Received: by 10.223.185.116 with SMTP id b49csp6330465wrg; Wed, 28 Feb 2018 07:41:13 -0800 (PST) X-Google-Smtp-Source: AH8x226jsoXfr5VMymS6IPfhN386nXTpAvqldApeL927/j85neF2l4fU/LtUw+bSpyycBVW50YWU X-Received: by 2002:a17:902:8215:: with SMTP id x21-v6mr18735024pln.164.1519832473360; Wed, 28 Feb 2018 07:41:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519832473; cv=none; d=google.com; s=arc-20160816; b=PB7GVZZT/fyEk+5leEXPLuZkOJhT4xA1ILDS44mTnRgcRxU4oe93PzlFpwPKGAskgl zGxW/FS6uBppbC5M0+AOH0JtGxZLjdgWMkL4VjiRgx8PtecNGhFVFBE91ZY6YIlAcqwr JhPTuwAT6xR8DO+Om+b/wU2iX9GiZvRm/yaaw1ynLcEm57lvZHQMhbNd/9tbq5Qx0tSw QeRoIk928S3W4Lx6WZP79UHD0KZdpAxBqYLbpN9VVlWNgE+bPMAnrBlKnJHGcXGn7lnX bzp59bw/oZ2lqMhwb8nHsMVSmWiNfAB4OJBFZ8RTQ40GvSSyQGRWSIgqW26eeGuAH8YO mhEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=C5zFCdT/yw5b88mrpNakWvAUfemLJ0/9Zw+MQt7Yemg=; b=fhAozFoiGN/zc0w/s9u7oCdHhj2TH7g3kCEy+1DD/fuNgsFiMP40VqNjFghZw+jqMv e/RNmXeruGuj4kljYa2d6Oi30kRjYLum8FfX7N7fuxVdio7RRJ7ezVml0pPoFMcFH2GW BxRs++4xMxVcwcjzOXyqin5s3P3s6cmpk57cmeOIcpBdk+X+puBP/+OucpFNCXRHh9WS lDZQwT9Sw3m5sq2PQQpu8iaVhpBpUsvPut5ZPzRDSb1oSc29MrTILxYpiM5haWVVnNQE C+OSBH2oUUOMBfsacM4Y7USrHyXL/A8BBBVqmhmgpT60wWoSnHAux0eXKAV+uSTK3F13 ld2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1-v6si1418487pli.534.2018.02.28.07.40.58; Wed, 28 Feb 2018 07:41:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933160AbeB1Pgk (ORCPT + 99 others); Wed, 28 Feb 2018 10:36:40 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:33294 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752778AbeB1PWf (ORCPT ); Wed, 28 Feb 2018 10:22:35 -0500 Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1er3Yf-0006Xh-9q; Wed, 28 Feb 2018 15:22:17 +0000 Received: from ben by deadeye with local (Exim 4.90_1) (envelope-from ) id 1er3Yd-0008Ot-R4; Wed, 28 Feb 2018 15:22:15 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Marc Zyngier" , "Suzuki K Poulose" , "Kristina Martsenko" , "Christoffer Dall" Date: Wed, 28 Feb 2018 15:20:18 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 033/254] arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one In-Reply-To: X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.55-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Kristina Martsenko commit 26aa7b3b1c0fb3f1a6176a0c1847204ef4355693 upstream. VTTBR_BADDR_MASK is used to sanity check the size and alignment of the VTTBR address. It seems to currently be off by one, thereby only allowing up to 47-bit addresses (instead of 48-bit) and also insufficiently checking the alignment. This patch fixes it. As an example, with 4k pages, before this patch we have: PHYS_MASK_SHIFT = 48 VTTBR_X = 37 - 24 = 13 VTTBR_BADDR_SHIFT = 13 - 1 = 12 VTTBR_BADDR_MASK = ((1 << 35) - 1) << 12 = 0x00007ffffffff000 Which is wrong, because the mask doesn't allow bit 47 of the VTTBR address to be set, and only requires the address to be 12-bit (4k) aligned, while it actually needs to be 13-bit (8k) aligned because we concatenate two 4k tables. With this patch, the mask becomes 0x0000ffffffffe000, which is what we want. Fixes: 0369f6a34b9f ("arm64: KVM: EL2 register definitions") Reviewed-by: Suzuki K Poulose Reviewed-by: Christoffer Dall Signed-off-by: Kristina Martsenko Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall Signed-off-by: Ben Hutchings --- arch/arm64/include/asm/kvm_arm.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -164,8 +164,7 @@ #define VTTBR_X (37 - VTCR_EL2_T0SZ_40B) #endif -#define VTTBR_BADDR_SHIFT (VTTBR_X - 1) -#define VTTBR_BADDR_MASK (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT) +#define VTTBR_BADDR_MASK (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_X) #define VTTBR_VMID_SHIFT (UL(48)) #define VTTBR_VMID_MASK (UL(0xFF) << VTTBR_VMID_SHIFT)