Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7355297yba; Thu, 2 May 2019 08:31:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqz78pfQ4jZXq4O8jE2wWrsJNi+xf9Lhreheew4Mt6If+jzrIxHhC2vJgMkUH+xQ7Ag0K8Hk X-Received: by 2002:a65:4802:: with SMTP id h2mr4313162pgs.98.1556811070067; Thu, 02 May 2019 08:31:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556811070; cv=none; d=google.com; s=arc-20160816; b=PTQYJtNs2Wz44mTL1rivWCegLzXLtHZQLmhdBgOBl2UnVnpCFMv/LW0d9E1qj1/aTQ jbAgOk2bltbAU04qL+mJbq1KOiojmGELFsOPIBchkKlACXSikHAg31JvqMLNhumWxzH6 U0lK/+XPyq0b+alwqxaUQNYrerks8lm9Si68/IFwblGcT/LeSy3Zp7UWi00tlxlalt3R mFEqTEBT6y5SwtneeORTtTvqJmMS9ET2JqhzcheZpC7bQ5ep55iv2lIlh/o1kyslsLEX AFPaKaHaBP2d6wHO+NZdUn2L2vPBzAKAsUmQVa/Yc8EnmbK+y64Fr1PhLid/4W5pQCgo iUMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bkPlweIvO3V+hqZq+coHeN4MpWJ9YeakyR7jBBsmijU=; b=mbZu6QALuYU2v0fE5KkfqEuET+QwrgU6tPYeoqzJ6Uo/tMBojEBo6NhoEuZMIS7bmu kUarL2IPAlSt7+uoGKzZoSHqNTIzfU6fw3RN5sX1T5LvxCFoKmBR+4K53ofFA6M3Vx3j ZYdGNU8dzs7qw0B4+aDiLyxTssZNLyG0utq6j6YSsV6ZUlWnm6u+mJl1LemS6Tfynp5z ojBpSEmcUD/4HFntEi+DLpa2H5mdxwzQr473xqoozn0ii62iig64wHHsJWUJCzUWsbwF hJtqrAXdNMhfgLkTuxx4UC8VPhcEtDMwJlXlKFtmmE3zrf7dCjU2G4TAWl1fVL4jxnxJ GieA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0plwntIx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d6si45254969pfr.262.2019.05.02.08.30.53; Thu, 02 May 2019 08:31:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0plwntIx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728107AbfEBP17 (ORCPT + 99 others); Thu, 2 May 2019 11:27:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:44920 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728092AbfEBP14 (ORCPT ); Thu, 2 May 2019 11:27:56 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AAC33208C4; Thu, 2 May 2019 15:27:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556810875; bh=p9wiho0nLVbrFdCsWLg0R4hkONVO5o1ERRoa9QyeSr0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0plwntIx1FxMn/iilRCwB5Awz5wsjCZiG5Zwu5+YK5d9h4BZUjODLpypbJv1tGl4m dMAZS/PczOuRAotH3tRs03UclPbOvx7NsTAShCGFSo+3JtnI09XLlBf43cX5j3G9+y oVmFIzrgGAJHJzLPxEGdtvBI8eEEqQSRAiZnucRU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ralph Campbell , Thomas Gleixner , Craig Bergstrom , Linus Torvalds , Boris Ostrovsky , Fengguang Wu , Hans Verkuil , Mauro Carvalho Chehab , Peter Zijlstra , Sander Eikelenboom , Sean Young , "Sasha Levin (Microsoft)" Subject: [PATCH 4.19 63/72] x86/mm: Dont exceed the valid physical address space Date: Thu, 2 May 2019 17:21:25 +0200 Message-Id: <20190502143338.351579083@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190502143333.437607839@linuxfoundation.org> References: <20190502143333.437607839@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 92c77f7c4d5dfaaf45b2ce19360e69977c264766 ] valid_phys_addr_range() is used to sanity check the physical address range of an operation, e.g., access to /dev/mem. It uses __pa(high_memory) internally. If memory is populated at the end of the physical address space, then __pa(high_memory) is outside of the physical address space because: high_memory = (void *)__va(max_pfn * PAGE_SIZE - 1) + 1; For the comparison in valid_phys_addr_range() this is not an issue, but if CONFIG_DEBUG_VIRTUAL is enabled, __pa() maps to __phys_addr(), which verifies that the resulting physical address is within the valid physical address space of the CPU. So in the case that memory is populated at the end of the physical address space, this is not true and triggers a VIRTUAL_BUG_ON(). Use __pa(high_memory - 1) to prevent the conversion from going beyond the end of valid physical addresses. Fixes: be62a3204406 ("x86/mm: Limit mmap() of /dev/mem to valid physical addresses") Signed-off-by: Ralph Campbell Signed-off-by: Thomas Gleixner Cc: Craig Bergstrom Cc: Linus Torvalds Cc: Boris Ostrovsky Cc: Fengguang Wu Cc: Greg Kroah-Hartman Cc: Hans Verkuil Cc: Mauro Carvalho Chehab Cc: Peter Zijlstra Cc: Sander Eikelenboom Cc: Sean Young Link: https://lkml.kernel.org/r/20190326001817.15413-2-rcampbell@nvidia.com Signed-off-by: Sasha Levin (Microsoft) --- arch/x86/mm/mmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index 1e95d57760cf..b69f7d428443 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -230,7 +230,7 @@ bool mmap_address_hint_valid(unsigned long addr, unsigned long len) /* Can we access it for direct reading/writing? Must be RAM: */ int valid_phys_addr_range(phys_addr_t addr, size_t count) { - return addr + count <= __pa(high_memory); + return addr + count - 1 <= __pa(high_memory - 1); } /* Can we access it through mmap? Must be a valid physical address: */ -- 2.19.1