_early_shadow( kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), @@ -403,9 +407,9 @@ void __init kasan_init(void) kasan_populate_early_shadow( kasan_mem_to_shadow((void *)VMALLOC_END + 1), - shadow_cea_begin); + (void *)shadow_cea_begin); - kasan_populate_early_shadow(shadow_cea_end, + kasan_populate_early_shadow((void *)shadow_cea_end, kasan_mem_to_shadow((void *)__START_KERNEL_map)); kasan_populate_shadow((unsigned long)kasan_mem_to_shadow(_stext), From patchwork Thu Nov 10 20:35:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 18319 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp366420wru; Thu, 10 Nov 2022 12:44:16 -0800 (PST) X-Google-Smtp-Source: AMsMyM4nLOLiV5IXtcCPLgcg8CVOLWLcT4igmcfWJchkj+C2KCob9gnA7FuHPB3oZa8Byx1O3WMw X-Received: by 2002:a05:6402:e0d:b0:463:9b53:cbf6 with SMTP id h13-20020a0564020e0d00b004639b53cbf6mr3518633edh.173.1668113056373; Thu, 10 Nov 2022 12:44:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668113056; cv=none; d=google.com; s=arc-20160816; b=FJKFHC6ZLNG1ijthUH6N1LK2Qi0oSk35RP1zp6paWdx24IaSjVQmLvbBaZNOPnNIXH IS0rR3mZzqoUb2Ud+wr2TXhbGgLTfb1+C5gEnhNDlCa4fkrVg9IVP0y3HNRuuv/cPLmn ohGyqidFe2DfVpx7Vhr3YktKHeCtodujicXeP0BzL7iCQ4DoFCsYld+hmyt8EgRsgrBL InFLV8nCK/c5Ugl8i0VNjE/kf0y/na+rr6GSncJZMYmhCa3DVTjYPahdamlODhfFu82m DtK6qdOFMtLhGDo7TwrqC22rDh7ReZ1lO9M5OsnSh2GsTA4STbocaK8TpJR5ULR1BO9m n8Gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=; b=SXSOfFiVI10m/XeT83QQAGaMZGXZu6QBednGI+aNlXpCFOQiX/jNbe2uvEWA7coIqA kf+uZV9y6XYIswAaXN59FYaq2jd46NSYMixFVtZdW4t9ArnG7cySgcyHfS5V8tQ3mAkm KYZpuBLrunYb4hRu0SuQ3iQVJQcMnxfZ4tS8cSh2ZEU+IR68+yOWqOKigi6lFiMeVXTY 3q9I9y/YPlDb1sRILwCV9PRatg9uW96P2l/SsY7ZayZSnSJvyp3yUxEIW35KBT914EIC TYx7qf3BgsJB7gOsjhmh79ZnQabs3g+1ebblXhmvtSuVegJRg3BgMGxmidInUvoJQzTy qC3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="F/+UCskf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n2-20020a170906700200b00781d82a6fc9si210705ejj.264.2022.11.10.12.43.51; Thu, 10 Nov 2022 12:44:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="F/+UCskf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232071AbiKJUfk (ORCPT + 99 others); Thu, 10 Nov 2022 15:35:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231932AbiKJUfQ (ORCPT ); Thu, 10 Nov 2022 15:35:16 -0500 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE0874E41E for ; Thu, 10 Nov 2022 12:35:15 -0800 (PST) Received: by mail-pj1-x104a.google.com with SMTP id ch8-20020a17090af40800b002140ba517b6so1629980pjb.4 for ; Thu, 10 Nov 2022 12:35:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=; b=F/+UCskf44ADzGslt/IGpWoJh4u6oVd2pp653aShhnTg9HGbG3ZOsV/FfEAlnWOv5l xsKVf7wW/egGgeqeM0wcau4N13Ku8o7LmHx1T3stlAJ8yJvPcQ1cBg+QcQV9iwsd2e8E HeVgQc8NwGhGuWRTVRY/EwK8DiqhRfwl3cwXbOB+JFTihHxEBUJbpnksAnzIm8pRoFIO 9hsDruJByPgnUprVEPZoDYLLHYmVnWC+FpwJdKXALBXK8nN4FiMI/iw3lGWT8Q5JcCeg E8HLRuikgjnjtYd/4ZOd0xFNDQJuJrgDYUSkmPio/aXmZjRLhsZGIDceELpbs7rsc7cf P7PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=; b=LErW4KZWEDVZZ9Y/mLpinhOuYT5adKhTcDe+NO4mPd9aWlY/UJrCN3dJwkQ5XnO0Ic x7F+3preOBYIjt7ouOMBMlszSUpbpfwdTBQWtb2WyeEueQ8/+tyzHomVvn+ZX2Zgqzz+ sFDukQWoSUy5CVp42+1vDd7thstpwBu5P0n9PI8mwAHe/QgCXTB8DM0+k2q3/r1c3YKu whimpVhnnXXszJ5rd0d49jvsSjhl174H942howCjubQ4OoTdgXZuyyv1VzpVTgYDaWS2 94rdcktNAAivBNLtWxvtRZ4wF3S3UVE7WiURIwV6RrGxmox3zywkW67RhS9BHaHcuHJa 0O/g== X-Gm-Message-State: ACrzQf0VlqAdGjkqpGVV9K713CoJ5nIJfOiLfbe1tNYAuIyGPssR34ks aPDVva7LyzlHU2WAgFeM8Ec2Kh98krg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a62:1595:0:b0:566:9f68:c0ad with SMTP id 143-20020a621595000000b005669f68c0admr3437397pfv.57.1668112515250; Thu, 10 Nov 2022 12:35:15 -0800 (PST) Reply-To: Sean Christopherson Date: Thu, 10 Nov 2022 20:35:04 +0000 In-Reply-To: <20221110203504.1985010-1-seanjc@google.com> Mime-Version: 1.0 References: <20221110203504.1985010-1-seanjc@google.com> X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog Message-ID: <20221110203504.1985010-6-seanjc@google.com> Subject: [PATCH v2 5/5] x86/kasan: Populate shadow for shared chunk of the CPU entry area From: Sean Christopherson To: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Andrey Ryabinin Cc: "H. Peter Anvin" , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Sean Christopherson , syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com, syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749143316306858415?= X-GMAIL-MSGID: =?utf-8?q?1749143316306858415?= Popuplate the shadow for the shared portion of the CPU entry area, i.e. the read-only IDT mapping, during KASAN initialization. A recent change modified KASAN to map the per-CPU areas on-demand, but forgot to keep a shadow for the common area that is shared amongst all CPUs. Map the common area in KASAN init instead of letting idt_map_in_cea() do the dirty work so that it Just Works in the unlikely event more shared data is shoved into the CPU entry area. The bug manifests as a not-present #PF when software attempts to lookup an IDT entry, e.g. when KVM is handling IRQs on Intel CPUs (KVM performs direct CALL to the IRQ handler to avoid the overhead of INTn): BUG: unable to handle page fault for address: fffffbc0000001d8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 16c03a067 P4D 16c03a067 PUD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 5 PID: 901 Comm: repro Tainted: G W 6.1.0-rc3+ #410 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:kasan_check_range+0xdf/0x190 vmx_handle_exit_irqoff+0x152/0x290 [kvm_intel] vcpu_run+0x1d89/0x2bd0 [kvm] kvm_arch_vcpu_ioctl_run+0x3ce/0xa70 [kvm] kvm_vcpu_ioctl+0x349/0x900 [kvm] __x64_sys_ioctl+0xb8/0xf0 do_syscall_64+0x2b/0x50 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fixes: 9fd429c28073 ("x86/kasan: Map shadow for percpu pages on demand") Reported-by: syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com Cc: Andrey Ryabinin Signed-off-by: Sean Christopherson --- arch/x86/mm/kasan_init_64.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index afc5e129ca7b..af82046348a0 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -341,7 +341,7 @@ void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid) void __init kasan_init(void) { - unsigned long shadow_cea_begin, shadow_cea_end; + unsigned long shadow_cea_begin, shadow_cea_per_cpu_begin, shadow_cea_end; int i; memcpy(early_top_pgt, init_top_pgt, sizeof(early_top_pgt)); @@ -384,6 +384,7 @@ void __init kasan_init(void) } shadow_cea_begin = kasan_mem_to_shadow_align_down(CPU_ENTRY_AREA_BASE); + shadow_cea_per_cpu_begin = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_PER_CPU); shadow_cea_end = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_MAP_SIZE); @@ -409,6 +410,15 @@ void __init kasan_init(void) kasan_mem_to_shadow((void *)VMALLOC_END + 1), (void *)shadow_cea_begin); + /* + * Populate the shadow for the shared portion of the CPU entry area. + * Shadows for the per-CPU areas are mapped on-demand, as each CPU's + * area is randomly placed somewhere in the 512GiB range and mapping + * the entire 512GiB range is prohibitively expensive. + */ + kasan_populate_early_shadow((void *)shadow_cea_begin, + (void *)shadow_cea_per_cpu_begin); + kasan_populate_early_shadow((void *)shadow_cea_end, kasan_mem_to_shadow((void *)__START_KERNEL_map));