Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1833140imm;
        Mon, 3 Sep 2018 10:36:10 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdYhSKCMa4W2el2yMpbnuvmZ8aohZqOzY6fzDH8nJxRWKv8Vd1OmW6LjULGVTZsUShn7x18D
X-Received: by 2002:a17:902:209:: with SMTP id 9-v6mr29237164plc.270.1535996170717;
        Mon, 03 Sep 2018 10:36:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535996170; cv=none;
        d=google.com; s=arc-20160816;
        b=BjDhNJXuiMB6MTXwsWHpLMfZrGOKxPMwXchbuA3NIxaX8wa51v1mWXQY1hL1LLRWO8
         zjrXLQ1Zmhy2nVhCZWnOkSYiaZ1oJkSkLO7U+XyVUCCltkBHl4yV8AfGVRu5VOFXVSZr
         x6UJs0xIhx/S7HquQok3tnyhqj1R3b938nMyqV+aEUnNRWjLmJBd4N/hXblGNktQJPWX
         dXFKq6Jy9R7y+Sibe8Kg9zqKCGhFTVWJVNYqBZTS0Hm9SgvvZxh7MBhuLIsBnidIkBl4
         XtHE8SlahTcR9WlZyXez02iDrM2qMWw4wg5VqJPIdgoJJM4wk3XteOCWk9J9BJdtqrCR
         YjiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=uvTcTabLRwAMYga78lbY5NFxdj0U9V0lZteEFqU7RfQ=;
        b=zkAGFQGAFLepkrXo/YyYtumuAIp/oO+ZAUP5dXbH5zvy91mzl1J/E0xFfTR+4ghW7q
         eaGoZxNreAjbULRLZwDJgkzAQxQqrB4eNj4Y0Na0x5mTu0zVteCFiTYKOZoEZaRK/LeT
         +Z4nu21eH0gSsYREe2ZHtSc9WEn2SqJXxCn+ztsBMRztHrG19k3SCx3hvG2Q92DydQyr
         arHXmtHBbpf0oig9yRlmxYZDrV7dcqx4WZPHPEMRegLZGobsq6Gvv8qeEydrDtVMHfBD
         9UxruZXSk6H02D01qjf9fceLQ3S/Ay/NLY5/NGaA0efQ5vuBYGdjW4bjfvu6nwV0b4Hx
         qL4g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o81-v6si19561034pfj.350.2018.09.03.10.35.55;
        Mon, 03 Sep 2018 10:36:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731430AbeICV4C (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Mon, 3 Sep 2018 17:56:02 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:47866 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728335AbeICV4B (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Sep 2018 17:56:01 -0400
Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 93D80D16;
        Mon,  3 Sep 2018 17:34:50 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, George Anchev <studio@anchev.net>,
        Christopher Snowhill <kode54@gmail.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        Thomas Gleixner <tglx@linutronix.de>,
        "H . Peter Anvin" <hpa@zytor.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andi Kleen <ak@linux.intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Michal Hocko <mhocko@kernel.org>
Subject: [PATCH 4.18 052/123] x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
Date:   Mon,  3 Sep 2018 18:56:36 +0200
Message-Id: <20180903165721.655985553@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180903165719.499675257@linuxfoundation.org>
References: <20180903165719.499675257@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Vlastimil Babka <vbabka@suse.cz>

commit b0a182f875689647b014bc01d36b340217792852 upstream.

Two users have reported [1] that they have an "extremely unlikely" system
with more than MAX_PA/2 memory and L1TF mitigation is not effective. In
fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to
holes in the e820 map, the main region is almost 500MB over the 32GB limit:

[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable

Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the
500MB revealed, that there's an off-by-one error in the check in
l1tf_select_mitigation().

l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range
check in the mitigation path does not take this into account.

Instead of amending the range check, make l1tf_pfn_limit() return the first
PFN which is over the limit which is less error prone. Adjust the other
users accordingly.

[1] https://bugzilla.suse.com/show_bug.cgi?id=1105536

Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
Reported-by: George Anchev <studio@anchev.net>
Reported-by: Christopher Snowhill <kode54@gmail.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/processor.h |    2 +-
 arch/x86/mm/init.c               |    2 +-
 arch/x86/mm/mmap.c               |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -183,7 +183,7 @@ extern void cpu_detect(struct cpuinfo_x8
 
 static inline unsigned long long l1tf_pfn_limit(void)
 {
-	return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
+	return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT);
 }
 
 extern void early_cpu_init(void);
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void)
 
 	if (boot_cpu_has_bug(X86_BUG_L1TF)) {
 		/* Limit the swap file size to MAX_PA/2 for L1TF workaround */
-		unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
+		unsigned long long l1tf_limit = l1tf_pfn_limit();
 		/*
 		 * We encode swap offsets also with 3 bits below those for pfn
 		 * which makes the usable limit higher.
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pf
 	/* If it's real memory always allow */
 	if (pfn_valid(pfn))
 		return true;
-	if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
+	if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
 		return false;
 	return true;
 }