linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Matt Fleming <matt@codeblueprint.co.uk>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Borislav Petkov <bp@alien8.de>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Theodore Ts'o <tytso@mit.edu>, Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Scott J Norton <scott.norton@hpe.com>,
	Douglas Hatch <doug.hatch@hpe.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.4 07/65] x86/mm/pat: Prevent hang during boot when mapping pages
Date: Thu, 25 Oct 2018 10:16:07 -0400	[thread overview]
Message-ID: <20181025141705.213937-7-sashal@kernel.org> (raw)
In-Reply-To: <20181025141705.213937-1-sashal@kernel.org>

From: Matt Fleming <matt@codeblueprint.co.uk>

[ Upstream commit e535ec0899d1fe52ec3a84c9bc03457ac67ad6f7 ]

There's a mixture of signed 32-bit and unsigned 32-bit and 64-bit data
types used for keeping track of how many pages have been mapped.

This leads to hangs during boot when mapping large numbers of pages
(multiple terabytes, as reported by Waiman) because those values are
interpreted as being negative.

commit 742563777e8d ("x86/mm/pat: Avoid truncation when converting
cpa->numpages to address") fixed one of those bugs, but there is
another lurking in __change_page_attr_set_clr().

Additionally, the return value type for the populate_*() functions can
return negative values when a large number of pages have been mapped,
triggering the error paths even though no error occurred.

Consistently use 64-bit types on 64-bit platforms when counting pages.
Even in the signed case this gives us room for regions 8PiB
(pebibytes) in size whilst still allowing the usual negative value
error checking idiom.

Reported-by: Waiman Long <waiman.long@hpe.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
CC: Theodore Ts'o <tytso@mit.edu>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Scott J Norton <scott.norton@hpe.com>
Cc: Douglas Hatch <doug.hatch@hpe.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/mm/pageattr.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 0e1dd7d47f05..26598e08666c 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -955,11 +955,11 @@ static void populate_pte(struct cpa_data *cpa,
 	}
 }
 
-static int populate_pmd(struct cpa_data *cpa,
-			unsigned long start, unsigned long end,
-			unsigned num_pages, pud_t *pud, pgprot_t pgprot)
+static long populate_pmd(struct cpa_data *cpa,
+			 unsigned long start, unsigned long end,
+			 unsigned num_pages, pud_t *pud, pgprot_t pgprot)
 {
-	unsigned int cur_pages = 0;
+	long cur_pages = 0;
 	pmd_t *pmd;
 	pgprot_t pmd_pgprot;
 
@@ -1029,12 +1029,12 @@ static int populate_pmd(struct cpa_data *cpa,
 	return num_pages;
 }
 
-static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
-			pgprot_t pgprot)
+static long populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
+			 pgprot_t pgprot)
 {
 	pud_t *pud;
 	unsigned long end;
-	int cur_pages = 0;
+	long cur_pages = 0;
 	pgprot_t pud_pgprot;
 
 	end = start + (cpa->numpages << PAGE_SHIFT);
@@ -1090,7 +1090,7 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd,
 
 	/* Map trailing leftover */
 	if (start < end) {
-		int tmp;
+		long tmp;
 
 		pud = pud_offset(pgd, start);
 		if (pud_none(*pud))
@@ -1116,7 +1116,7 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr)
 	pgprot_t pgprot = __pgprot(_KERNPG_TABLE);
 	pud_t *pud = NULL;	/* shut up gcc */
 	pgd_t *pgd_entry;
-	int ret;
+	long ret;
 
 	pgd_entry = cpa->pgd + pgd_index(addr);
 
@@ -1351,7 +1351,8 @@ static int cpa_process_alias(struct cpa_data *cpa)
 
 static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
 {
-	int ret, numpages = cpa->numpages;
+	unsigned long numpages = cpa->numpages;
+	int ret;
 
 	while (numpages) {
 		/*
-- 
2.17.1


  parent reply	other threads:[~2018-10-25 14:17 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-25 14:16 [PATCH AUTOSEL 4.4 01/65] KEYS: put keyring if install_session_keyring_to_cred() fails Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 02/65] ipv6: suppress sparse warnings in IP6_ECN_set_ce() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 03/65] net: drop write-only stack variable Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 04/65] ser_gigaset: use container_of() instead of detour Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 05/65] tracing: Skip more functions when doing stack tracing of events Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 06/65] ARM: dts: apq8064: add ahci ports-implemented mask Sasha Levin
2018-10-25 14:16 ` Sasha Levin [this message]
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 08/65] btrfs: cleaner_kthread() doesn't need explicit freeze Sasha Levin
2018-10-25 15:07   ` David Sterba
2018-10-25 20:07     ` Sasha Levin
2018-10-26  6:58       ` Jiri Kosina
2018-10-26 10:57         ` Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 09/65] radix-tree: fix radix_tree_iter_retry() for tagged iterators Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 10/65] af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 11/65] net/mlx4_en: Resolve dividing by zero in 32-bit system Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 12/65] ipv6: orphan skbs in reassembly unit Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 13/65] um: Avoid longjmp/setjmp symbol clashes with libpthread.a Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 14/65] sched/cgroup: Fix cgroup entity load tracking tear-down Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 15/65] btrfs: don't create or leak aliased root while cleaning up orphans Sasha Levin
2018-10-25 15:12   ` David Sterba
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 16/65] thermal: allow spear-thermal driver to be a module Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 17/65] thermal: allow u8500-thermal " Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 18/65] tpm: fix: return rc when devm_add_action() fails Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 19/65] x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 20/65] aacraid: Start adapter after updating number of MSIX vectors Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 21/65] perf/core: Don't leak event in the syscall error path Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 22/65] [media] usbvision: revert commit 588afcc1 Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 23/65] MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 24/65] ASoC: ak4613: Enable cache usage to fix crashes on resume Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 25/65] ASoC: wm8940: " Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 26/65] CIFS: handle guest access errors to Windows shares Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 27/65] arm64: Fix potential race with hardware DBM in ptep_set_access_flags() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 28/65] xfrm: Clear sk_dst_cache when applying per-socket policy Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 29/65] scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 30/65] sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 31/65] sch_red: update backlog as well Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 32/65] usb-storage: fix bogus hardware error messages for ATA pass-thru devices Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 33/65] bpf: generally move prog destruction to RCU deferral Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 34/65] drm/nouveau/fbcon: fix oops without fbdev emulation Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 35/65] fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 36/65] ixgbevf: Fix handling of NAPI budget when multiple queues are enabled per vector Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 37/65] net/mlx5e: Fix LRO modify Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 38/65] net/mlx5e: Correctly handle RSS indirection table when changing number of channels Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 39/65] ixgbe: fix RSS limit for X550 Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 40/65] ixgbe: Correct X550EM_x revision check Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 41/65] ALSA: timer: Fix zero-division by continue of uninitialized instance Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 42/65] vti6: flush x-netns xfrm cache when vti interface is removed Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 43/65] gro: Allow tunnel stacking in the case of FOU/GUE Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 44/65] brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 45/65] l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 46/65] tty: serial: sprd: fix error return code in sprd_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 47/65] video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 48/65] sparc64 mm: Fix more TSB sizing issues Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 49/65] gpu: host1x: fix error return code in host1x_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 50/65] sparc64: Fix exception handling in UltraSPARC-III memcpy Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 51/65] gpio: msic: fix error return code in platform_msic_gpio_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 52/65] usb: imx21-hcd: fix error return code in imx21_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 53/65] usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 54/65] usb: dwc3: omap: fix error return code in dwc3_omap_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 55/65] spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 56/65] MIPS: Handle non word sized instructions when examining frame Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 57/65] spi/bcm63xx: fix error return code in bcm63xx_spi_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 58/65] spi: xlp: fix error return code in xlp_spi_probe() Sasha Levin
2018-10-25 14:16 ` [PATCH AUTOSEL 4.4 59/65] ASoC: spear: fix error return code in spdif_in_probe() Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 60/65] PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 61/65] bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 62/65] scsi: aacraid: Fix typo in blink status Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 63/65] MIPS: microMIPS: Fix decoding of swsp16 instruction Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 64/65] igb: Remove superfluous reset to PHY and page 0 selection Sasha Levin
2018-10-25 14:17 ` [PATCH AUTOSEL 4.4 65/65] MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181025141705.213937-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=arnd@arndb.de \
    --cc=bp@alien8.de \
    --cc=doug.hatch@hpe.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matt@codeblueprint.co.uk \
    --cc=scott.norton@hpe.com \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).