• Andy Lutomirski's avatar
    x86/ldt: Make modify_ldt synchronous · ef64c0a8
    Andy Lutomirski authored
    commit 37868fe1 upstream.
    
    modify_ldt() has questionable locking and does not synchronize
    threads.  Improve it: redesign the locking and synchronize all
    threads' LDTs using an IPI on all modifications.
    
    This will dramatically slow down modify_ldt in multithreaded
    programs, but there shouldn't be any multithreaded programs that
    care about modify_ldt's performance in the first place.
    
    This fixes some fallout from the CVE-2015-5157 fixes.
    Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: Andrew Cooper <andrew.cooper3@citrix.com>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brian Gerst <brgerst@gmail.com>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: H. Peter Anvin <hpa@zytor.com>
    Cc: Jan Beulich <jbeulich@suse.com>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Sasha Levin <sasha.levin@oracle.com>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: security@kernel.org <security@kernel.org>
    Cc: xen-devel <xen-devel@lists.xen.org>
    Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.luto@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    [bwh: Backported to 3.2:
     - Adjust context
     - Drop comment changes in switch_mm()
     - Drop changes to get_segment_base() in arch/x86/kernel/cpu/perf_event.c
     - Open-code lockless_dereference(), smp_store_release(), on_each_cpu_mask()]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    ef64c0a8
common.c 30.2 KB