• Hugh Dickins's avatar
    kaiser: add "nokaiser" boot option, using ALTERNATIVE · c05397ac
    Hugh Dickins authored
    Added "nokaiser" boot option: an early param like "noinvpcid".
    Most places now check int kaiser_enabled (#defined 0 when not
    CONFIG_KAISER) instead of #ifdef CONFIG_KAISER; but entry_64.S
    and entry_64_compat.S are using the ALTERNATIVE technique, which
    patches in the preferred instructions at runtime.  That technique
    is tied to x86 cpu features, so X86_FEATURE_KAISER fabricated
    ("" in its comment so "kaiser" not magicked into /proc/cpuinfo).
    
    Prior to "nokaiser", Kaiser #defined _PAGE_GLOBAL 0: revert that,
    but be careful with both _PAGE_GLOBAL and CR4.PGE: setting them when
    nokaiser like when !CONFIG_KAISER, but not setting either when kaiser -
    neither matters on its own, but it's hard to be sure that _PAGE_GLOBAL
    won't get set in some obscure corner, or something add PGE into CR4.
    By omitting _PAGE_GLOBAL from __supported_pte_mask when kaiser_enabled,
    all page table setup which uses pte_pfn() masks it out of the ptes.
    
    It's slightly shameful that the same declaration versus definition of
    kaiser_enabled appears in not one, not two, but in three header files
    (asm/kaiser.h, asm/pgtable.h, asm/tlbflush.h).  I felt safer that way,
    than with #including any of those in any of the others; and did not
    feel it worth an asm/kaiser_enabled.h - kernel/cpu/common.c includes
    them all, so we shall hear about it if they get out of synch.
    
    Cleanups while in the area: removed the silly #ifdef CONFIG_KAISER
    from kaiser.c; removed the unused native_get_normal_pgd(); removed
    the spurious reg clutter from SWITCH_*_CR3 macro stubs; corrected some
    comments.  But more interestingly, set CR4.PSE in secondary_startup_64:
    the manual is clear that it does not matter whether it's 0 or 1 when
    4-level-pts are enabled, but I was distracted to find cr4 different on
    BSP and auxiliaries - BSP alone was adding PSE, in probe_page_size_mask().
    Acked-by: default avatarJiri Kosina <jkosina@suse.cz>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    
    CVE-2017-5754
    Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
    Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
    c05397ac
pgtable.h 22.4 KB