c2b3496bb3
The LDT is duplicated on fork() and on exec(), which is wrong as exec() should start from a clean state, i.e. without LDT. To fix this the LDT duplication code will be moved into arch_dup_mmap() which is only called for fork(). This introduces a locking problem. arch_dup_mmap() holds mmap_sem of the parent process, but the LDT duplication code needs to acquire mm->context.lock to access the LDT data safely, which is the reverse lock order of write_ldt() where mmap_sem nests into context.lock. Solve this by introducing a new rw semaphore which serializes the read/write_ldt() syscall operations and use context.lock to protect the actual installment of the LDT descriptor. So context.lock stabilizes mm->context.ldt and can nest inside of the new semaphore or mmap_sem. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: Andy Lutomirsky <luto@kernel.org> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bpetkov@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Laight <David.Laight@aculab.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eduardo Valentin <eduval@amazon.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Juergen Gross <jgross@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Will Deacon <will.deacon@arm.com> Cc: aliguori@amazon.com Cc: dan.j.williams@intel.com Cc: hughd@google.com Cc: keescook@google.com Cc: kirill.shutemov@linux.intel.com Cc: linux-mm@kvack.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
67 lines
1.6 KiB
C
67 lines
1.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _ASM_X86_MMU_H
|
|
#define _ASM_X86_MMU_H
|
|
|
|
#include <linux/spinlock.h>
|
|
#include <linux/rwsem.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/atomic.h>
|
|
|
|
/*
|
|
* x86 has arch-specific MMU state beyond what lives in mm_struct.
|
|
*/
|
|
typedef struct {
|
|
/*
|
|
* ctx_id uniquely identifies this mm_struct. A ctx_id will never
|
|
* be reused, and zero is not a valid ctx_id.
|
|
*/
|
|
u64 ctx_id;
|
|
|
|
/*
|
|
* Any code that needs to do any sort of TLB flushing for this
|
|
* mm will first make its changes to the page tables, then
|
|
* increment tlb_gen, then flush. This lets the low-level
|
|
* flushing code keep track of what needs flushing.
|
|
*
|
|
* This is not used on Xen PV.
|
|
*/
|
|
atomic64_t tlb_gen;
|
|
|
|
#ifdef CONFIG_MODIFY_LDT_SYSCALL
|
|
struct rw_semaphore ldt_usr_sem;
|
|
struct ldt_struct *ldt;
|
|
#endif
|
|
|
|
#ifdef CONFIG_X86_64
|
|
/* True if mm supports a task running in 32 bit compatibility mode. */
|
|
unsigned short ia32_compat;
|
|
#endif
|
|
|
|
struct mutex lock;
|
|
void __user *vdso; /* vdso base address */
|
|
const struct vdso_image *vdso_image; /* vdso image in use */
|
|
|
|
atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
|
|
#ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
|
|
/*
|
|
* One bit per protection key says whether userspace can
|
|
* use it or not. protected by mmap_sem.
|
|
*/
|
|
u16 pkey_allocation_map;
|
|
s16 execute_only_pkey;
|
|
#endif
|
|
#ifdef CONFIG_X86_INTEL_MPX
|
|
/* address of the bounds directory */
|
|
void __user *bd_addr;
|
|
#endif
|
|
} mm_context_t;
|
|
|
|
#define INIT_MM_CONTEXT(mm) \
|
|
.context = { \
|
|
.ctx_id = 1, \
|
|
}
|
|
|
|
void leave_mm(int cpu);
|
|
|
|
#endif /* _ASM_X86_MMU_H */
|