From: Dave Hansen <[email protected]> In creating its page tables, the espfix code masks its PGTABLE_PROT value with the supported mask: __supported_pte_mask. This ensures that unsupported bits are not set in the final PTE. But, it also sets _PAGE_GLOBAL which we do not want for PTE. Use __default_kernel_pte_mask instead which clears _PAGE_GLOBAL for PTI.
Signed-off-by: Dave Hansen <[email protected]> Cc: Andrea Arcangeli <[email protected]> Cc: Andy Lutomirski <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Kees Cook <[email protected]> Cc: Hugh Dickins <[email protected]> Cc: Juergen Gross <[email protected]> Cc: [email protected] Cc: Nadav Amit <[email protected]> --- b/arch/x86/kernel/espfix_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN arch/x86/kernel/espfix_64.c~espfix-use-kern-defaults-not-supported arch/x86/kernel/espfix_64.c --- a/arch/x86/kernel/espfix_64.c~espfix-use-kern-defaults-not-supported 2018-02-22 12:36:19.217036552 -0800 +++ b/arch/x86/kernel/espfix_64.c 2018-02-22 12:36:19.221036552 -0800 @@ -167,7 +167,7 @@ void init_espfix_ap(int cpu) goto unlock_done; node = cpu_to_node(cpu); - ptemask = __supported_pte_mask; + ptemask = __default_kernel_pte_mask; pud_p = &espfix_pud_page[pud_index(addr)]; pud = *pud_p; _
