Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3743329img;
        Mon, 25 Mar 2019 17:19:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxdyttMWDyHANk0vux0Xp2JjSYwSbjYxwG1U3V2KVk27yUmVZ4CKlfzwWSNQDZB2gsYof2n
X-Received: by 2002:a63:2c06:: with SMTP id s6mr26365492pgs.245.1553559584852;
        Mon, 25 Mar 2019 17:19:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553559584; cv=none;
        d=google.com; s=arc-20160816;
        b=oqirtRIYBlCH2ZDhA1oCTE4CxB3At+lbxCPkxYG2c7r7LOli52BI6qOOAcmwXCIYwW
         iOzEI3WZKPZT2jElI9gsELnzzu7HVsy/z682FthvGHMU6vDA8l+sMJvh6NjsW12H04tk
         xIzPstFNBZ+yzMeJb7DR6p5jQmsG77sXh4jksckc3I83JnMNc5uwvG55xz3jtBm54SyR
         HENUIba4WKHUOanICTgwpFYEyzrHgcXoE9jCFaxpMDBgqXljOLiLBaG1yo35RCZkn007
         i8OEMLCrUcbOvMQXS8svLYOWXW+fJQyPeTD94m4RZ6VJhuN55qcZW5HOZ00EYnReZ2+Z
         V8iQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:dkim-signature:content-transfer-encoding
         :mime-version:references:in-reply-to:message-id:date:subject:cc:to
         :from;
        bh=rug7tppjj0W6yolK2JQNky95da2OiKZcEc1JvEU0dnM=;
        b=g8Jv8JjxzO3AYkek8VCuBDXP1BwFotQk6d8tpDi9aDB+87zYuauDxNUXRYP6tuHggA
         lrKtCD91lJEQc0MFFvOdJIfusgZGV64bwCyaUCcUyWwKbCj0iYD3maHzrUoyFYhaB1er
         YeBAY00L0pOTloeDgYm1yR4JkETYuFSaSnAigFMol9zEjV1MfN8jaoPRMWNHoCXlOHtu
         Dcws94ZvkYsdLXMnmZbLoLsp6Wcotde9V8JEOUKvJVNd9mMagSkF8p46gDNXse6nY5hl
         /uz/NXJnS8hglnrtQNpjhzsWj2GabJW90/e4/5adBHp5N3NF5BBV+84nvYzf/DyamlDW
         O7CQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@nvidia.com header.s=n1 header.b=irgfQneN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h9si16197299plk.373.2019.03.25.17.19.30;
        Mon, 25 Mar 2019 17:19:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@nvidia.com header.s=n1 header.b=irgfQneN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729993AbfCZASs (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Mon, 25 Mar 2019 20:18:48 -0400
Received: from hqemgate15.nvidia.com ([216.228.121.64]:15639 "EHLO
        hqemgate15.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726186AbfCZASr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Mar 2019 20:18:47 -0400
Received: from hqpgpgate102.nvidia.com (Not Verified[216.228.121.13]) by hqemgate15.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA)
        id <B5c996fe20000>; Mon, 25 Mar 2019 17:18:42 -0700
Received: from hqmail.nvidia.com ([172.20.161.6])
  by hqpgpgate102.nvidia.com (PGP Universal service);
  Mon, 25 Mar 2019 17:18:46 -0700
X-PGP-Universal: processed;
        by hqpgpgate102.nvidia.com on Mon, 25 Mar 2019 17:18:46 -0700
Received: from rcampbell-dev.nvidia.com (10.124.1.5) by HQMAIL101.nvidia.com
 (172.20.187.10) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 26 Mar
 2019 00:18:46 +0000
From:   <rcampbell@nvidia.com>
To:     <linux-kernel@vger.kernel.org>
CC:     Ralph Campbell <rcampbell@nvidia.com>,
        Craig Bergstrom <craigb@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Fengguang Wu <fengguang.wu@intel.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Hans Verkuil <hans.verkuil@cisco.com>,
        Mauro Carvalho Chehab <mchehab@s-opensource.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Sander Eikelenboom <linux@eikelenboom.it>,
        Sean Young <sean@mess.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>
Subject: [PATCH v2 1/1] x86/mm: Fix limit mmap() of /dev/mem to valid physical addresses
Date:   Mon, 25 Mar 2019 17:18:17 -0700
Message-ID: <20190326001817.15413-2-rcampbell@nvidia.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190326001817.15413-1-rcampbell@nvidia.com>
References: <20190326001817.15413-1-rcampbell@nvidia.com>
MIME-Version: 1.0
X-NVConfidentiality: public
X-Originating-IP: [10.124.1.5]
X-ClientProxiedBy: HQMAIL105.nvidia.com (172.20.187.12) To
 HQMAIL101.nvidia.com (172.20.187.10)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1;
        t=1553559522; bh=rug7tppjj0W6yolK2JQNky95da2OiKZcEc1JvEU0dnM=;
        h=X-PGP-Universal:From:To:CC:Subject:Date:Message-ID:X-Mailer:
         In-Reply-To:References:MIME-Version:X-NVConfidentiality:
         X-Originating-IP:X-ClientProxiedBy:Content-Transfer-Encoding:
         Content-Type;
        b=irgfQneNrpXsg0Bnp+ByqmerIiNBQGqo/rGF6JoFT04m5vKgBZ8q11nhkKPOJ8y1n
         00mXg5wX8vY51MKtyhFB1dQXb9O2eq2yF1M1XswkFm5KyiT/vWvUIXRhZaSHwzByR8
         moNLS+vVi/w/Fcsanx6KG5hMt/J1ODqBAikq88eZD65kIHIq7IwT7vJAx7YJudMLKS
         dNayuoT8VrD9/rjfK31F03P2iD691PWbnfQTKmPcM1Rn++k26MtAoickPSPsC9t0V/
         anpFgVgIIh6hIOS/X6w/aNzOGojd3pliLW3qt5X/HNXmu3igoHYDuQ3XHxu07xLEJn
         ai9GJ35WS/aag==
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ralph Campbell <rcampbell@nvidia.com>

valid_phys_addr_range() is used to sanity check the physical address range
of an operation, e.g., access to /dev/mem. It uses __pa(high_memory)
internally.

If memory is populated at the end of the physical address space, then
__pa(high_memory) is outside of the physical address space because:

   high_memory =3D (void *)__va(max_pfn * PAGE_SIZE - 1) + 1;

For the comparison in valid_phys_addr_range() this is not an issue, but if
CONFIG_DEBUG_VIRTUAL is enabled, __pa() maps to __phys_addr(), which
verifies that the resulting physical address is within the valid physical
address space of the CPU. So in the case that memory is populated at the
end of the physical address space, this is not true and triggers a
VIRTUAL_BUG_ON().

Use __pa(high_memory - 1) to prevent the conversion from going beyond
the end of valid physical addresses.

Fixes: be62a3204406 ("x86/mm: Limit mmap() of /dev/mem to valid physical ad=
dresses")
Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
Cc: Craig Bergstrom <craigb@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sander Eikelenboom <linux@eikelenboom.it>
Cc: Sean Young <sean@mess.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/mm/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
index db3165714521..196bed43d5e6 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -230,7 +230,7 @@ bool mmap_address_hint_valid(unsigned long addr, unsign=
ed long len)
 /* Can we access it for direct reading/writing? Must be RAM: */
 int valid_phys_addr_range(phys_addr_t addr, size_t count)
 {
-	return addr + count <=3D __pa(high_memory);
+	return addr + count - 1 <=3D __pa(high_memory - 1);
 }
=20
 /* Can we access it through mmap? Must be a valid physical address: */
--=20
2.20.1