Re: [PATCH] Revert "x86/mm/legacy: Populate the user page-table with user pgd's"

Meelis Roos <mroos@xxxxxxxx> · Sat, 15 Sep 2018 21:50:09 +0300 (EEST)

It works as expected - when PAE is off, PTI can not be selected, and 
with PAE on, it can be selected and seems to work.

> Reported-by: Meelis Roos <mroos@xxxxxxxx>

Tested-by: Meelis Roos <mroos@xxxxxxxx>

> Fixes: 7757d607c6b3 ('x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32')
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
> ---
>  arch/x86/include/asm/pgtable-2level.h | 9 ---------
>  security/Kconfig                      | 2 +-
>  2 files changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h
> index 24c6cf5f16b7..60d0f9015317 100644
> --- a/arch/x86/include/asm/pgtable-2level.h
> +++ b/arch/x86/include/asm/pgtable-2level.h
> @@ -19,9 +19,6 @@ static inline void native_set_pte(pte_t *ptep , pte_t pte)
>  
>  static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
>  {
> -#ifdef CONFIG_PAGE_TABLE_ISOLATION
> -	pmd.pud.p4d.pgd = pti_set_user_pgtbl(&pmdp->pud.p4d.pgd, pmd.pud.p4d.pgd);
> -#endif
>  	*pmdp = pmd;
>  }
>  
> @@ -61,9 +58,6 @@ static inline pte_t native_ptep_get_and_clear(pte_t *xp)
>  #ifdef CONFIG_SMP
>  static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
>  {
> -#ifdef CONFIG_PAGE_TABLE_ISOLATION
> -	pti_set_user_pgtbl(&xp->pud.p4d.pgd, __pgd(0));
> -#endif
>  	return __pmd(xchg((pmdval_t *)xp, 0));
>  }
>  #else
> @@ -73,9 +67,6 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
>  #ifdef CONFIG_SMP
>  static inline pud_t native_pudp_get_and_clear(pud_t *xp)
>  {
> -#ifdef CONFIG_PAGE_TABLE_ISOLATION
> -	pti_set_user_pgtbl(&xp->p4d.pgd, __pgd(0));
> -#endif
>  	return __pud(xchg((pudval_t *)xp, 0));
>  }
>  #else
> diff --git a/security/Kconfig b/security/Kconfig
> index 27d8b2688f75..d9aa521b5206 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -57,7 +57,7 @@ config SECURITY_NETWORK
>  config PAGE_TABLE_ISOLATION
>  	bool "Remove the kernel mapping in user mode"
>  	default y
> -	depends on X86 && !UML
> +	depends on (X86_64 || X86_PAE) && !UML
>  	help
>  	  This feature reduces the number of hardware side channels by
>  	  ensuring that the majority of kernel addresses are not mapped
> 

-- 
Meelis Roos (mroos@xxxxx)      http://www.cs.ut.ee/~mroos/