This Linux kernel change "x86/kasan: Fix boot with 5-level paging and KASAN" is included in the Linux 4.14.128 release. This change is authored by Andrey Ryabinin <aryabinin [at] virtuozzo.com> on Fri Jun 14 17:31:49 2019 +0300. The commit for this change in Linux stable tree is 488beee (patch) which is from upstream commit f3176ec. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream f3176ec.
x86/kasan: Fix boot with 5-level paging and KASAN commit f3176ec9420de0c385023afa3e4970129444ac2f upstream. Since commit d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging") kernel doesn't boot with KASAN on 5-level paging machines. The bug is actually in early_p4d_offset() and introduced by commit 12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging") early_p4d_offset() tries to convert pgd_val(*pgd) value to a physical address. This doesn't make sense because pgd_val() already contains the physical address. It did work prior to commit d52888aa2753 because the result of "__pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK" was the same as "pgd_val(*pgd) & PTE_PFN_MASK". __pa_nodebug() just set some high bits which were masked out by applying PTE_PFN_MASK. After the change of the PAGE_OFFSET offset in commit d52888aa2753 __pa_nodebug(pgd_val(*pgd)) started to return a value with more high bits set and PTE_PFN_MASK wasn't enough to mask out all of them. So it returns a wrong not even canonical address and crashes on the attempt to dereference it. Switch back to pgd_val() & PTE_PFN_MASK to cure the issue. Fixes: 12a8cc7fcf54 ("x86/kasan: Use the same shadow offset for 4- and 5-level paging") Reported-by: Kirill A. Shutemov <email@example.com> Signed-off-by: Andrey Ryabinin <firstname.lastname@example.org> Signed-off-by: Thomas Gleixner <email@example.com> Cc: Borislav Petkov <firstname.lastname@example.org> Cc: "H. Peter Anvin" <email@example.com> Cc: Alexander Potapenko <firstname.lastname@example.org> Cc: Dmitry Vyukov <email@example.com> Cc: firstname.lastname@example.org Cc: email@example.com Cc: <firstname.lastname@example.org> Link: https://email@example.com Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>
There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.
arch/x86/mm/kasan_init_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index af6f2f9..5813950 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -194,7 +194,7 @@ static inline p4d_t *early_p4d_offset(pgd_t *pgd, unsigned long addr) if (!IS_ENABLED(CONFIG_X86_5LEVEL)) return (p4d_t *)pgd; - p4d = __pa_nodebug(pgd_val(*pgd)) & PTE_PFN_MASK; + p4d = pgd_val(*pgd) & PTE_PFN_MASK; p4d += __START_KERNEL_map - phys_base; return (p4d_t *)p4d + p4d_index(addr); }