Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3774714imm; Mon, 18 Jun 2018 03:59:08 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKqEI0Wo5DcukQzv9728R4C/3dqAQa2N5GbVLpiNcY37aQ1mKZFWtkIvvD2bYpN38PL09ah X-Received: by 2002:a63:b407:: with SMTP id s7-v6mr10814438pgf.334.1529319548028; Mon, 18 Jun 2018 03:59:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529319547; cv=none; d=google.com; s=arc-20160816; b=SnLhvopC8pbpriG0OGKldmUt/8M2BRWeczX8AjyhGgYJcTtNjDHr54I+p+ruHxlvMZ dnEGG+6h8ax+KssdY4oLRC3E6uZgPaEWuLgc5fgyGU43Tx4Z3U13cdc+gWm+uiaQW5UK MscAST4CftOFlD5qSZrO4tU5mwDt9KkVgtc2cBlp7I1RFEocmWmMBILPNraxj7wF60Lm 8uzWxTyNcvTs6pSlFgCTG2p+FFTqTnBlJCgLstdax2bCCfvhcr6lnLTU3nB4k1XvCC0h CPnNLoPu5ojKBzv8uuKdBB1ypNVamzJaH7vi2HdA57v4yocfNZis2Kr1m8hpRA68mgSZ F3OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=2Aw/tsdIpBzwn3R/ut3ffmKv8OXKa5oMdbytpRRFEMY=; b=VBMkYug3t/r4f7JnhKHacvpd6mYkXHyLPBgJ7DiaS6UsiGNxbf684SP0qrlsGyBMAS QlhA8gI7XhV3QFriZLi562NJxpvkeMEhO8jrzHNw+2IhlWwBtRXck1PtSDa7dZaap19R mlBajl/gbFXuBm2Vpy8r2YZCLEq3JYP2ypn032LRWcX4+Q9VImZBi39RV5SlTV/Df/eP AsyXNqbnyo9MYZmAO1w59Raw2J+XgLVYYORxrLeJRc4aeVsQNZPZYH0RznxuqHKN8nQA AYzNEEttOvtMtjQjJ/bdMhNZJsqxp9jKIYrCme7I/D876itQC2IGUvJh+9Ttm+8YQCTv lCpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d16-v6si14615941pll.197.2018.06.18.03.58.54; Mon, 18 Jun 2018 03:59:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935187AbeFRKOV (ORCPT + 99 others); Mon, 18 Jun 2018 06:14:21 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:53056 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934391AbeFRIQa (ORCPT ); Mon, 18 Jun 2018 04:16:30 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id DDF06C50; Mon, 18 Jun 2018 08:16:29 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mark Rutland , Will Deacon , Catalin Marinas , Sasha Levin Subject: [PATCH 4.16 038/279] arm64: kasan: avoid pfn_to_nid() before page array is initialized Date: Mon, 18 Jun 2018 10:10:23 +0200 Message-Id: <20180618080610.379922155@linuxfoundation.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180618080608.851973560@linuxfoundation.org> References: <20180618080608.851973560@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mark Rutland [ Upstream commit 800cb2e553d44541b83aa3ec45d9839385fe8ab6 ] In arm64's kasan_init(), we use pfn_to_nid() to find the NUMA node a span of memory is in, hoping to allocate shadow from the same NUMA node. However, at this point, the page array has not been initialized, and thus this is bogus. Since commit: f165b378bbdf6c8a ("mm: uninitialized struct page poisoning sanity") ... accessing fields of the page array results in a boot time Oops(), highlighting this problem: [ 0.000000] Unable to handle kernel paging request at virtual address dfff200000000000 [ 0.000000] Mem abort info: [ 0.000000] ESR = 0x96000004 [ 0.000000] Exception class = DABT (current EL), IL = 32 bits [ 0.000000] SET = 0, FnV = 0 [ 0.000000] EA = 0, S1PTW = 0 [ 0.000000] Data abort info: [ 0.000000] ISV = 0, ISS = 0x00000004 [ 0.000000] CM = 0, WnR = 0 [ 0.000000] [dfff200000000000] address between user and kernel address ranges [ 0.000000] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.16.0-07317-gf165b378bbdf #42 [ 0.000000] Hardware name: ARM Juno development board (r1) (DT) [ 0.000000] pstate: 80000085 (Nzcv daIf -PAN -UAO) [ 0.000000] pc : __asan_load8+0x8c/0xa8 [ 0.000000] lr : __dump_page+0x3c/0x3b8 [ 0.000000] sp : ffff2000099b7ca0 [ 0.000000] x29: ffff2000099b7ca0 x28: ffff20000a1762c0 [ 0.000000] x27: ffff7e0000000000 x26: ffff2000099dd000 [ 0.000000] x25: ffff200009a3f960 x24: ffff200008f9c38c [ 0.000000] x23: ffff20000a9d3000 x22: ffff200009735430 [ 0.000000] x21: fffffffffffffffe x20: ffff7e0001e50420 [ 0.000000] x19: ffff7e0001e50400 x18: 0000000000001840 [ 0.000000] x17: ffffffffffff8270 x16: 0000000000001840 [ 0.000000] x15: 0000000000001920 x14: 0000000000000004 [ 0.000000] x13: 0000000000000000 x12: 0000000000000800 [ 0.000000] x11: 1ffff0012d0f89ff x10: ffff10012d0f89ff [ 0.000000] x9 : 0000000000000000 x8 : ffff8009687c5000 [ 0.000000] x7 : 0000000000000000 x6 : ffff10000f282000 [ 0.000000] x5 : 0000000000000040 x4 : fffffffffffffffe [ 0.000000] x3 : 0000000000000000 x2 : dfff200000000000 [ 0.000000] x1 : 0000000000000005 x0 : 0000000000000000 [ 0.000000] Process swapper (pid: 0, stack limit = 0x (ptrval)) [ 0.000000] Call trace: [ 0.000000] __asan_load8+0x8c/0xa8 [ 0.000000] __dump_page+0x3c/0x3b8 [ 0.000000] dump_page+0xc/0x18 [ 0.000000] kasan_init+0x2e8/0x5a8 [ 0.000000] setup_arch+0x294/0x71c [ 0.000000] start_kernel+0xdc/0x500 [ 0.000000] Code: aa0403e0 9400063c 17ffffee d343fc00 (38e26800) [ 0.000000] ---[ end trace 67064f0e9c0cc338 ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- Let's fix this by using early_pfn_to_nid(), as other architectures do in their kasan init code. Note that early_pfn_to_nid acquires the nid from the memblock array, which we iterate over in kasan_init(), so this should be fine. Signed-off-by: Mark Rutland Fixes: 39d114ddc6822302 ("arm64: add KASAN support") Cc: Will Deacon Signed-off-by: Catalin Marinas Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/arm64/mm/kasan_init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/mm/kasan_init.c +++ b/arch/arm64/mm/kasan_init.c @@ -204,7 +204,7 @@ void __init kasan_init(void) clear_pgds(KASAN_SHADOW_START, KASAN_SHADOW_END); kasan_map_populate(kimg_shadow_start, kimg_shadow_end, - pfn_to_nid(virt_to_pfn(lm_alias(_text)))); + early_pfn_to_nid(virt_to_pfn(lm_alias(_text)))); kasan_populate_zero_shadow((void *)KASAN_SHADOW_START, (void *)mod_shadow_start); @@ -224,7 +224,7 @@ void __init kasan_init(void) kasan_map_populate((unsigned long)kasan_mem_to_shadow(start), (unsigned long)kasan_mem_to_shadow(end), - pfn_to_nid(virt_to_pfn(start))); + early_pfn_to_nid(virt_to_pfn(start))); } /*