queue/vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From ben.hutchings@codethink.co.uk  Fri Jan 26 17:35:59 2018
 From: Ben Hutchings <ben.hutchings@codethink.co.uk>
 Date: Fri, 26 Jan 2018 16:23:02 +0000
 Subject: vsyscall: Fix permissions for emulate mode with KAISER/PTI
 To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Cc: Borislav Petkov <bp@suse.de>, Hugh Dickins <hughd@google.com>, stable@vger.kernel.org
 Message-ID: <20180126162302.ei4tmiltl73npmr6@xylophone.i.decadent.org.uk>

 From: Ben Hutchings <ben.hutchings@codethink.co.uk>

 The backport of KAISER to 4.4 turned vsyscall emulate mode into native
 mode.  Add a vsyscall_pgprot variable to hold the correct page
 protections, like Borislav and Hugh did for 3.2 and 3.18.

 Cc: Borislav Petkov <bp@suse.de>
 Cc: Hugh Dickins <hughd@google.com>
 Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


 ---
  arch/x86/entry/vsyscall/vsyscall_64.c |    7 ++++---
  arch/x86/include/asm/vsyscall.h       |    1 +
  arch/x86/mm/kaiser.c                  |    2 +-
  3 files changed, 6 insertions(+), 4 deletions(-)

 --- a/arch/x86/entry/vsyscall/vsyscall_64.c
 +++ b/arch/x86/entry/vsyscall/vsyscall_64.c
 @@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vs
  #else
  	EMULATE;
  #endif
 +unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;

  static int __init vsyscall_setup(char *str)
  {
 @@ -336,11 +337,11 @@ void __init map_vsyscall(void)
  	extern char __vsyscall_page;
  	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);

 +	if (vsyscall_mode != NATIVE)
 +		vsyscall_pgprot = __PAGE_KERNEL_VVAR;
  	if (vsyscall_mode != NONE)
  		__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
 -			     vsyscall_mode == NATIVE
 -			     ? PAGE_KERNEL_VSYSCALL
 -			     : PAGE_KERNEL_VVAR);
 +			     __pgprot(vsyscall_pgprot));

  	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
  		     (unsigned long)VSYSCALL_ADDR);
 --- a/arch/x86/include/asm/vsyscall.h
 +++ b/arch/x86/include/asm/vsyscall.h
 @@ -13,6 +13,7 @@ extern void map_vsyscall(void);
   */
  extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
  extern bool vsyscall_enabled(void);
 +extern unsigned long vsyscall_pgprot;
  #else
  static inline void map_vsyscall(void) {}
  static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
 --- a/arch/x86/mm/kaiser.c
 +++ b/arch/x86/mm/kaiser.c
 @@ -344,7 +344,7 @@ void __init kaiser_init(void)
  	if (vsyscall_enabled())
  		kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
  					  PAGE_SIZE,
 -					   __PAGE_KERNEL_VSYSCALL);
 +					  vsyscall_pgprot);

  	for_each_possible_cpu(cpu) {
  		void *percpu_vaddr = __per_cpu_user_mapped_start +
	From ben.hutchings@codethink.co.uk Fri Jan 26 17:35:59 2018
	From: Ben Hutchings <ben.hutchings@codethink.co.uk>
	Date: Fri, 26 Jan 2018 16:23:02 +0000
	Subject: vsyscall: Fix permissions for emulate mode with KAISER/PTI
	To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Cc: Borislav Petkov <bp@suse.de>, Hugh Dickins <hughd@google.com>, stable@vger.kernel.org
	Message-ID: <20180126162302.ei4tmiltl73npmr6@xylophone.i.decadent.org.uk>

	From: Ben Hutchings <ben.hutchings@codethink.co.uk>

	The backport of KAISER to 4.4 turned vsyscall emulate mode into native
	mode. Add a vsyscall_pgprot variable to hold the correct page
	protections, like Borislav and Hugh did for 3.2 and 3.18.

	Cc: Borislav Petkov <bp@suse.de>
	Cc: Hugh Dickins <hughd@google.com>
	Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


	---
	arch/x86/entry/vsyscall/vsyscall_64.c \| 7 ++++---
	arch/x86/include/asm/vsyscall.h \| 1 +
	arch/x86/mm/kaiser.c \| 2 +-
	3 files changed, 6 insertions(+), 4 deletions(-)

	--- a/arch/x86/entry/vsyscall/vsyscall_64.c
	+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
	@@ -46,6 +46,7 @@ static enum { EMULATE, NATIVE, NONE } vs
	#else
	EMULATE;
	#endif
	+unsigned long vsyscall_pgprot = __PAGE_KERNEL_VSYSCALL;

	static int __init vsyscall_setup(char *str)
	{
	@@ -336,11 +337,11 @@ void __init map_vsyscall(void)
	extern char __vsyscall_page;
	unsigned long physaddr_vsyscall = __pa_symbol(&__vsyscall_page);

	+ if (vsyscall_mode != NATIVE)
	+ vsyscall_pgprot = __PAGE_KERNEL_VVAR;
	if (vsyscall_mode != NONE)
	__set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
	- vsyscall_mode == NATIVE
	- ? PAGE_KERNEL_VSYSCALL
	- : PAGE_KERNEL_VVAR);
	+ __pgprot(vsyscall_pgprot));

	BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) !=
	(unsigned long)VSYSCALL_ADDR);
	--- a/arch/x86/include/asm/vsyscall.h
	+++ b/arch/x86/include/asm/vsyscall.h
	@@ -13,6 +13,7 @@ extern void map_vsyscall(void);
	*/
	extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
	extern bool vsyscall_enabled(void);
	+extern unsigned long vsyscall_pgprot;
	#else
	static inline void map_vsyscall(void) {}
	static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
	--- a/arch/x86/mm/kaiser.c
	+++ b/arch/x86/mm/kaiser.c
	@@ -344,7 +344,7 @@ void __init kaiser_init(void)
	if (vsyscall_enabled())
	kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
	PAGE_SIZE,
	- __PAGE_KERNEL_VSYSCALL);
	+ vsyscall_pgprot);

	for_each_possible_cpu(cpu) {
	void *percpu_vaddr = __per_cpu_user_mapped_start +