Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8250117imu; Fri, 28 Dec 2018 13:43:01 -0800 (PST) X-Google-Smtp-Source: ALg8bN7OqA96qonNuzn9P7RQQA9LiCNc3jQj+3Fh+IV7KIJtscFwTlqWzpLgCwte6pbu+p8b3ijR X-Received: by 2002:a63:a611:: with SMTP id t17mr27380552pge.338.1546033380949; Fri, 28 Dec 2018 13:43:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546033380; cv=none; d=google.com; s=arc-20160816; b=X2scaic5eO6sQdvXhFOFN934DpFsGcBkgaDvArWOhl7yY9d049wbLCf5vNHoE58QBR BMN54LKL6b7MWwM7HWv9cbxQDCTyS4+eJ9eB6nHvnL4YI8fjZtf8cszZV68X0cTeX4bi CDTz0S0HwgbCEzQhTf0qcJZ/etmfRdCkKI+bw9SZgtKzYA8ePcc/mV4GhlTYWp3k93kS 3n5lNeNxtbAVkSPyNaWyzQfa4gwas+Yw8fSkF6LSFqK7fdg356FAaT9t+XjlLWsc9bLo uMzWry/d2cAu7KIQoiCq9+L9aKMRMhfK2KQmo3/f80WwDrsq0VNUNfIFpy6yUBxZEY3k /GnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KkVi1oHFJmq5q90sBqiZovzGL59RjwQFCBAJ3US3Rac=; b=m9z9C8XfkcZbrVQ32MGLXlKlwuevTkBWRPGdVpryC3+A4EV076tCJxy2loC1osVcus ZimBVTpnB5rctYburB5+PWDcO9wGxqOLpjuYihw0hw1syhspMssPMmqFhYLcd6rLnXQS B7lGHK7RcBCIFsdl+tKNo/RzpzpYnJvfK7yE939bxShO0X1BeE59SPmhHWMp+Oa01dfc Rqg1zo29hvcpVJ4bTKHsl2DLpuV1XemHpaf2oPCQiNxjuWEoKtyTJPdk6oF62XExV4+U 5eDyZsewQ1+UAH4wZipmC4y57ZXRcmL6S5cAja3V0eKdg5J1hI5BtgppuKWL0gxQa4Aa pCJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=k7s4ebu6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o61si21159095pld.246.2018.12.28.13.42.45; Fri, 28 Dec 2018 13:43:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=k7s4ebu6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729237AbeL1MOX (ORCPT + 99 others); Fri, 28 Dec 2018 07:14:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:33186 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728741AbeL1MOW (ORCPT ); Fri, 28 Dec 2018 07:14:22 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A61C82148E; Fri, 28 Dec 2018 12:14:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1545999261; bh=UVt0sSC0doC8C2tfcZBdUhMXWSO5ij/akM9V/kXBLBc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k7s4ebu6GC15J6Y47dbTtZ26w4ExZYHW697z6AgZ4HgC5FhxYxObmac8ktuN+RErW ep6duoY/i3oLBS5UpSiiL9+D9TVuJ+aI1ei/GGnfAOFuE4JCP7Qgy9pEQdelhlB/LM u4xY847/DZKm3juqAocFGh/FuR/YE4QOcMshBCoI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gert Robben , Dan Williams , Thomas Gleixner , Andy Shevchenko , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Borislav Petkov , "H. Peter Anvin" , platform-driver-x86@vger.kernel.org Subject: [PATCH 4.19 27/46] x86/mm: Fix decoy address handling vs 32-bit builds Date: Fri, 28 Dec 2018 12:52:21 +0100 Message-Id: <20181228113126.371890647@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20181228113124.971620049@linuxfoundation.org> References: <20181228113124.971620049@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Dan Williams commit 51c3fbd89d7554caa3290837604309f8d8669d99 upstream. A decoy address is used by set_mce_nospec() to update the cache attributes for a page that may contain poison (multi-bit ECC error) while attempting to minimize the possibility of triggering a speculative access to that page. When reserve_memtype() is handling a decoy address it needs to convert it to its real physical alias. The conversion, AND'ing with __PHYSICAL_MASK, is broken for a 32-bit physical mask and reserve_memtype() is passed the last physical page. Gert reports triggering the: BUG_ON(start >= end); ...assertion when running a 32-bit non-PAE build on a platform that has a driver resource at the top of physical memory: BIOS-e820: [mem 0x00000000fff00000-0x00000000ffffffff] reserved Given that the decoy address scheme is only targeted at 64-bit builds and assumes that the top of physical address space is free for use as a decoy address range, simply bypass address sanitization in the 32-bit case. Lastly, there was no need to crash the system when this failure occurred, and no need to crash future systems if the assumptions of decoy addresses are ever violated. Change the BUG_ON() to a WARN() with an error return. Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for...") Reported-by: Gert Robben Signed-off-by: Dan Williams Signed-off-by: Thomas Gleixner Tested-by: Gert Robben Cc: stable@vger.kernel.org Cc: Andy Shevchenko Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: platform-driver-x86@vger.kernel.org Cc: Link: https://lkml.kernel.org/r/154454337985.789277.12133288391664677775.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Greg Kroah-Hartman --- arch/x86/mm/pat.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c @@ -519,8 +519,13 @@ static u64 sanitize_phys(u64 address) * for a "decoy" virtual address (bit 63 clear) passed to * set_memory_X(). __pa() on a "decoy" address results in a * physical address with bit 63 set. + * + * Decoy addresses are not present for 32-bit builds, see + * set_mce_nospec(). */ - return address & __PHYSICAL_MASK; + if (IS_ENABLED(CONFIG_X86_64)) + return address & __PHYSICAL_MASK; + return address; } /* @@ -546,7 +551,11 @@ int reserve_memtype(u64 start, u64 end, start = sanitize_phys(start); end = sanitize_phys(end); - BUG_ON(start >= end); /* end is exclusive */ + if (start >= end) { + WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__, + start, end - 1, cattr_name(req_type)); + return -EINVAL; + } if (!pat_enabled()) { /* This is identical to page table setting without PAT */