diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0038-KPTI-Rename-to-PAGE_TABLE_ISOLATION.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0038-KPTI-Rename-to-PAGE_TABLE_ISOLATION.patch | 359 |
1 files changed, 359 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0038-KPTI-Rename-to-PAGE_TABLE_ISOLATION.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0038-KPTI-Rename-to-PAGE_TABLE_ISOLATION.patch new file mode 100644 index 00000000..bd48e9c6 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0038-KPTI-Rename-to-PAGE_TABLE_ISOLATION.patch @@ -0,0 +1,359 @@ +From 4c484c8da3f97360d9451ac79a6f687d0155088e Mon Sep 17 00:00:00 2001 +From: Kees Cook <keescook@chromium.org> +Date: Wed, 3 Jan 2018 10:17:35 -0800 +Subject: [PATCH 038/102] KPTI: Rename to PAGE_TABLE_ISOLATION + +This renames CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION. + +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/boot/compressed/misc.h | 2 +- + arch/x86/entry/entry_64.S | 12 ++++++------ + arch/x86/events/intel/ds.c | 4 ++-- + arch/x86/include/asm/cpufeatures.h | 2 +- + arch/x86/include/asm/kaiser.h | 12 ++++++------ + arch/x86/include/asm/pgtable.h | 4 ++-- + arch/x86/include/asm/pgtable_64.h | 4 ++-- + arch/x86/include/asm/pgtable_types.h | 2 +- + arch/x86/include/asm/tlbflush.h | 2 +- + arch/x86/kernel/head_64.S | 2 +- + arch/x86/mm/Makefile | 2 +- + arch/x86/mm/kaslr.c | 2 +- + include/linux/kaiser.h | 6 +++--- + include/linux/percpu-defs.h | 2 +- + security/Kconfig | 2 +- + tools/arch/x86/include/asm/cpufeatures.h | 2 +- + 16 files changed, 31 insertions(+), 31 deletions(-) + +diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h +index cd80024..4f4c42a 100644 +--- a/arch/x86/boot/compressed/misc.h ++++ b/arch/x86/boot/compressed/misc.h +@@ -9,7 +9,7 @@ + */ + #undef CONFIG_PARAVIRT + #undef CONFIG_PARAVIRT_SPINLOCKS +-#undef CONFIG_KAISER ++#undef CONFIG_PAGE_TABLE_ISOLATION + #undef CONFIG_KASAN + + #include <linux/linkage.h> +diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S +index d4ba81e..5bb9b02 100644 +--- a/arch/x86/entry/entry_64.S ++++ b/arch/x86/entry/entry_64.S +@@ -1071,7 +1071,7 @@ ENTRY(paranoid_entry) + SWAPGS + xorl %ebx, %ebx + 1: +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * We might have come in between a swapgs and a SWITCH_KERNEL_CR3 + * on entry, or between a SWITCH_USER_CR3 and a swapgs on exit. +@@ -1111,7 +1111,7 @@ ENTRY(paranoid_exit) + DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF_DEBUG + TRACE_IRQS_IRETQ_DEBUG +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* No ALTERNATIVE for X86_FEATURE_KAISER: paranoid_entry sets %ebx */ + testl $2, %ebx /* SWITCH_USER_CR3 needed? */ + jz paranoid_exit_no_switch +@@ -1338,7 +1338,7 @@ ENTRY(nmi) + + movq %rsp, %rdi + movq $-1, %rsi +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* Unconditionally use kernel CR3 for do_nmi() */ + /* %rax is saved above, so OK to clobber here */ + ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER +@@ -1352,7 +1352,7 @@ ENTRY(nmi) + #endif + call do_nmi + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * Unconditionally restore CR3. I know we return to + * kernel code that needs user CR3, but do we ever return +@@ -1582,7 +1582,7 @@ end_repeat_nmi: + 1: + movq %rsp, %rdi + movq $-1, %rsi +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* Unconditionally use kernel CR3 for do_nmi() */ + /* %rax is saved above, so OK to clobber here */ + ALTERNATIVE "jmp 2f", "movq %cr3, %rax", X86_FEATURE_KAISER +@@ -1598,7 +1598,7 @@ end_repeat_nmi: + /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ + call do_nmi + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * Unconditionally restore CR3. We might be returning to + * kernel code that needs user CR3, like just just before +diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c +index c2e4ae2..f97d8b4 100644 +--- a/arch/x86/events/intel/ds.c ++++ b/arch/x86/events/intel/ds.c +@@ -274,7 +274,7 @@ static DEFINE_PER_CPU(void *, insn_buffer); + + static void *dsalloc(size_t size, gfp_t flags, int node) + { +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + unsigned int order = get_order(size); + struct page *page; + unsigned long addr; +@@ -295,7 +295,7 @@ static void *dsalloc(size_t size, gfp_t flags, int node) + + static void dsfree(const void *buffer, size_t size) + { +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + if (!buffer) + return; + kaiser_remove_mapping((unsigned long)buffer, size); +diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h +index 20271d6..454a37a 100644 +--- a/arch/x86/include/asm/cpufeatures.h ++++ b/arch/x86/include/asm/cpufeatures.h +@@ -199,7 +199,7 @@ + #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */ + + /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ +-#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */ ++#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ + + /* Virtualization flags: Linux defined, word 8 */ + #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ +diff --git a/arch/x86/include/asm/kaiser.h b/arch/x86/include/asm/kaiser.h +index b5e46aa..802bbbd 100644 +--- a/arch/x86/include/asm/kaiser.h ++++ b/arch/x86/include/asm/kaiser.h +@@ -20,7 +20,7 @@ + #define KAISER_SHADOW_PGD_OFFSET 0x1000 + + #ifdef __ASSEMBLY__ +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + + .macro _SWITCH_TO_KERNEL_CR3 reg + movq %cr3, \reg +@@ -69,7 +69,7 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax + 8: + .endm + +-#else /* CONFIG_KAISER */ ++#else /* CONFIG_PAGE_TABLE_ISOLATION */ + + .macro SWITCH_KERNEL_CR3 + .endm +@@ -78,11 +78,11 @@ movq PER_CPU_VAR(unsafe_stack_register_backup), %rax + .macro SWITCH_KERNEL_CR3_NO_STACK + .endm + +-#endif /* CONFIG_KAISER */ ++#endif /* CONFIG_PAGE_TABLE_ISOLATION */ + + #else /* __ASSEMBLY__ */ + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * Upon kernel/user mode switch, it may happen that the address + * space has to be switched before the registers have been +@@ -100,10 +100,10 @@ extern void __init kaiser_check_boottime_disable(void); + #else + #define kaiser_enabled 0 + static inline void __init kaiser_check_boottime_disable(void) {} +-#endif /* CONFIG_KAISER */ ++#endif /* CONFIG_PAGE_TABLE_ISOLATION */ + + /* +- * Kaiser function prototypes are needed even when CONFIG_KAISER is not set, ++ * Kaiser function prototypes are needed even when CONFIG_PAGE_TABLE_ISOLATION is not set, + * so as to build with tests on kaiser_enabled instead of #ifdefs. + */ + +diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h +index 217e83a..2536f90 100644 +--- a/arch/x86/include/asm/pgtable.h ++++ b/arch/x86/include/asm/pgtable.h +@@ -18,7 +18,7 @@ + #ifndef __ASSEMBLY__ + #include <asm/x86_init.h> + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + extern int kaiser_enabled; + #else + #define kaiser_enabled 0 +@@ -920,7 +920,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, + static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count) + { + memcpy(dst, src, count * sizeof(pgd_t)); +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + if (kaiser_enabled) { + /* Clone the shadow pgd part as well */ + memcpy(native_get_shadow_pgd(dst), +diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h +index cf68b5c..ce97c8c6 100644 +--- a/arch/x86/include/asm/pgtable_64.h ++++ b/arch/x86/include/asm/pgtable_64.h +@@ -106,7 +106,7 @@ static inline void native_pud_clear(pud_t *pud) + native_set_pud(pud, native_make_pud(0)); + } + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + extern pgd_t kaiser_set_shadow_pgd(pgd_t *pgdp, pgd_t pgd); + + static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp) +@@ -127,7 +127,7 @@ static inline pgd_t *native_get_shadow_pgd(pgd_t *pgdp) + BUILD_BUG_ON(1); + return NULL; + } +-#endif /* CONFIG_KAISER */ ++#endif /* CONFIG_PAGE_TABLE_ISOLATION */ + + static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) + { +diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h +index f0d9a1a..f1c8ac4 100644 +--- a/arch/x86/include/asm/pgtable_types.h ++++ b/arch/x86/include/asm/pgtable_types.h +@@ -144,7 +144,7 @@ + #define X86_CR3_PCID_MASK (X86_CR3_PCID_NOFLUSH | X86_CR3_PCID_ASID_MASK) + #define X86_CR3_PCID_ASID_KERN (_AC(0x0,UL)) + +-#if defined(CONFIG_KAISER) && defined(CONFIG_X86_64) ++#if defined(CONFIG_PAGE_TABLE_ISOLATION) && defined(CONFIG_X86_64) + /* Let X86_CR3_PCID_ASID_USER be usable for the X86_CR3_PCID_NOFLUSH bit */ + #define X86_CR3_PCID_ASID_USER (_AC(0x80,UL)) + +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 8db339a..183af59 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -137,7 +137,7 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask) + * Declare a couple of kaiser interfaces here for convenience, + * to avoid the need for asm/kaiser.h in unexpected places. + */ +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + extern int kaiser_enabled; + extern void kaiser_setup_pcid(void); + extern void kaiser_flush_tlb_on_return_to_user(void); +diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S +index d04479b..67cd7c1 100644 +--- a/arch/x86/kernel/head_64.S ++++ b/arch/x86/kernel/head_64.S +@@ -405,7 +405,7 @@ GLOBAL(early_recursion_flag) + .balign PAGE_SIZE; \ + GLOBAL(name) + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + /* + * Each PGD needs to be 8k long and 8k aligned. We do not + * ever go out to userspace with these, so we do not +diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile +index c505569..c548b46 100644 +--- a/arch/x86/mm/Makefile ++++ b/arch/x86/mm/Makefile +@@ -38,4 +38,4 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o + obj-$(CONFIG_X86_INTEL_MPX) += mpx.o + obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o + obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o +-obj-$(CONFIG_KAISER) += kaiser.o ++obj-$(CONFIG_PAGE_TABLE_ISOLATION) += kaiser.o +diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c +index 9284ec1..319183d 100644 +--- a/arch/x86/mm/kaslr.c ++++ b/arch/x86/mm/kaslr.c +@@ -189,6 +189,6 @@ void __meminit init_trampoline(void) + *pud_tramp = *pud; + } + +- /* Avoid set_pgd(), in case it's complicated by CONFIG_KAISER */ ++ /* Avoid set_pgd(), in case it's complicated by CONFIG_PAGE_TABLE_ISOLATION */ + trampoline_pgd_entry = __pgd(_KERNPG_TABLE | __pa(pud_page_tramp)); + } +diff --git a/include/linux/kaiser.h b/include/linux/kaiser.h +index 4a4d6d9..58c55b1 100644 +--- a/include/linux/kaiser.h ++++ b/include/linux/kaiser.h +@@ -1,7 +1,7 @@ + #ifndef _LINUX_KAISER_H + #define _LINUX_KAISER_H + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + #include <asm/kaiser.h> + + static inline int kaiser_map_thread_stack(void *stack) +@@ -24,7 +24,7 @@ static inline void kaiser_unmap_thread_stack(void *stack) + #else + + /* +- * These stubs are used whenever CONFIG_KAISER is off, which ++ * These stubs are used whenever CONFIG_PAGE_TABLE_ISOLATION is off, which + * includes architectures that support KAISER, but have it disabled. + */ + +@@ -48,5 +48,5 @@ static inline void kaiser_unmap_thread_stack(void *stack) + { + } + +-#endif /* !CONFIG_KAISER */ ++#endif /* !CONFIG_PAGE_TABLE_ISOLATION */ + #endif /* _LINUX_KAISER_H */ +diff --git a/include/linux/percpu-defs.h b/include/linux/percpu-defs.h +index cfe13cb..8902f23 100644 +--- a/include/linux/percpu-defs.h ++++ b/include/linux/percpu-defs.h +@@ -35,7 +35,7 @@ + + #endif + +-#ifdef CONFIG_KAISER ++#ifdef CONFIG_PAGE_TABLE_ISOLATION + #define USER_MAPPED_SECTION "..user_mapped" + #else + #define USER_MAPPED_SECTION "" +diff --git a/security/Kconfig b/security/Kconfig +index fd2ceeb..32f36b4 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -31,7 +31,7 @@ config SECURITY + + If you are unsure how to answer this question, answer N. + +-config KAISER ++config PAGE_TABLE_ISOLATION + bool "Remove the kernel mapping in user mode" + default y + depends on X86_64 && SMP +diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h +index 67c93d9..f79669a 100644 +--- a/tools/arch/x86/include/asm/cpufeatures.h ++++ b/tools/arch/x86/include/asm/cpufeatures.h +@@ -198,7 +198,7 @@ + #define X86_FEATURE_AVX512_4FMAPS (7*32+17) /* AVX-512 Multiply Accumulation Single precision */ + + /* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ +-#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_KAISER w/o nokaiser */ ++#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ + + /* Virtualization flags: Linux defined, word 8 */ + #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ +-- +2.7.4 + |