Re: [PATCH] powerpc: Avoid integer overflow in page_is_ram()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Roland Dreier <rdreier@cisco.com>
Cc: vb <vb@vsbe.com>, paulus@samba.org, Arnd Bergmann <arnd@arndb.de>,
	linuxppc-embedded@ozlabs.org
Subject: Re: [PATCH] powerpc: Avoid integer overflow in page_is_ram()
Date: Mon, 01 Sep 2008 10:27:26 +1000	[thread overview]
Message-ID: <1220228846.13162.403.camel@pasglop> (raw)
In-Reply-To: <adar687i33c.fsf_-_@cisco.com>

On Fri, 2008-08-29 at 20:39 -0700, Roland Dreier wrote:
> Commit 8b150478 ("ppc: make phys_mem_access_prot() work with pfns
> instead of addresses") fixed page_is_ram() in arch/ppc to avoid overflow
> for addresses above 4G on 32-bit kernels.  However arch/powerpc's
> page_is_ram() is missing the same fix -- it computes a physical address
> by doing pfn << PAGE_SHIFT, which overflows if pfn corresponds to a page
> above 4G.
> 
> In particular this causes pages above 4G to be mapped with the wrong
> caching attribute; for example many ppc440-based SoCs have PCI space
> above 4G, and mmap()ing MMIO space may end up with a mapping that has
> caching enabled.
> 
> Fix this by working with the pfn and avoiding the conversion to
> physical address that causes the overflow.  This patch compares the
> pfn to max_pfn, which is a semantic change from the old code -- that
> code compared the physical address to high_memory, which corresponds
> to max_low_pfn.  However, I think that was is another bug, since
> highmem pages are still RAM.
> 
> Reported-by: vb <vb@vsbe.com>
> Signed-off-by: Roland Dreier <rolandd@cisco.com>

Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>

> ---
> This is a fix but the bug is pretty long-standing -- I think this is
> 2.6.28 material.
> 
>  arch/powerpc/mm/mem.c |    5 ++---
>  1 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
> index 1c93c25..98d7bf9 100644
> --- a/arch/powerpc/mm/mem.c
> +++ b/arch/powerpc/mm/mem.c
> @@ -75,11 +75,10 @@ static inline pte_t *virt_to_kpte(unsigned long vaddr)
>  
>  int page_is_ram(unsigned long pfn)
>  {
> -	unsigned long paddr = (pfn << PAGE_SHIFT);
> -
>  #ifndef CONFIG_PPC64	/* XXX for now */
> -	return paddr < __pa(high_memory);
> +	return pfn < max_pfn;
>  #else
> +	unsigned long paddr = (pfn << PAGE_SHIFT);
>  	int i;
>  	for (i=0; i < lmb.memory.cnt; i++) {
>  		unsigned long base;

next prev parent reply	other threads:[~2008-09-01  0:38 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-27  2:26 mmap and ppc460gt vb
2008-08-27  3:24 ` Roland Dreier
2008-08-27  8:13   ` Arnd Bergmann
2008-08-27 23:13     ` vb
2008-08-28  0:11       ` Roland Dreier
2008-08-28  0:21         ` vb
2008-08-28  3:12         ` Roland Dreier
2008-08-28  3:47           ` vb
2008-08-28 10:36             ` Josh Boyer
2008-08-30  3:39           ` [PATCH] powerpc: Avoid integer overflow in page_is_ram() Roland Dreier
2008-09-01  0:27             ` Benjamin Herrenschmidt [this message]
  -- strict thread matches above, loose matches on Subject: below --
2008-09-15 20:31 Patches added to powerpc.git master and powerpc-next branches Paul Mackerras
2008-09-15 20:43 ` [PATCH] powerpc: Avoid integer overflow in page_is_ram() Roland Dreier
2008-09-15 22:44   ` Kumar Gala
2008-09-15 22:51     ` Roland Dreier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1220228846.13162.403.camel@pasglop \
    --to=benh@kernel.crashing.org \
    --cc=arnd@arndb.de \
    --cc=linuxppc-embedded@ozlabs.org \
    --cc=paulus@samba.org \
    --cc=rdreier@cisco.com \
    --cc=vb@vsbe.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.