• Kirill A. Shutemov's avatar
    x86/boot/64: Fix crash if kernel image crosses page table boundary · 1642b93f
    Kirill A. Shutemov authored
    [ Upstream commit 81c7ed296dcd02bc0b4488246d040e03e633737a ]
    
    A kernel which boots in 5-level paging mode crashes in a small percentage
    of cases if KASLR is enabled.
    
    This issue was tracked down to the case when the kernel image unpacks in a
    way that it crosses an 1G boundary. The crash is caused by an overrun of
    the PMD page table in __startup_64() and corruption of P4D page table
    allocated next to it. This particular issue is not visible with 4-level
    paging as P4D page tables are not used.
    
    But the P4D and the PUD calculation have similar problems.
    
    The PMD index calculation is wrong due to operator precedence, which fails
    to confine the PMDs in the PMD array on wrap around.
    
    The P4D calculation for 5-level paging and the PUD calculation calculate
    the first index correctly, but then blindly increment it which causes the
    same issue when a kernel image is located across a 512G and for 5-level
    paging across a 46T boundary.
    
    This wrap around mishandling was introduced when these parts moved from
    assembly to C.
    
    Restore it to the correct behaviour.
    
    Fixes: c88d7150 ("x86/boot/64: Rewrite startup_64() in C")
    Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: Dave Hansen <dave.hansen@linux.intel.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Link: https://lkml.kernel.org/r/20190620112345.28833-1-kirill.shutemov@linux.intel.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
    1642b93f
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...