Commit 2e165c34 authored by Michal Hocko's avatar Michal Hocko Committed by Stefan Bader

x86/speculation/l1tf: Fix up pte->pfn conversion for PAE

Jan has noticed that pte_pfn and co. resp. pfn_pte are incorrect for
CONFIG_PAE because phys_addr_t is wider than unsigned long and so the
pte_val reps. shift left would get truncated. Fix this up by using proper
types.

Fixes: 6b28baca ("x86/speculation/l1tf: Protect PROT_NONE PTEs
against speculation")
Reported-by: default avatarJan Beulich <JBeulich@suse.com>
Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>

CVE-2018-3620
CVE-2018-3646

[smb: Drop change to pfn_pud which does not exist]
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent a7554af7
...@@ -154,21 +154,21 @@ static inline u64 protnone_mask(u64 val); ...@@ -154,21 +154,21 @@ static inline u64 protnone_mask(u64 val);
static inline unsigned long pte_pfn(pte_t pte) static inline unsigned long pte_pfn(pte_t pte)
{ {
unsigned long pfn = pte_val(pte); phys_addr_t pfn = pte_val(pte);
pfn ^= protnone_mask(pfn); pfn ^= protnone_mask(pfn);
return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT; return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT;
} }
static inline unsigned long pmd_pfn(pmd_t pmd) static inline unsigned long pmd_pfn(pmd_t pmd)
{ {
unsigned long pfn = pmd_val(pmd); phys_addr_t pfn = pmd_val(pmd);
pfn ^= protnone_mask(pfn); pfn ^= protnone_mask(pfn);
return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT; return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
} }
static inline unsigned long pud_pfn(pud_t pud) static inline unsigned long pud_pfn(pud_t pud)
{ {
unsigned long pfn = pud_val(pud); phys_addr_t pfn = pud_val(pud);
pfn ^= protnone_mask(pfn); pfn ^= protnone_mask(pfn);
return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT; return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT;
} }
...@@ -374,7 +374,7 @@ static inline pgprotval_t massage_pgprot(pgprot_t pgprot) ...@@ -374,7 +374,7 @@ static inline pgprotval_t massage_pgprot(pgprot_t pgprot)
static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot) static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
{ {
phys_addr_t pfn = page_nr << PAGE_SHIFT; phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT;
pfn ^= protnone_mask(pgprot_val(pgprot)); pfn ^= protnone_mask(pgprot_val(pgprot));
pfn &= PTE_PFN_MASK; pfn &= PTE_PFN_MASK;
return __pte(pfn | massage_pgprot(pgprot)); return __pte(pfn | massage_pgprot(pgprot));
...@@ -382,7 +382,7 @@ static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot) ...@@ -382,7 +382,7 @@ static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot)
{ {
phys_addr_t pfn = page_nr << PAGE_SHIFT; phys_addr_t pfn = (phys_addr_t)page_nr << PAGE_SHIFT;
pfn ^= protnone_mask(pgprot_val(pgprot)); pfn ^= protnone_mask(pgprot_val(pgprot));
pfn &= PHYSICAL_PMD_PAGE_MASK; pfn &= PHYSICAL_PMD_PAGE_MASK;
return __pmd(pfn | massage_pgprot(pgprot)); return __pmd(pfn | massage_pgprot(pgprot));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment