Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp1211160lqb; Thu, 18 Apr 2024 03:35:32 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXntbSaf4SBFC5NbDdDbQUKTTO36+1yjlGm1XnDWkUdcJRHFnYMCTcX9Tow7tyqAxARMz23PraXdFgwGZdjwVk/dvp55XK/GemGbMjDMQ== X-Google-Smtp-Source: AGHT+IH7xpl1Zljz5gsvsziNG6F4D+8vnZseakrXmmlif149zyNGiDIlsyGTxiUsz013DgTuB8+u X-Received: by 2002:a05:6808:2189:b0:3c6:f7bd:9825 with SMTP id be9-20020a056808218900b003c6f7bd9825mr3331932oib.22.1713436531828; Thu, 18 Apr 2024 03:35:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713436531; cv=pass; d=google.com; s=arc-20160816; b=y1lPnsw4xzszSf6DVeSAw5P+EiuJusp6sjCpx0JPqU45n8F70R1mwb+3UQS3IFBzGt b/ntOjs1ned1l4mXg3859U68FFlxgkpKNwjaCUyeJFJEsRsoV1xbfj10WCUq8iYmXRtT VLIPDWqT+NvNeNaR8PPQo1td4tDd4/JvA4hl/OinSwWfRUxZMyAzk9a5tQVzrrDwU7W2 3tTWuoBs/sprZKu5Wa4U7jDLfl44HNLDDRWTWPgoebzzFuwUk8/vBWDopaK0RfrJi0N2 hnjmXIjOOUXG0OSuimeZyl/WBhKKJ7qIKVElBrio4Tud5osGas9Vf/JYDioLYHfezAgo 9tJQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :dkim-signature:dkim-signature:from; bh=9obvaWEEEdGVSr28CMv6Cu4kAaroOIyrSClUKb5FyOY=; fh=TZ0CUsmEcD7RZlOvxjnH7REJnq5ruGZpW3xbrCqk+wc=; b=eNEwl4612QbSoavU/sdpcdNhawSH/zbttjDtM9VRiOOgUJ4t609H8qccvH3iPbGVUv f+ZbLHY8EA8F12Ri9sUYtb+xPT9dlERkTztSQ3R7vnQGfMJq/Hl4+SiPLAiM9miOYOWw ofz/vbsIh35OAVCcVLccZQMA+z4fnOa+ASmpw+h2VQ2Ef8mLkR2pjgEoi9nZE9jaZZxD R2Mpi4IG7LcbqJmleZfGqU2edh6CVn7bUp1yOuRhir6OS8k8YZbFnD+X8oocS7sI4vHl EKt3Jko2KYacCYnO5RFHOAlK97vWgd/9pxVA8y9SlfLv/ptwFCxBJxHSoxYJ01Grz683 T6Sg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=rFoTg+5O; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-149891-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149891-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id a12-20020a05622a02cc00b00437ab0bd472si368777qtx.127.2024.04.18.03.35.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 03:35:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-149891-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=rFoTg+5O; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; arc=pass (i=1 spf=pass spfdomain=linutronix.de dkim=pass dkdomain=linutronix.de dmarc=pass fromdomain=linutronix.de); spf=pass (google.com: domain of linux-kernel+bounces-149891-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-149891-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 88DAA1C212A0 for ; Thu, 18 Apr 2024 10:35:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6E6DD15CD62; Thu, 18 Apr 2024 10:35:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="rFoTg+5O"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="OkgiFbzK" Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 454438821; Thu, 18 Apr 2024 10:35:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713436524; cv=none; b=CySIrsaz8QsT2PKCIW5ZxW43oMEBWgZMRUhbT/nbkZmOF+82bU0Avby+P7YOYGb0R37mJLHC14n8rkSZUxhLCHqSzRzBJnJZEYy9vDQ0FYCv79g0RHeV1pigAw0Phx/VK3rZONHbJkPnlZYWwbFY0vVgBJDeLTgGEx2CnjTNeSE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713436524; c=relaxed/simple; bh=elx7OKm1udJewvzUfuAa8NkG1AOgelvnmXs8xqzFUUI=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=U2r9tNCAx9Mij5z4BMI5NJZpLhn5Oba6pi9LcrWhVEVbPD3EmBsmn5mio/lcvO5kNK1N16WQ9LyyG/RjFaZuBQxAJ5LI0CoHNzJvCx+fXcerxQSls0U10cRP3MaEzMJdcVEpkw716Kq9srtBNzuQeyN3CGQtnFCx/mL6NyawPBI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=rFoTg+5O; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=OkgiFbzK; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de From: Nam Cao DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1713436521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=9obvaWEEEdGVSr28CMv6Cu4kAaroOIyrSClUKb5FyOY=; b=rFoTg+5OscplOaVXCHK/7cHWKm5qOdAWblkqZCJ4vMeOn8y66abd6BreT1dDnFVPIaJNVv p/hp4pRcVCOw04EJpMLmY1szbPdhyMQ2HFjpRkmDBJOhtx4HHbYjvFcbpkPietVTHmQrrn zxRRoVm4xJ5hzULwg9DSeqh0PYBILFnoFxNaWkgCjR0NXrpWoNDkAmoo2pj9tK/H1s6NAF /sQxEmmMmTQyftLxWpmCSNAaJTp5D+XI8olwQ/8vYgbBa8WVWW/7tPDRO0RkCTx35M+wwd N41gq0rbAGXQyGPUu+uOvXtM/Wqp9Cbq3A1/UijMAY80/oNXauN5duvfOZdTBw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1713436521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=9obvaWEEEdGVSr28CMv6Cu4kAaroOIyrSClUKb5FyOY=; b=OkgiFbzKFvUFsoqftpSJySJo2U0wWkhDCM7WswDQsLc3kI9ofNu49Xa0uBH+A6iGWmTwFN xHdX+y73q6HTaOAQ== To: Mike Rapoport , Andreas Dilger , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , linux-riscv@lists.infradead.org, Thomas Gleixner , Andrew Morton , "ndesaulniers @ google . com" , Luis Chamberlain , Ingo Molnar , Christophe Leroy , Tejun Heo , Krister Johansen , Changbin Du , Arnd Bergmann , Geert Uytterhoeven , linux-kernel@vger.kernel.org Cc: Nam Cao , stable@vger.kernel.org Subject: [PATCH] init: fix allocated page overlapping with PTR_ERR Date: Thu, 18 Apr 2024 12:29:43 +0200 Message-Id: <20240418102943.180510-1-namcao@linutronix.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable There is nothing preventing kernel memory allocators from allocating a page that overlaps with PTR_ERR(), except for architecture-specific code that setup memblock. It was discovered that RISCV architecture doesn't setup memblock corectly, leading to a page overlapping with PTR_ERR() being allocated, and subsequently crashing the kernel (link in Close: ) The reported crash has nothing to do with PTR_ERR(): the last page (at address 0xfffff000) being allocated leads to an unexpected arithmetic overflow in ext4; but still, this page shouldn't be allocated in the first place. Because PTR_ERR() is an architecture-independent thing, we shouldn't ask every single architecture to set this up. There may be other architectures beside RISCV that have the same problem. Fix this one and for all by reserving the physical memory page that may be mapped to the last virtual memory page as part of low memory. Unfortunately, this means if there is actual memory at this reserved location, that memory will become inaccessible. However, if this page is not reserved, it can only be accessed as high memory, so this doesn't matter if high memory is not supported. Even if high memory is supported, it is still only one page. Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.ar= e.belong.to.us Signed-off-by: Nam Cao Cc: # all versions --- init/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/init/main.c b/init/main.c index 881f6230ee59..f8d2793c4641 100644 --- a/init/main.c +++ b/init/main.c @@ -900,6 +900,7 @@ void start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); early_security_init(); + memblock_reserve(__pa(-PAGE_SIZE), PAGE_SIZE); /* reserve last page for E= RR_PTR */ setup_arch(&command_line); setup_boot_config(); setup_command_line(command_line); --=20 2.39.2