Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1826515imm; Mon, 3 Sep 2018 10:26:19 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYNdpf5DgKIIPc1Roz+rLZnO3RNDgndBgoSp9yA/R6AkN4VNmjgbBrnKqXXqR6aFXtQndod X-Received: by 2002:a63:c14a:: with SMTP id p10-v6mr27324314pgi.305.1535995579789; Mon, 03 Sep 2018 10:26:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535995579; cv=none; d=google.com; s=arc-20160816; b=Zu19eKo2vfSXpa8zV1m1M7Edj1XwPzRaeCodho1iyWkefl2eKbGU4QgabsQTOlJkbD rnngktpfGNHv7McDgBdIyOpkAauvTkvCdSoGxWwsn8CW5eX9v3uG9e2FpoLfNgI/evyo mJnYI1chkYqBmBL32goMEoDmK0j8TSLDZriRxggROsg+VOvXhniWW99EXX1mCejp71Qz xKxCYD7sPc81xle9mc4XVRDRsuC/4VYM92Q5iWMSTSgZssdr7K463aFLD6x4PQtGW4Yb l0haDn0E111WPnf4kwSVrfSW9Kl4nJ9QKOKMMl6BBdplNFOnVki7E7/rVwI9BCwcxaPB yb+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=9PgsGaZQUvnV5yQYynUh9KZOQI22O0ZY+T155Ouiatk=; b=zi4bQnJGNLPRrukyoSYDnbAmKjF1sbwvneQ6e4JkDdIp+uq7YIBfMbPUhvxEVJBfhj x9oCJCzcYANJQnyB8evCdG7RHygQNW6SlPisD9DNll/fCyjRJjyE/+4HlW6G5LYLtz/h F6gtIlScyXLkX/y5Oc61ZfJHfXj8vZnI833hrtJQrqDgnmNRpTZr4qlcxR2LR/AeNVhA JCNi5uWKm1id5ohRqfMcCHHQguncT/sByn4BiHLyzBguJx7Q1RBZ+6GUAtiyql1w4E9Z COnGz4+M5GZzC14zhoR1v0tdu1EEYpZ/lJEHVPduwBaGoug31YDzI3PusW9kGnvUVJPX C6Bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 142-v6si20710453pfy.182.2018.09.03.10.26.04; Mon, 03 Sep 2018 10:26:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730445AbeICVqG (ORCPT + 99 others); Mon, 3 Sep 2018 17:46:06 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:45626 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728609AbeICVqF (ORCPT ); Mon, 3 Sep 2018 17:46:05 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 962C2D24; Mon, 3 Sep 2018 17:24:57 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, George Anchev , Christopher Snowhill , Vlastimil Babka , Thomas Gleixner , "H . Peter Anvin" , Linus Torvalds , Andi Kleen , Dave Hansen , Michal Hocko Subject: [PATCH 4.14 112/165] x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Date: Mon, 3 Sep 2018 18:56:38 +0200 Message-Id: <20180903165701.131805367@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180903165655.003605184@linuxfoundation.org> References: <20180903165655.003605184@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Vlastimil Babka commit b0a182f875689647b014bc01d36b340217792852 upstream. Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes in the e820 map, the main region is almost 500MB over the 32GB limit: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the 500MB revealed, that there's an off-by-one error in the check in l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range check in the mitigation path does not take this into account. Instead of amending the range check, make l1tf_pfn_limit() return the first PFN which is over the limit which is less error prone. Adjust the other users accordingly. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev Reported-by: Christopher Snowhill Signed-off-by: Vlastimil Babka Signed-off-by: Thomas Gleixner Cc: "H . Peter Anvin" Cc: Linus Torvalds Cc: Andi Kleen Cc: Dave Hansen Cc: Michal Hocko Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 2 +- arch/x86/mm/mmap.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -182,7 +182,7 @@ extern void cpu_detect(struct cpuinfo_x8 static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -892,7 +892,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit(); /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -191,7 +191,7 @@ bool pfn_modify_allowed(unsigned long pf /* If it's real memory always allow */ if (pfn_valid(pfn)) return true; - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) return false; return true; }