Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2046087imm; Mon, 16 Jul 2018 00:50:30 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdlyBclm3wcFuMuXQvGMJB60TqQ0T+TCZEz/Lv07CYMRpJxN7/curQgyFHxF5v0GeQ+KAda X-Received: by 2002:a63:7b4d:: with SMTP id k13-v6mr14536199pgn.64.1531727429908; Mon, 16 Jul 2018 00:50:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531727429; cv=none; d=google.com; s=arc-20160816; b=N1KPd+Ls59o1JX1kp6lrWdigKLbOmogQQu0C4dCZMhs4iOjbsmVIpmFWZdTyvzMt50 6bv1qUX/WiKD4CQySJKbcRWs3EotmR3Tl03ShcgMcxi53wiiY1n5kHQr4CXrKEsqFFZS YhmqVjCuUqilEaut3Gna+WsCvhuJWGeCA9eSog+SwqafFb50guPJ7gvcgh71KhzkF8GY nqHbJQj6K0N8B8LCttob3wkrEzDqgQAOUiZc2mppbwIeFZhBWRyD9NQc/huek7KzHtqz 08wNBX1Wkw0V/vIgZPpw7jpEQROFolFLZJ7xe57Hj3zWGAihAyOzwT22zuMTDo/kCOXR V2WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=vClAYRpXrRfKSY/XjtuWi/1O6LdHE3EUxdvDbTj8l0w=; b=DqWchPZd7oig018fD6QnUf7ITDGm1ew0JEuLudKYc7c4Q1u5iXbTMga/aCjZ+i+pWC 1O7MF5GVlFu4daj4Mrl6wJoRzIMmYopw7pYkwIJ8hcHAGS5KTsv9suQKFue1ajZNoMIx bxMtQFh+0rd1Ci5fdvkuWgnVEvm4uIhm++ZWo0eLI+ALdK1W9lQ8xW5xS7r4hferGTkX xjGvdfvtRyb4PlYfS6KyX/sC/ZuQhD4ELLBfIgQW0PlP3pfpmE3Nm54QK5HZ2Cl86MpV FcVZlebp9aPEy0OG1Je4RISzednEPpJhWGskGq2SEkrYrj5ANImumqEKoA3gKoZ273+f 6bfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n15-v6si29575545pgc.309.2018.07.16.00.50.15; Mon, 16 Jul 2018 00:50:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389207AbeGPIKA (ORCPT + 99 others); Mon, 16 Jul 2018 04:10:00 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:48086 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388375AbeGPIKA (ORCPT ); Mon, 16 Jul 2018 04:10:00 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6FBF3C03; Mon, 16 Jul 2018 07:43:56 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Paul Burton , Serge Semin , James Hogan , Ralf Baechle , linux-mips@linux-mips.org Subject: [PATCH 4.4 01/43] MIPS: Fix ioremap() RAM check Date: Mon, 16 Jul 2018 09:36:06 +0200 Message-Id: <20180716073511.923793671@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180716073511.796555857@linuxfoundation.org> References: <20180716073511.796555857@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Paul Burton commit 523402fa9101090c91d2033b7ebdfdcf65880488 upstream. We currently attempt to check whether a physical address range provided to __ioremap() may be in use by the page allocator by examining the value of PageReserved for each page in the region - lowmem pages not marked reserved are presumed to be in use by the page allocator, and requests to ioremap them fail. The way we check this has been broken since commit 92923ca3aace ("mm: meminit: only set page reserved in the memblock region"), because memblock will typically not have any knowledge of non-RAM pages and therefore those pages will not have the PageReserved flag set. Thus when we attempt to ioremap a region outside of RAM we incorrectly fail believing that the region is RAM that may be in use. In most cases ioremap() on MIPS will take a fast-path to use the unmapped kseg1 or xkphys virtual address spaces and never hit this path, so the only way to hit it is for a MIPS32 system to attempt to ioremap() an address range in lowmem with flags other than _CACHE_UNCACHED. Perhaps the most straightforward way to do this is using ioremap_uncached_accelerated(), which is how the problem was discovered. Fix this by making use of walk_system_ram_range() to test the address range provided to __ioremap() against only RAM pages, rather than all lowmem pages. This means that if we have a lowmem I/O region, which is very common for MIPS systems, we're free to ioremap() address ranges within it. A nice bonus is that the test is no longer limited to lowmem. The approach here matches the way x86 performed the same test after commit c81c8a1eeede ("x86, ioremap: Speed up check for RAM pages") until x86 moved towards a slightly more complicated check using walk_mem_res() for unrelated reasons with commit 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages"). Signed-off-by: Paul Burton Reported-by: Serge Semin Tested-by: Serge Semin Fixes: 92923ca3aace ("mm: meminit: only set page reserved in the memblock region") Cc: James Hogan Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org # v4.2+ Patchwork: https://patchwork.linux-mips.org/patch/19786/ Signed-off-by: Greg Kroah-Hartman --- arch/mips/mm/ioremap.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) --- a/arch/mips/mm/ioremap.c +++ b/arch/mips/mm/ioremap.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -97,6 +98,20 @@ static int remap_area_pages(unsigned lon return error; } +static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, + void *arg) +{ + unsigned long i; + + for (i = 0; i < nr_pages; i++) { + if (pfn_valid(start_pfn + i) && + !PageReserved(pfn_to_page(start_pfn + i))) + return 1; + } + + return 0; +} + /* * Generic mapping function (not visible outside): */ @@ -115,8 +130,8 @@ static int remap_area_pages(unsigned lon void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long flags) { + unsigned long offset, pfn, last_pfn; struct vm_struct * area; - unsigned long offset; phys_addr_t last_addr; void * addr; @@ -136,18 +151,16 @@ void __iomem * __ioremap(phys_addr_t phy return (void __iomem *) CKSEG1ADDR(phys_addr); /* - * Don't allow anybody to remap normal RAM that we're using.. + * Don't allow anybody to remap RAM that may be allocated by the page + * allocator, since that could lead to races & data clobbering. */ - if (phys_addr < virt_to_phys(high_memory)) { - char *t_addr, *t_end; - struct page *page; - - t_addr = __va(phys_addr); - t_end = t_addr + (size - 1); - - for(page = virt_to_page(t_addr); page <= virt_to_page(t_end); page++) - if(!PageReserved(page)) - return NULL; + pfn = PFN_DOWN(phys_addr); + last_pfn = PFN_DOWN(last_addr); + if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL, + __ioremap_check_ram) == 1) { + WARN_ONCE(1, "ioremap on RAM at %pa - %pa\n", + &phys_addr, &last_addr); + return NULL; } /*