kaiser: kaiser_flush_tlb_on_return_to_user() check PCID

Let kaiser_flush_tlb_on_return_to_user() do the X86_FEATURE_PCID
check, instead of each caller doing it inline first: nobody needs
to optimize for the noPCID case, it's clearer this way, and better
suits later changes.  Replace those no-op X86_CR3_PCID_KERN_FLUSH lines
by a BUILD_BUG_ON() in load_new_mm_cr3(), in case something changes.

Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 8eaca4c7d9f167209a9cc568ff028c0a3b0deb2d)
Orabug: 27333760
CVE: CVE-2017-5754
Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>

diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
index 779ee928e75c9d4845fed8ded1619bcad38bf121..2a907fb106e6549c4b8032e5247031c7f41f352f 100644 (file)
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
@@ -157,7 +157,7 @@ static inline void __native_flush_tlb(void)
         * back:
         */
        preempt_disable();
-       if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
+       if (kaiser_enabled)
                kaiser_flush_tlb_on_return_to_user();
        native_write_cr3(native_read_cr3());
        preempt_enable();
@@ -216,7 +216,7 @@ static inline void __native_flush_tlb_single(unsigned long addr)
         */
 
        if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) {
-               if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID))
+               if (kaiser_enabled)
                        kaiser_flush_tlb_on_return_to_user();
                asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
                return;

diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
index c64bfef99ee84755cfd0373fb5b5bae126ee11a9..9d6b7517fca527c00c62542e1b2e098c44ea6ca3 100644 (file)
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -436,12 +436,12 @@ void kaiser_setup_pcid(void)
 
 /*
  * Make a note that this cpu will need to flush USER tlb on return to user.
- * Caller checks whether this_cpu_has(X86_FEATURE_PCID) before calling:
- * if cpu does not, then the NOFLUSH bit will never have been set.
+ * If cpu does not have PCID, then the NOFLUSH bit will never have been set.
  */
 void kaiser_flush_tlb_on_return_to_user(void)
 {
-       this_cpu_write(x86_cr3_pcid_user,
+       if (this_cpu_has(X86_FEATURE_PCID))
+               this_cpu_write(x86_cr3_pcid_user,
                        X86_CR3_PCID_USER_FLUSH | KAISER_SHADOW_PGD_OFFSET);
 }
 EXPORT_SYMBOL(kaiser_flush_tlb_on_return_to_user);

diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 431d4a975462ce1d3f3ade370796295840985268..9b876a8cc4a66cafb83c01a48f0c727735d81129 100644 (file)
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -39,7 +39,7 @@ static void load_new_mm_cr3(pgd_t *pgdir)
 {
        unsigned long new_mm_cr3 = __pa(pgdir);
 
-       if (kaiser_enabled && this_cpu_has(X86_FEATURE_PCID)) {
+       if (kaiser_enabled) {
                /*
                 * We reuse the same PCID for different tasks, so we must
                 * flush all the entries for the PCID out when we change tasks.
@@ -50,10 +50,10 @@ static void load_new_mm_cr3(pgd_t *pgdir)
                 * do it here, but can only be used if X86_FEATURE_INVPCID is
                 * available - and many machines support pcid without invpcid.
                 *
-                * The line below is a no-op: X86_CR3_PCID_KERN_FLUSH is now 0;
-                * but keep that line in there in case something changes.
+                * If X86_CR3_PCID_KERN_FLUSH actually added something, then it
+                * would be needed in the write_cr3() below - if PCIDs enabled.
                 */
-               new_mm_cr3 |= X86_CR3_PCID_KERN_FLUSH;
+               BUILD_BUG_ON(X86_CR3_PCID_KERN_FLUSH);
                kaiser_flush_tlb_on_return_to_user();
        }