linux/arch/x86/xen
Nadav Amit b3fd8e83ad x86/alternatives: Use temporary mm for text poking
text_poke() can potentially compromise security as it sets temporary
PTEs in the fixmap. These PTEs might be used to rewrite the kernel code
from other cores accidentally or maliciously, if an attacker gains the
ability to write onto kernel memory.

Moreover, since remote TLBs are not flushed after the temporary PTEs are
removed, the time-window in which the code is writable is not limited if
the fixmap PTEs - maliciously or accidentally - are cached in the TLB.
To address these potential security hazards, use a temporary mm for
patching the code.

Finally, text_poke() is also not conservative enough when mapping pages,
as it always tries to map 2 pages, even when a single one is sufficient.
So try to be more conservative, and do not map more than needed.

Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <akpm@linux-foundation.org>
Cc: <ard.biesheuvel@linaro.org>
Cc: <deneen.t.dock@intel.com>
Cc: <kernel-hardening@lists.openwall.com>
Cc: <kristen@linux.intel.com>
Cc: <linux_dti@icloud.com>
Cc: <will.deacon@arm.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190426001143.4983-8-namit@vmware.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-04-30 12:37:52 +02:00
..
apic.c Merge branch 'WIP.x86/asm' into x86/urgent, because the topic is ready 2018-04-12 09:42:34 +02:00
debugfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
efi.c x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
enlighten_hvm.c x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
enlighten_pv.c always clear the X2APIC_ENABLE bit for PV guest 2019-01-14 09:00:32 -05:00
enlighten_pvh.c xen/pvh: Move Xen code for getting mem map via hcall out of common file 2018-12-13 13:41:49 -05:00
enlighten.c xen: fixes for 4.20-rc5 2018-12-02 12:15:55 -08:00
grant-table.c x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
irq.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
Kconfig xen/pvh: Split CONFIG_XEN_PVH into CONFIG_PVH and CONFIG_XEN_PVH 2018-12-13 13:41:49 -05:00
Makefile xen/pvh: Create a new file for Xen specific PVH code 2018-12-13 13:41:49 -05:00
mmu_hvm.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
mmu_pv.c x86/alternatives: Use temporary mm for text poking 2019-04-30 12:37:52 +02:00
mmu.c x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
mmu.h mm: update ptep_modify_prot_start/commit to take vm_area_struct as arg 2019-03-05 21:07:18 -08:00
multicalls.c xen/x86: add diagnostic printout to xen_mc_flush() in case of error 2018-11-29 17:53:16 +01:00
multicalls.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
p2m.c treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
pci-swiotlb-xen.c x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
platform-pci-unplug.c xen/pvh: don't try to unplug emulated devices 2018-10-26 09:16:57 +02:00
pmu.c Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 16:16:40 +01:00
pmu.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
setup.c x86/xen: dont add memory above max allowed allocation 2019-02-18 06:52:51 +01:00
smp_hvm.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smp_pv.c x86/stackprotector: Remove the call to boot_init_stack_canary() from cpu_startup_entry() 2018-10-22 04:07:24 +02:00
smp.c x86/xen: Calculate __max_logical_packages on PV domains 2018-02-17 09:40:45 +01:00
smp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spinlock.c x86/xen: cleanup includes in arch/x86/xen/spinlock.c 2018-11-22 16:47:50 +01:00
suspend_hvm.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
suspend_pv.c x86/xen/time: Initialize pv xen time in init_hypervisor_platform() 2018-07-20 00:02:39 +02:00
suspend.c x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend 2018-02-28 16:03:19 +01:00
time.c xen: Fix x86 sched_clock() interface for xen 2019-01-16 13:06:05 -05:00
trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso.h x86/xen: Add SPDX identifier in arch/x86/xen files 2018-09-03 16:50:33 +02:00
vga.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xen-asm_32.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xen-asm_64.S kprobes/x86/xen: blacklist non-attachable xen interrupt functions 2018-12-17 10:27:59 -05:00
xen-asm.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xen-head.S xen/pvh: Indicate XENFEAT_linux_rsdp_unrestricted to Xen 2018-04-10 09:22:22 -04:00
xen-ops.h x86/xen: remove unused function xen_auto_xlated_memory_setup() 2018-08-20 14:46:18 -04:00