From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5ABACC433DB for ; Tue, 16 Feb 2021 02:56:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1709464DEC for ; Tue, 16 Feb 2021 02:56:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229777AbhBPC4O (ORCPT ); Mon, 15 Feb 2021 21:56:14 -0500 Received: from foss.arm.com ([217.140.110.172]:53518 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229652AbhBPC4L (ORCPT ); Mon, 15 Feb 2021 21:56:11 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2AC9531B; Mon, 15 Feb 2021 18:55:25 -0800 (PST) Received: from [192.168.0.130] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6DC793F73D; Mon, 15 Feb 2021 18:55:21 -0800 (PST) Subject: Re: [PATCH v2 1/1] arm64: mm: correct the inside linear map boundaries during hotplug check To: Ard Biesheuvel , Pavel Tatashin Cc: Tyler Hicks , James Morris , Catalin Marinas , Will Deacon , Andrew Morton , Mike Rapoport , Logan Gunthorpe , Linux ARM , Linux Kernel Mailing List References: <20210215192237.362706-1-pasha.tatashin@soleen.com> <20210215192237.362706-2-pasha.tatashin@soleen.com> From: Anshuman Khandual Message-ID: <73bf9ad0-37a9-78f4-3583-2845dcb24f34@arm.com> Date: Tue, 16 Feb 2021 08:25:34 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/16/21 12:57 AM, Ard Biesheuvel wrote: > On Mon, 15 Feb 2021 at 20:22, Pavel Tatashin wrote: >> >> Memory hotplug may fail on systems with CONFIG_RANDOMIZE_BASE because the >> linear map range is not checked correctly. >> >> The start physical address that linear map covers can be actually at the >> end of the range because of randomization. Check that and if so reduce it >> to 0. >> >> This can be verified on QEMU with setting kaslr-seed to ~0ul: >> >> memstart_offset_seed = 0xffff >> START: __pa(_PAGE_OFFSET(vabits_actual)) = ffff9000c0000000 >> END: __pa(PAGE_END - 1) = 1000bfffffff >> >> Signed-off-by: Pavel Tatashin >> Fixes: 58284a901b42 ("arm64/mm: Validate hotplug range before creating linear mapping") >> Tested-by: Tyler Hicks > >> --- >> arch/arm64/mm/mmu.c | 20 ++++++++++++++++++-- >> 1 file changed, 18 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c >> index ae0c3d023824..cc16443ea67f 100644 >> --- a/arch/arm64/mm/mmu.c >> +++ b/arch/arm64/mm/mmu.c >> @@ -1444,14 +1444,30 @@ static void __remove_pgd_mapping(pgd_t *pgdir, unsigned long start, u64 size) >> >> static bool inside_linear_region(u64 start, u64 size) >> { >> + u64 start_linear_pa = __pa(_PAGE_OFFSET(vabits_actual)); >> + u64 end_linear_pa = __pa(PAGE_END - 1); >> + >> + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { >> + /* >> + * Check for a wrap, it is possible because of randomized linear >> + * mapping the start physical address is actually bigger than >> + * the end physical address. In this case set start to zero >> + * because [0, end_linear_pa] range must still be able to cover >> + * all addressable physical addresses. >> + */ >> + if (start_linear_pa > end_linear_pa) >> + start_linear_pa = 0; >> + } >> + >> + WARN_ON(start_linear_pa > end_linear_pa); >> + >> /* >> * Linear mapping region is the range [PAGE_OFFSET..(PAGE_END - 1)] >> * accommodating both its ends but excluding PAGE_END. Max physical >> * range which can be mapped inside this linear mapping range, must >> * also be derived from its end points. >> */ >> - return start >= __pa(_PAGE_OFFSET(vabits_actual)) && >> - (start + size - 1) <= __pa(PAGE_END - 1); > > Can't we simply use signed arithmetic here? This expression works fine > if the quantities are all interpreted as s64 instead of u64 There is a new generic framework which expects the platform to provide two distinct range points (low and high) for hotplug address comparison. Those range points can be different depending on whether address randomization is enabled and the flip occurs. But this comparison here in the platform code is going away. This patch needs to rebased on the new framework which is part of linux-next. https://patchwork.kernel.org/project/linux-mm/list/?series=425051 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58CA8C433DB for ; Tue, 16 Feb 2021 02:57:06 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0AC4364DEC for ; Tue, 16 Feb 2021 02:57:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0AC4364DEC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=1zjRWOPhXJpvX9OiT0/aB+6DDFRt1P2uhV3H9FXm5kE=; b=Ym+NB3fNUVfXhgH+ApMPEgEtB EDBmD/b6PGgGiDkeSAraWK3wUjOLHlcnunAzBwa6IyrF14ld3N7U5QmdkYMuTlvJTorc68pUZ7Apn BZT6P63yKNpHHi8bD/reHKC1iV4axQt02TGrtt3oBGRgMCKE67jNm+QW0OQw4OEp7e5Sh6FYDCu3E l7KzOWjDKTmaiNqEn1ekZ3nnLkPWgpFygItbrKnxWQkqXq2deomK0oAWZqv4KOuD6xsL+aHPiheHf Aa3GJsB3MLHoXEwhwRIwIpm1YGKwaVOAj7bYEeXcgriz8/KqsjmMeqyQp2bLErE4mNIPatEqJNnlf 6DF5THTCg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lBqWQ-00085I-NA; Tue, 16 Feb 2021 02:55:30 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lBqWO-00084t-19 for linux-arm-kernel@lists.infradead.org; Tue, 16 Feb 2021 02:55:29 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2AC9531B; Mon, 15 Feb 2021 18:55:25 -0800 (PST) Received: from [192.168.0.130] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6DC793F73D; Mon, 15 Feb 2021 18:55:21 -0800 (PST) Subject: Re: [PATCH v2 1/1] arm64: mm: correct the inside linear map boundaries during hotplug check To: Ard Biesheuvel , Pavel Tatashin References: <20210215192237.362706-1-pasha.tatashin@soleen.com> <20210215192237.362706-2-pasha.tatashin@soleen.com> From: Anshuman Khandual Message-ID: <73bf9ad0-37a9-78f4-3583-2845dcb24f34@arm.com> Date: Tue, 16 Feb 2021 08:25:34 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210215_215528_203057_AF1977A9 X-CRM114-Status: GOOD ( 24.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , James Morris , Linux Kernel Mailing List , Logan Gunthorpe , Tyler Hicks , Linux ARM , Andrew Morton , Will Deacon , Mike Rapoport Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 2/16/21 12:57 AM, Ard Biesheuvel wrote: > On Mon, 15 Feb 2021 at 20:22, Pavel Tatashin wrote: >> >> Memory hotplug may fail on systems with CONFIG_RANDOMIZE_BASE because the >> linear map range is not checked correctly. >> >> The start physical address that linear map covers can be actually at the >> end of the range because of randomization. Check that and if so reduce it >> to 0. >> >> This can be verified on QEMU with setting kaslr-seed to ~0ul: >> >> memstart_offset_seed = 0xffff >> START: __pa(_PAGE_OFFSET(vabits_actual)) = ffff9000c0000000 >> END: __pa(PAGE_END - 1) = 1000bfffffff >> >> Signed-off-by: Pavel Tatashin >> Fixes: 58284a901b42 ("arm64/mm: Validate hotplug range before creating linear mapping") >> Tested-by: Tyler Hicks > >> --- >> arch/arm64/mm/mmu.c | 20 ++++++++++++++++++-- >> 1 file changed, 18 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c >> index ae0c3d023824..cc16443ea67f 100644 >> --- a/arch/arm64/mm/mmu.c >> +++ b/arch/arm64/mm/mmu.c >> @@ -1444,14 +1444,30 @@ static void __remove_pgd_mapping(pgd_t *pgdir, unsigned long start, u64 size) >> >> static bool inside_linear_region(u64 start, u64 size) >> { >> + u64 start_linear_pa = __pa(_PAGE_OFFSET(vabits_actual)); >> + u64 end_linear_pa = __pa(PAGE_END - 1); >> + >> + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { >> + /* >> + * Check for a wrap, it is possible because of randomized linear >> + * mapping the start physical address is actually bigger than >> + * the end physical address. In this case set start to zero >> + * because [0, end_linear_pa] range must still be able to cover >> + * all addressable physical addresses. >> + */ >> + if (start_linear_pa > end_linear_pa) >> + start_linear_pa = 0; >> + } >> + >> + WARN_ON(start_linear_pa > end_linear_pa); >> + >> /* >> * Linear mapping region is the range [PAGE_OFFSET..(PAGE_END - 1)] >> * accommodating both its ends but excluding PAGE_END. Max physical >> * range which can be mapped inside this linear mapping range, must >> * also be derived from its end points. >> */ >> - return start >= __pa(_PAGE_OFFSET(vabits_actual)) && >> - (start + size - 1) <= __pa(PAGE_END - 1); > > Can't we simply use signed arithmetic here? This expression works fine > if the quantities are all interpreted as s64 instead of u64 There is a new generic framework which expects the platform to provide two distinct range points (low and high) for hotplug address comparison. Those range points can be different depending on whether address randomization is enabled and the flip occurs. But this comparison here in the platform code is going away. This patch needs to rebased on the new framework which is part of linux-next. https://patchwork.kernel.org/project/linux-mm/list/?series=425051 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel