From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933124AbcHNU02 (ORCPT ); Sun, 14 Aug 2016 16:26:28 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:45641 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933087AbcHNU0W (ORCPT ); Sun, 14 Aug 2016 16:26:22 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kernel test robot , Borislav Petkov , Toshi Kani , Andrew Morton , David Vrabel , Linus Torvalds , "Paul E. McKenney" , Peter Zijlstra , Thomas Gleixner , xen-devel@lists.xenproject.org, Ingo Molnar Subject: [PATCH 4.4 30/49] x86/mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386 Date: Sun, 14 Aug 2016 22:23:30 +0200 Message-Id: <20160814202304.142983388@linuxfoundation.org> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20160814202302.493206349@linuxfoundation.org> References: <20160814202302.493206349@linuxfoundation.org> User-Agent: quilt/0.64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Toshi Kani commit 1886297ce0c8d563a08c8a8c4c0b97743e06cd37 upstream. The following BUG_ON() crash was reported on QEMU/i386: kernel BUG at arch/x86/mm/physaddr.c:79! Call Trace: phys_mem_access_prot_allowed mmap_mem ? mmap_region mmap_region do_mmap vm_mmap_pgoff SyS_mmap_pgoff do_int80_syscall_32 entry_INT80_32 after commit: edfe63ec97ed ("x86/mtrr: Fix Xorg crashes in Qemu sessions") PAT is now set to disabled state when MTRRs are disabled. Thus, reactivating the __pa(high_memory) check in phys_mem_access_prot_allowed(). When CONFIG_DEBUG_VIRTUAL is set, __pa() calls __phys_addr(), which in turn calls slow_virt_to_phys() for 'high_memory'. Because 'high_memory' is set to (the max direct mapped virt addr + 1), it is not a valid virtual address. Hence, slow_virt_to_phys() returns 0 and hit the BUG_ON. Using __pa_nodebug() instead of __pa() will fix this BUG_ON. However, this code block, originally written for Pentiums and earlier, is no longer adequate since a 32-bit Xen guest has MTRRs disabled and supports ZONE_HIGHMEM. In this setup, this code sets UC attribute for accessing RAM in high memory range. Delete this code block as it has been unused for a long time. Reported-by: kernel test robot Reviewed-by: Borislav Petkov Signed-off-by: Toshi Kani Cc: Andrew Morton Cc: David Vrabel Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: xen-devel@lists.xenproject.org Link: http://lkml.kernel.org/r/1460403360-25441-1-git-send-email-toshi.kani@hpe.com Link: https://lkml.org/lkml/2016/4/1/608 Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/mm/pat.c | 19 ------------------- 1 file changed, 19 deletions(-) --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c @@ -777,25 +777,6 @@ int phys_mem_access_prot_allowed(struct if (file->f_flags & O_DSYNC) pcm = _PAGE_CACHE_MODE_UC_MINUS; -#ifdef CONFIG_X86_32 - /* - * On the PPro and successors, the MTRRs are used to set - * memory types for physical addresses outside main memory, - * so blindly setting UC or PWT on those pages is wrong. - * For Pentiums and earlier, the surround logic should disable - * caching for the high addresses through the KEN pin, but - * we maintain the tradition of paranoia in this code. - */ - if (!pat_enabled() && - !(boot_cpu_has(X86_FEATURE_MTRR) || - boot_cpu_has(X86_FEATURE_K6_MTRR) || - boot_cpu_has(X86_FEATURE_CYRIX_ARR) || - boot_cpu_has(X86_FEATURE_CENTAUR_MCR)) && - (pfn << PAGE_SHIFT) >= __pa(high_memory)) { - pcm = _PAGE_CACHE_MODE_UC; - } -#endif - *vma_prot = __pgprot((pgprot_val(*vma_prot) & ~_PAGE_CACHE_MASK) | cachemode2protval(pcm)); return 1; From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: [PATCH 4.4 30/49] x86/mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386 Date: Sun, 14 Aug 2016 22:23:30 +0200 Message-ID: <20160814202304.142983388@linuxfoundation.org> References: <20160814202302.493206349@linuxfoundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ1zF-0006Ni-DQ for xen-devel@lists.xenproject.org; Sun, 14 Aug 2016 20:26:25 +0000 In-Reply-To: <20160814202302.493206349@linuxfoundation.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: linux-kernel@vger.kernel.org Cc: "Paul E. McKenney" , Toshi Kani , Peter Zijlstra , Greg Kroah-Hartman , stable@vger.kernel.org, Ingo Molnar , David Vrabel , kernel test robot , xen-devel@lists.xenproject.org, Andrew Morton , Borislav Petkov , Linus Torvalds , Thomas Gleixner List-Id: xen-devel@lists.xenproject.org NC40LXN0YWJsZSByZXZpZXcgcGF0Y2guICBJZiBhbnlvbmUgaGFzIGFueSBvYmplY3Rpb25zLCBw bGVhc2UgbGV0IG1lIGtub3cuCgotLS0tLS0tLS0tLS0tLS0tLS0KCkZyb206IFRvc2hpIEthbmkg PHRvc2hpLmthbmlAaHBlLmNvbT4KCmNvbW1pdCAxODg2Mjk3Y2UwYzhkNTYzYTA4YzhhOGM0YzBi OTc3NDNlMDZjZDM3IHVwc3RyZWFtLgoKVGhlIGZvbGxvd2luZyBCVUdfT04oKSBjcmFzaCB3YXMg cmVwb3J0ZWQgb24gUUVNVS9pMzg2OgoKICBrZXJuZWwgQlVHIGF0IGFyY2gveDg2L21tL3BoeXNh ZGRyLmM6NzkhCiAgQ2FsbCBUcmFjZToKICBwaHlzX21lbV9hY2Nlc3NfcHJvdF9hbGxvd2VkCiAg bW1hcF9tZW0KICA/IG1tYXBfcmVnaW9uCiAgbW1hcF9yZWdpb24KICBkb19tbWFwCiAgdm1fbW1h cF9wZ29mZgogIFN5U19tbWFwX3Bnb2ZmCiAgZG9faW50ODBfc3lzY2FsbF8zMgogIGVudHJ5X0lO VDgwXzMyCgphZnRlciBjb21taXQ6CgogIGVkZmU2M2VjOTdlZCAoIng4Ni9tdHJyOiBGaXggWG9y ZyBjcmFzaGVzIGluIFFlbXUgc2Vzc2lvbnMiKQoKUEFUIGlzIG5vdyBzZXQgdG8gZGlzYWJsZWQg c3RhdGUgd2hlbiBNVFJScyBhcmUgZGlzYWJsZWQuClRodXMsIHJlYWN0aXZhdGluZyB0aGUgX19w YShoaWdoX21lbW9yeSkgY2hlY2sgaW4KcGh5c19tZW1fYWNjZXNzX3Byb3RfYWxsb3dlZCgpLgoK V2hlbiBDT05GSUdfREVCVUdfVklSVFVBTCBpcyBzZXQsIF9fcGEoKSBjYWxscyBfX3BoeXNfYWRk cigpLAp3aGljaCBpbiB0dXJuIGNhbGxzIHNsb3dfdmlydF90b19waHlzKCkgZm9yICdoaWdoX21l bW9yeScuCkJlY2F1c2UgJ2hpZ2hfbWVtb3J5JyBpcyBzZXQgdG8gKHRoZSBtYXggZGlyZWN0IG1h cHBlZCB2aXJ0CmFkZHIgKyAxKSwgaXQgaXMgbm90IGEgdmFsaWQgdmlydHVhbCBhZGRyZXNzLiAg SGVuY2UsCnNsb3dfdmlydF90b19waHlzKCkgcmV0dXJucyAwIGFuZCBoaXQgdGhlIEJVR19PTi4g IFVzaW5nCl9fcGFfbm9kZWJ1ZygpIGluc3RlYWQgb2YgX19wYSgpIHdpbGwgZml4IHRoaXMgQlVH X09OLgoKSG93ZXZlciwgdGhpcyBjb2RlIGJsb2NrLCBvcmlnaW5hbGx5IHdyaXR0ZW4gZm9yIFBl bnRpdW1zIGFuZAplYXJsaWVyLCBpcyBubyBsb25nZXIgYWRlcXVhdGUgc2luY2UgYSAzMi1iaXQg WGVuIGd1ZXN0IGhhcwpNVFJScyBkaXNhYmxlZCBhbmQgc3VwcG9ydHMgWk9ORV9ISUdITUVNLiAg SW4gdGhpcyBzZXR1cCwKdGhpcyBjb2RlIHNldHMgVUMgYXR0cmlidXRlIGZvciBhY2Nlc3Npbmcg UkFNIGluIGhpZ2ggbWVtb3J5CnJhbmdlLgoKRGVsZXRlIHRoaXMgY29kZSBibG9jayBhcyBpdCBo YXMgYmVlbiB1bnVzZWQgZm9yIGEgbG9uZyB0aW1lLgoKUmVwb3J0ZWQtYnk6IGtlcm5lbCB0ZXN0 IHJvYm90IDx5aW5nLmh1YW5nQGxpbnV4LmludGVsLmNvbT4KUmV2aWV3ZWQtYnk6IEJvcmlzbGF2 IFBldGtvdiA8YnBAc3VzZS5kZT4KU2lnbmVkLW9mZi1ieTogVG9zaGkgS2FuaSA8dG9zaGkua2Fu aUBocGUuY29tPgpDYzogQW5kcmV3IE1vcnRvbiA8YWtwbUBsaW51eC1mb3VuZGF0aW9uLm9yZz4K Q2M6IERhdmlkIFZyYWJlbCA8ZGF2aWQudnJhYmVsQGNpdHJpeC5jb20+CkNjOiBMaW51cyBUb3J2 YWxkcyA8dG9ydmFsZHNAbGludXgtZm91bmRhdGlvbi5vcmc+CkNjOiBQYXVsIEUuIE1jS2VubmV5 IDxwYXVsbWNrQGxpbnV4LnZuZXQuaWJtLmNvbT4KQ2M6IFBldGVyIFppamxzdHJhIDxwZXRlcnpA aW5mcmFkZWFkLm9yZz4KQ2M6IFRob21hcyBHbGVpeG5lciA8dGdseEBsaW51dHJvbml4LmRlPgpD YzogeGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnCkxpbms6IGh0dHA6Ly9sa21sLmtlcm5l bC5vcmcvci8xNDYwNDAzMzYwLTI1NDQxLTEtZ2l0LXNlbmQtZW1haWwtdG9zaGkua2FuaUBocGUu Y29tCkxpbms6IGh0dHBzOi8vbGttbC5vcmcvbGttbC8yMDE2LzQvMS82MDgKU2lnbmVkLW9mZi1i eTogSW5nbyBNb2xuYXIgPG1pbmdvQGtlcm5lbC5vcmc+ClNpZ25lZC1vZmYtYnk6IEdyZWcgS3Jv YWgtSGFydG1hbiA8Z3JlZ2toQGxpbnV4Zm91bmRhdGlvbi5vcmc+CgotLS0KIGFyY2gveDg2L21t L3BhdC5jIHwgICAxOSAtLS0tLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTkgZGVs ZXRpb25zKC0pCgotLS0gYS9hcmNoL3g4Ni9tbS9wYXQuYworKysgYi9hcmNoL3g4Ni9tbS9wYXQu YwpAQCAtNzc3LDI1ICs3NzcsNiBAQCBpbnQgcGh5c19tZW1fYWNjZXNzX3Byb3RfYWxsb3dlZChz dHJ1Y3QKIAlpZiAoZmlsZS0+Zl9mbGFncyAmIE9fRFNZTkMpCiAJCXBjbSA9IF9QQUdFX0NBQ0hF X01PREVfVUNfTUlOVVM7CiAKLSNpZmRlZiBDT05GSUdfWDg2XzMyCi0JLyoKLQkgKiBPbiB0aGUg UFBybyBhbmQgc3VjY2Vzc29ycywgdGhlIE1UUlJzIGFyZSB1c2VkIHRvIHNldAotCSAqIG1lbW9y eSB0eXBlcyBmb3IgcGh5c2ljYWwgYWRkcmVzc2VzIG91dHNpZGUgbWFpbiBtZW1vcnksCi0JICog c28gYmxpbmRseSBzZXR0aW5nIFVDIG9yIFBXVCBvbiB0aG9zZSBwYWdlcyBpcyB3cm9uZy4KLQkg KiBGb3IgUGVudGl1bXMgYW5kIGVhcmxpZXIsIHRoZSBzdXJyb3VuZCBsb2dpYyBzaG91bGQgZGlz YWJsZQotCSAqIGNhY2hpbmcgZm9yIHRoZSBoaWdoIGFkZHJlc3NlcyB0aHJvdWdoIHRoZSBLRU4g cGluLCBidXQKLQkgKiB3ZSBtYWludGFpbiB0aGUgdHJhZGl0aW9uIG9mIHBhcmFub2lhIGluIHRo aXMgY29kZS4KLQkgKi8KLQlpZiAoIXBhdF9lbmFibGVkKCkgJiYKLQkgICAgIShib290X2NwdV9o YXMoWDg2X0ZFQVRVUkVfTVRSUikgfHwKLQkgICAgICBib290X2NwdV9oYXMoWDg2X0ZFQVRVUkVf SzZfTVRSUikgfHwKLQkgICAgICBib290X2NwdV9oYXMoWDg2X0ZFQVRVUkVfQ1lSSVhfQVJSKSB8 fAotCSAgICAgIGJvb3RfY3B1X2hhcyhYODZfRkVBVFVSRV9DRU5UQVVSX01DUikpICYmCi0JICAg IChwZm4gPDwgUEFHRV9TSElGVCkgPj0gX19wYShoaWdoX21lbW9yeSkpIHsKLQkJcGNtID0gX1BB R0VfQ0FDSEVfTU9ERV9VQzsKLQl9Ci0jZW5kaWYKLQogCSp2bWFfcHJvdCA9IF9fcGdwcm90KChw Z3Byb3RfdmFsKCp2bWFfcHJvdCkgJiB+X1BBR0VfQ0FDSEVfTUFTSykgfAogCQkJICAgICBjYWNo ZW1vZGUycHJvdHZhbChwY20pKTsKIAlyZXR1cm4gMTsKCgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2 ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==