tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

xen/x86: adjust handling of the L3 user vsyscall special page table

Marking the page tableas pinned without ever actually pinning is was
probably an oversight in the first place. The main reason for the change
is more subtle, though: The write of the one present entry each here and
in the subsequently allocated L2 table engage a code path in the
hypervisor which exists only for thought-to-be-broken guests: An mmu-
update operation to a page which is neither a page table nor marked
writable. The hypervisor merely assumes (or should I say "hopes") that
the fact that a writable reference to the page can be obtained means it
is okay to actually write to that page in response to such a hypercall.

While there make all involved code and data dependent upon
X86_VSYSCALL_EMULATION (some code was already).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Link: https://lore.kernel.org/r/1048f5b8-b726-dcc1-1216-9d5ac328ce82@suse.com
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

authored by

Jan Beulich and committed by
Boris Ostrovsky d2a3ef44 4c360db6

+11 -1
+11 -1
arch/x86/xen/mmu_pv.c
··· 86 86 #include "mmu.h" 87 87 #include "debugfs.h" 88 88 89 + #ifdef CONFIG_X86_VSYSCALL_EMULATION 89 90 /* l3 pud for userspace vsyscall mapping */ 90 91 static pud_t level3_user_vsyscall[PTRS_PER_PUD] __page_aligned_bss; 92 + #endif 91 93 92 94 /* 93 95 * Protects atomic reservation decrease/increase against concurrent increases. ··· 793 791 static void __init xen_after_bootmem(void) 794 792 { 795 793 static_branch_enable(&xen_struct_pages_ready); 794 + #ifdef CONFIG_X86_VSYSCALL_EMULATION 796 795 SetPagePinned(virt_to_page(level3_user_vsyscall)); 796 + #endif 797 797 xen_pgd_walk(&init_mm, xen_mark_pinned, FIXADDR_TOP); 798 798 } 799 799 ··· 1766 1762 set_page_prot(init_top_pgt, PAGE_KERNEL_RO); 1767 1763 set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); 1768 1764 set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); 1769 - set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); 1770 1765 set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); 1771 1766 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); 1772 1767 set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); ··· 1781 1778 1782 1779 /* Unpin Xen-provided one */ 1783 1780 pin_pagetable_pfn(MMUEXT_UNPIN_TABLE, PFN_DOWN(__pa(pgd))); 1781 + 1782 + #ifdef CONFIG_X86_VSYSCALL_EMULATION 1783 + /* Pin user vsyscall L3 */ 1784 + set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); 1785 + pin_pagetable_pfn(MMUEXT_PIN_L3_TABLE, 1786 + PFN_DOWN(__pa_symbol(level3_user_vsyscall))); 1787 + #endif 1784 1788 1785 1789 /* 1786 1790 * At this stage there can be no user pgd, and no page structure to