The end address passed to memtype_reserve() is handed directly to
sanitize_phys(). However, end is exclusive and sanitize_phys() expects
an inclusive address. If end falls at the end of the physical address
space, sanitize_phys() will return 0. This can result in drivers
failing to load, and the following warning:
[ 9.999440] mpt3sas version 29.100.01.00 loaded
[ 9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
[ 9.999819] ------------[ cut here ]------------
[ 9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
[ 9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
[ 9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
[ 9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
[ 9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
[ 9.999843] Call Trace:
[ 9.999851] [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
[ 9.999857] [<ffffffffa429bc08>] __warn+0xd8/0x100
[ 9.999859] [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
[ 9.999861] [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
[ 9.999867] [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
[ 9.999872] [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
[ 9.999875] [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
[ 9.999879] [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
[ 9.999884] [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
[ 9.999889] [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
[ 9.999894] [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
[ 9.999901] [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
[ 9.999903] [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
[ 9.999909] [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
[ 9.999910] [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
[ 9.999912] [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
[ 9.999914] [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
[ 9.999916] [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
[ 9.999918] [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
[ 9.999920] [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
[ 9.999922] [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
[ 9.999924] [<ffffffffc049b000>] ? 0xffffffffc049afff
[ 9.999928] [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
[ 9.999933] [<ffffffffa420210a>] do_one_initcall+0xba/0x240
[ 9.999940] [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
[ 9.999946] [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
[ 9.999948] [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
[ 9.999954] [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
[ 9.999955] ---[ end trace 6d6eea4438db89ef ]---
[ 9.999957] ioremap reserve_memtype failed -22
[ 10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
[ 10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
(Note that this warning was from an older distribution kernel, so line
numbers and file names may not line up with the current tree.)
Fix this by passing the inclusive end address to sanitize_phys().
Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
Signed-off-by: Jeff Moyer <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
---
v2:
- Add the warning splat to the commit log. (tglx)
- Use parenthesis when referring to function names. (tglx)
- Add a comment to the code. (tglx)
- Use inclusive/exclusive instead of interval notation.
diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
index 3112ca7786ed..4ba2a3ee4bce 100644
--- a/arch/x86/mm/pat/memtype.c
+++ b/arch/x86/mm/pat/memtype.c
@@ -583,7 +583,12 @@ int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
int err = 0;
start = sanitize_phys(start);
- end = sanitize_phys(end);
+
+ /*
+ * The end address passed into this function is exclusive, but
+ * sanitize_phys() expects an inclusive address.
+ */
+ end = sanitize_phys(end - 1) + 1;
if (start >= end) {
WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
start, end - 1, cattr_name(req_type));
Ping?
Jeff Moyer <[email protected]> writes:
> The end address passed to memtype_reserve() is handed directly to
> sanitize_phys(). However, end is exclusive and sanitize_phys() expects
> an inclusive address. If end falls at the end of the physical address
> space, sanitize_phys() will return 0. This can result in drivers
> failing to load, and the following warning:
>
> [ 9.999440] mpt3sas version 29.100.01.00 loaded
> [ 9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
> [ 9.999819] ------------[ cut here ]------------
> [ 9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
> [ 9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
> [ 9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
> [ 9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
> [ 9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
> [ 9.999843] Call Trace:
> [ 9.999851] [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
> [ 9.999857] [<ffffffffa429bc08>] __warn+0xd8/0x100
> [ 9.999859] [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
> [ 9.999861] [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
> [ 9.999867] [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
> [ 9.999872] [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999875] [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
> [ 9.999879] [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999884] [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
> [ 9.999889] [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
> [ 9.999894] [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
> [ 9.999901] [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
> [ 9.999903] [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
> [ 9.999909] [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
> [ 9.999910] [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
> [ 9.999912] [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
> [ 9.999914] [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
> [ 9.999916] [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
> [ 9.999918] [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
> [ 9.999920] [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
> [ 9.999922] [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
> [ 9.999924] [<ffffffffc049b000>] ? 0xffffffffc049afff
> [ 9.999928] [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
> [ 9.999933] [<ffffffffa420210a>] do_one_initcall+0xba/0x240
> [ 9.999940] [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
> [ 9.999946] [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
> [ 9.999948] [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
> [ 9.999954] [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
> [ 9.999955] ---[ end trace 6d6eea4438db89ef ]---
> [ 9.999957] ioremap reserve_memtype failed -22
> [ 10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
> [ 10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
>
> (Note that this warning was from an older distribution kernel, so line
> numbers and file names may not line up with the current tree.)
>
> Fix this by passing the inclusive end address to sanitize_phys().
>
> Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
> Signed-off-by: Jeff Moyer <[email protected]>
> Reviewed-by: David Hildenbrand <[email protected]>
>
> ---
> v2:
> - Add the warning splat to the commit log. (tglx)
> - Use parenthesis when referring to function names. (tglx)
> - Add a comment to the code. (tglx)
> - Use inclusive/exclusive instead of interval notation.
>
> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
> index 3112ca7786ed..4ba2a3ee4bce 100644
> --- a/arch/x86/mm/pat/memtype.c
> +++ b/arch/x86/mm/pat/memtype.c
> @@ -583,7 +583,12 @@ int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
> int err = 0;
>
> start = sanitize_phys(start);
> - end = sanitize_phys(end);
> +
> + /*
> + * The end address passed into this function is exclusive, but
> + * sanitize_phys() expects an inclusive address.
> + */
> + end = sanitize_phys(end - 1) + 1;
> if (start >= end) {
> WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
> start, end - 1, cattr_name(req_type));
On Wed, Aug 11, 2021 at 2:06 PM Jeff Moyer <[email protected]> wrote:
>
> The end address passed to memtype_reserve() is handed directly to
> sanitize_phys(). However, end is exclusive and sanitize_phys() expects
> an inclusive address. If end falls at the end of the physical address
> space, sanitize_phys() will return 0. This can result in drivers
> failing to load, and the following warning:
>
> [ 9.999440] mpt3sas version 29.100.01.00 loaded
> [ 9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
> [ 9.999819] ------------[ cut here ]------------
> [ 9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
> [ 9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
> [ 9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
> [ 9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
> [ 9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
> [ 9.999843] Call Trace:
> [ 9.999851] [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
> [ 9.999857] [<ffffffffa429bc08>] __warn+0xd8/0x100
> [ 9.999859] [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
> [ 9.999861] [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
> [ 9.999867] [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
> [ 9.999872] [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999875] [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
> [ 9.999879] [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999884] [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
> [ 9.999889] [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
> [ 9.999894] [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
> [ 9.999901] [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
> [ 9.999903] [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
> [ 9.999909] [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
> [ 9.999910] [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
> [ 9.999912] [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
> [ 9.999914] [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
> [ 9.999916] [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
> [ 9.999918] [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
> [ 9.999920] [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
> [ 9.999922] [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
> [ 9.999924] [<ffffffffc049b000>] ? 0xffffffffc049afff
> [ 9.999928] [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
> [ 9.999933] [<ffffffffa420210a>] do_one_initcall+0xba/0x240
> [ 9.999940] [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
> [ 9.999946] [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
> [ 9.999948] [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
> [ 9.999954] [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
> [ 9.999955] ---[ end trace 6d6eea4438db89ef ]---
> [ 9.999957] ioremap reserve_memtype failed -22
> [ 10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
> [ 10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
>
> (Note that this warning was from an older distribution kernel, so line
> numbers and file names may not line up with the current tree.)
>
> Fix this by passing the inclusive end address to sanitize_phys().
>
> Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
> Signed-off-by: Jeff Moyer <[email protected]>
> Reviewed-by: David Hildenbrand <[email protected]>
Reviewed-by: Dan Williams <[email protected]>
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: aeef8b5089b76852bd84889f2809e69a7cfb414e
Gitweb: https://git.kernel.org/tip/aeef8b5089b76852bd84889f2809e69a7cfb414e
Author: Jeff Moyer <[email protected]>
AuthorDate: Wed, 11 Aug 2021 17:07:37 -04:00
Committer: Thomas Gleixner <[email protected]>
CommitterDate: Thu, 02 Sep 2021 21:53:18 +02:00
x86/pat: Pass valid address to sanitize_phys()
The end address passed to memtype_reserve() is handed directly to
sanitize_phys(). However, end is exclusive and sanitize_phys() expects
an inclusive address. If end falls at the end of the physical address
space, sanitize_phys() will return 0. This can result in drivers
failing to load, and the following warning:
WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
Call Trace:
[<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
[<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
[<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
[<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
---[ end trace 6d6eea4438db89ef ]---
ioremap reserve_memtype failed -22
mpt3sas_cm0: unable to map adapter memory! or resource not found
mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
Fix this by passing the inclusive end address to sanitize_phys().
Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
Signed-off-by: Jeff Moyer <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
Reviewed-by: Dan Williams <[email protected]>
Cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]
---
arch/x86/mm/pat/memtype.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
index 3112ca7..4ba2a3e 100644
--- a/arch/x86/mm/pat/memtype.c
+++ b/arch/x86/mm/pat/memtype.c
@@ -583,7 +583,12 @@ int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
int err = 0;
start = sanitize_phys(start);
- end = sanitize_phys(end);
+
+ /*
+ * The end address passed into this function is exclusive, but
+ * sanitize_phys() expects an inclusive address.
+ */
+ end = sanitize_phys(end - 1) + 1;
if (start >= end) {
WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
start, end - 1, cattr_name(req_type));