From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: [PATCH 4.19 029/148] x86/mm: Fix guard hole handling Date: Fri, 11 Jan 2019 15:13:27 +0100 Message-ID: <20190111131115.468401035@linuxfoundation.org> References: <20190111131114.337122649@linuxfoundation.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ghxwI-0004kI-Im for xen-devel@lists.xenproject.org; Fri, 11 Jan 2019 14:37:38 +0000 In-Reply-To: <20190111131114.337122649@linuxfoundation.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: linux-kernel@vger.kernel.org Cc: Juergen Gross , Sasha Levin , bhe@redhat.com, peterz@infradead.org, Greg Kroah-Hartman , dave.hansen@linux.intel.com, stable@vger.kernel.org, linux-mm@kvack.org, bp@alien8.de, luto@kernel.org, hpa@zytor.com, xen-devel@lists.xenproject.org, Thomas Gleixner , Hans van Kranenburg , boris.ostrovsky@oracle.com, "Kirill A. Shutemov" List-Id: xen-devel@lists.xenproject.org NC4xOS1zdGFibGUgcmV2aWV3IHBhdGNoLiAgSWYgYW55b25lIGhhcyBhbnkgb2JqZWN0aW9ucywg cGxlYXNlIGxldCBtZSBrbm93LgoKLS0tLS0tLS0tLS0tLS0tLS0tCgpbIFVwc3RyZWFtIGNvbW1p dCAxNjg3N2E1NTcwZTBjNWY0MjcwZDViMTdmOWJhYjQyN2JjYWU5NTE0IF0KClRoZXJlIGlzIGEg Z3VhcmQgaG9sZSBhdCB0aGUgYmVnaW5uaW5nIG9mIHRoZSBrZXJuZWwgYWRkcmVzcyBzcGFjZSwg YWxzbwp1c2VkIGJ5IGh5cGVydmlzb3JzLiBJdCBvY2N1cGllcyAxNiBQR0QgZW50cmllcy4KClRo aXMgcmVzZXJ2ZWQgcmFuZ2UgaXMgbm90IGRlZmluZWQgZXhwbGljaXRlbHksIGl0IGlzIGNhbGN1 bGF0ZWQgcmVsYXRpdmUKdG8gb3RoZXIgZW50aXRpZXM6IGRpcmVjdCBtYXBwaW5nIGFuZCB1c2Vy IHNwYWNlIHJhbmdlcy4KClRoZSBjYWxjdWxhdGlvbiBnb3QgYnJva2VuIGJ5IHJlY2VudCBjaGFu Z2VzIG9mIHRoZSBrZXJuZWwgbWVtb3J5IGxheW91dDoKTERUIHJlbWFwIHJhbmdlIGlzIG5vdyBt YXBwZWQgYmVmb3JlIGRpcmVjdCBtYXBwaW5nIGFuZCBtYWtlcyB0aGUKY2FsY3VsYXRpb24gaW52 YWxpZC4KClRoZSBicmVha2FnZSBsZWFkcyB0byBjcmFzaCBvbiBYZW4gZG9tMCBib290WzFdLgoK RGVmaW5lIHRoZSByZXNlcnZlZCByYW5nZSBleHBsaWNpdGVseS4gSXQncyBwYXJ0IG9mIGtlcm5l bCBBQkkgKGh5cGVydmlzb3JzCmV4cGVjdCBpdCB0byBiZSBzdGFibGUpIGFuZCBtdXN0IG5vdCBk ZXBlbmQgb24gY2hhbmdlcyBpbiB0aGUgcmVzdCBvZgprZXJuZWwgbWVtb3J5IGxheW91dC4KClsx XSBodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL2FyY2hpdmVzL2h0bWwveGVuLWRldmVsLzIw MTgtMTEvbXNnMDMzMTMuaHRtbAoKRml4ZXM6IGQ1Mjg4OGFhMjc1MyAoIng4Ni9tbTogTW92ZSBM RFQgcmVtYXAgb3V0IG9mIEtBU0xSIHJlZ2lvbiBvbiA1LWxldmVsIHBhZ2luZyIpClJlcG9ydGVk LWJ5OiBIYW5zIHZhbiBLcmFuZW5idXJnIDxoYW5zLnZhbi5rcmFuZW5idXJnQG1lbmRpeC5jb20+ ClNpZ25lZC1vZmYtYnk6IEtpcmlsbCBBLiBTaHV0ZW1vdiA8a2lyaWxsLnNodXRlbW92QGxpbnV4 LmludGVsLmNvbT4KU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdsZWl4bmVyIDx0Z2x4QGxpbnV0cm9u aXguZGU+ClRlc3RlZC1ieTogSGFucyB2YW4gS3JhbmVuYnVyZyA8aGFucy52YW4ua3JhbmVuYnVy Z0BtZW5kaXguY29tPgpSZXZpZXdlZC1ieTogSnVlcmdlbiBHcm9zcyA8amdyb3NzQHN1c2UuY29t PgpDYzogYnBAYWxpZW44LmRlCkNjOiBocGFAenl0b3IuY29tCkNjOiBkYXZlLmhhbnNlbkBsaW51 eC5pbnRlbC5jb20KQ2M6IGx1dG9Aa2VybmVsLm9yZwpDYzogcGV0ZXJ6QGluZnJhZGVhZC5vcmcK Q2M6IGJvcmlzLm9zdHJvdnNreUBvcmFjbGUuY29tCkNjOiBiaGVAcmVkaGF0LmNvbQpDYzogbGlu dXgtbW1Aa3ZhY2sub3JnCkNjOiB4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcKTGluazog aHR0cHM6Ly9sa21sLmtlcm5lbC5vcmcvci8yMDE4MTEzMDIwMjMyOC42NTM1OS0yLWtpcmlsbC5z aHV0ZW1vdkBsaW51eC5pbnRlbC5jb20KU2lnbmVkLW9mZi1ieTogU2FzaGEgTGV2aW4gPHNhc2hh bEBrZXJuZWwub3JnPgotLS0KIGFyY2gveDg2L2luY2x1ZGUvYXNtL3BndGFibGVfNjRfdHlwZXMu aCB8ICA1ICsrKysrCiBhcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYyAgICAgICAgICAgfCAg OCArKysrLS0tLQogYXJjaC94ODYveGVuL21tdV9wdi5jICAgICAgICAgICAgICAgICAgIHwgMTEg KysrKysrLS0tLS0KIDMgZmlsZXMgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5cGVz LmggYi9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5cGVzLmgKaW5kZXggODRiZDli ZGMxOTg3Li44OGJjYTQ1NmRhOTkgMTAwNjQ0Ci0tLSBhL2FyY2gveDg2L2luY2x1ZGUvYXNtL3Bn dGFibGVfNjRfdHlwZXMuaAorKysgYi9hcmNoL3g4Ni9pbmNsdWRlL2FzbS9wZ3RhYmxlXzY0X3R5 cGVzLmgKQEAgLTExMSw2ICsxMTEsMTEgQEAgZXh0ZXJuIHVuc2lnbmVkIGludCBwdHJzX3Blcl9w NGQ7CiAgKi8KICNkZWZpbmUgTUFYTUVNCQkJKDFVTCA8PCBNQVhfUEhZU01FTV9CSVRTKQogCisj ZGVmaW5lIEdVQVJEX0hPTEVfUEdEX0VOVFJZCS0yNTZVTAorI2RlZmluZSBHVUFSRF9IT0xFX1NJ WkUJCSgxNlVMIDw8IFBHRElSX1NISUZUKQorI2RlZmluZSBHVUFSRF9IT0xFX0JBU0VfQUREUgko R1VBUkRfSE9MRV9QR0RfRU5UUlkgPDwgUEdESVJfU0hJRlQpCisjZGVmaW5lIEdVQVJEX0hPTEVf RU5EX0FERFIJKEdVQVJEX0hPTEVfQkFTRV9BRERSICsgR1VBUkRfSE9MRV9TSVpFKQorCiAjZGVm aW5lIExEVF9QR0RfRU5UUlkJCS0yNDBVTAogI2RlZmluZSBMRFRfQkFTRV9BRERSCQkoTERUX1BH RF9FTlRSWSA8PCBQR0RJUl9TSElGVCkKICNkZWZpbmUgTERUX0VORF9BRERSCQkoTERUX0JBU0Vf QUREUiArIFBHRElSX1NJWkUpCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJs ZXMuYyBiL2FyY2gveDg2L21tL2R1bXBfcGFnZXRhYmxlcy5jCmluZGV4IGExMmFmZmYxNDZkMS4u MDczNzU1Yzg5MTI2IDEwMDY0NAotLS0gYS9hcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYwor KysgYi9hcmNoL3g4Ni9tbS9kdW1wX3BhZ2V0YWJsZXMuYwpAQCAtNDkzLDExICs0OTMsMTEgQEAg c3RhdGljIGlubGluZSBib29sIGlzX2h5cGVydmlzb3JfcmFuZ2UoaW50IGlkeCkKIHsKICNpZmRl ZiBDT05GSUdfWDg2XzY0CiAJLyoKLQkgKiBmZmZmODAwMDAwMDAwMDAwIC0gZmZmZjg3ZmZmZmZm ZmZmZiBpcyByZXNlcnZlZCBmb3IKLQkgKiB0aGUgaHlwZXJ2aXNvci4KKwkgKiBBIGhvbGUgaW4g dGhlIGJlZ2lubmluZyBvZiBrZXJuZWwgYWRkcmVzcyBzcGFjZSByZXNlcnZlZAorCSAqIGZvciBh IGh5cGVydmlzb3IuCiAJICovCi0JcmV0dXJuCShpZHggPj0gcGdkX2luZGV4KF9fUEFHRV9PRkZT RVQpIC0gMTYpICYmCi0JCShpZHggPCAgcGdkX2luZGV4KF9fUEFHRV9PRkZTRVQpKTsKKwlyZXR1 cm4JKGlkeCA+PSBwZ2RfaW5kZXgoR1VBUkRfSE9MRV9CQVNFX0FERFIpKSAmJgorCQkoaWR4IDwg IHBnZF9pbmRleChHVUFSRF9IT0xFX0VORF9BRERSKSk7CiAjZWxzZQogCXJldHVybiBmYWxzZTsK ICNlbmRpZgpkaWZmIC0tZ2l0IGEvYXJjaC94ODYveGVuL21tdV9wdi5jIGIvYXJjaC94ODYveGVu L21tdV9wdi5jCmluZGV4IDJjODRjNmFkOGI1MC4uYzhmMDExZTA3YTE1IDEwMDY0NAotLS0gYS9h cmNoL3g4Ni94ZW4vbW11X3B2LmMKKysrIGIvYXJjaC94ODYveGVuL21tdV9wdi5jCkBAIC02NDAs MTkgKzY0MCwyMCBAQCBzdGF0aWMgaW50IF9feGVuX3BnZF93YWxrKHN0cnVjdCBtbV9zdHJ1Y3Qg Km1tLCBwZ2RfdCAqcGdkLAogCQkJICB1bnNpZ25lZCBsb25nIGxpbWl0KQogewogCWludCBpLCBu ciwgZmx1c2ggPSAwOwotCXVuc2lnbmVkIGhvbGVfbG93LCBob2xlX2hpZ2g7CisJdW5zaWduZWQg aG9sZV9sb3cgPSAwLCBob2xlX2hpZ2ggPSAwOwogCiAJLyogVGhlIGxpbWl0IGlzIHRoZSBsYXN0 IGJ5dGUgdG8gYmUgdG91Y2hlZCAqLwogCWxpbWl0LS07CiAJQlVHX09OKGxpbWl0ID49IEZJWEFE RFJfVE9QKTsKIAorI2lmZGVmIENPTkZJR19YODZfNjQKIAkvKgogCSAqIDY0LWJpdCBoYXMgYSBn cmVhdCBiaWcgaG9sZSBpbiB0aGUgbWlkZGxlIG9mIHRoZSBhZGRyZXNzCi0JICogc3BhY2UsIHdo aWNoIGNvbnRhaW5zIHRoZSBYZW4gbWFwcGluZ3MuICBPbiAzMi1iaXQgdGhlc2UKLQkgKiB3aWxs IGVuZCB1cCBtYWtpbmcgYSB6ZXJvLXNpemVkIGhvbGUgYW5kIHNvIGlzIGEgbm8tb3AuCisJICog c3BhY2UsIHdoaWNoIGNvbnRhaW5zIHRoZSBYZW4gbWFwcGluZ3MuCiAJICovCi0JaG9sZV9sb3cg PSBwZ2RfaW5kZXgoVVNFUl9MSU1JVCk7Ci0JaG9sZV9oaWdoID0gcGdkX2luZGV4KFBBR0VfT0ZG U0VUKTsKKwlob2xlX2xvdyA9IHBnZF9pbmRleChHVUFSRF9IT0xFX0JBU0VfQUREUik7CisJaG9s ZV9oaWdoID0gcGdkX2luZGV4KEdVQVJEX0hPTEVfRU5EX0FERFIpOworI2VuZGlmCiAKIAluciA9 IHBnZF9pbmRleChsaW1pdCkgKyAxOwogCWZvciAoaSA9IDA7IGkgPCBucjsgaSsrKSB7Ci0tIAoy LjE5LjEKCgoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f Clhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3RzLnhlbnByb2plY3Qub3JnCmh0 dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5mby94ZW4tZGV2ZWw= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id 806468E0001 for ; Fri, 11 Jan 2019 09:37:38 -0500 (EST) Received: by mail-pg1-f197.google.com with SMTP id i124so8565646pgc.2 for ; Fri, 11 Jan 2019 06:37:38 -0800 (PST) Received: from mail.kernel.org (mail.kernel.org. [198.145.29.99]) by mx.google.com with ESMTPS id m3si964663pgc.232.2019.01.11.06.37.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Jan 2019 06:37:37 -0800 (PST) From: Greg Kroah-Hartman Subject: [PATCH 4.19 029/148] x86/mm: Fix guard hole handling Date: Fri, 11 Jan 2019 15:13:27 +0100 Message-Id: <20190111131115.468401035@linuxfoundation.org> In-Reply-To: <20190111131114.337122649@linuxfoundation.org> References: <20190111131114.337122649@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hans van Kranenburg , "Kirill A. Shutemov" , Thomas Gleixner , Juergen Gross , bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, boris.ostrovsky@oracle.com, bhe@redhat.com, linux-mm@kvack.org, xen-devel@lists.xenproject.org, Sasha Levin 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 16877a5570e0c5f4270d5b17f9bab427bcae9514 ] There is a guard hole at the beginning of the kernel address space, also used by hypervisors. It occupies 16 PGD entries. This reserved range is not defined explicitely, it is calculated relative to other entities: direct mapping and user space ranges. The calculation got broken by recent changes of the kernel memory layout: LDT remap range is now mapped before direct mapping and makes the calculation invalid. The breakage leads to crash on Xen dom0 boot[1]. Define the reserved range explicitely. It's part of kernel ABI (hypervisors expect it to be stable) and must not depend on changes in the rest of kernel memory layout. [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging") Reported-by: Hans van Kranenburg Signed-off-by: Kirill A. Shutemov Signed-off-by: Thomas Gleixner Tested-by: Hans van Kranenburg Reviewed-by: Juergen Gross Cc: bp@alien8.de Cc: hpa@zytor.com Cc: dave.hansen@linux.intel.com Cc: luto@kernel.org Cc: peterz@infradead.org Cc: boris.ostrovsky@oracle.com Cc: bhe@redhat.com Cc: linux-mm@kvack.org Cc: xen-devel@lists.xenproject.org Link: https://lkml.kernel.org/r/20181130202328.65359-2-kirill.shutemov@linux.intel.com Signed-off-by: Sasha Levin --- arch/x86/include/asm/pgtable_64_types.h | 5 +++++ arch/x86/mm/dump_pagetables.c | 8 ++++---- arch/x86/xen/mmu_pv.c | 11 ++++++----- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 84bd9bdc1987..88bca456da99 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -111,6 +111,11 @@ extern unsigned int ptrs_per_p4d; */ #define MAXMEM (1UL << MAX_PHYSMEM_BITS) +#define GUARD_HOLE_PGD_ENTRY -256UL +#define GUARD_HOLE_SIZE (16UL << PGDIR_SHIFT) +#define GUARD_HOLE_BASE_ADDR (GUARD_HOLE_PGD_ENTRY << PGDIR_SHIFT) +#define GUARD_HOLE_END_ADDR (GUARD_HOLE_BASE_ADDR + GUARD_HOLE_SIZE) + #define LDT_PGD_ENTRY -240UL #define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) #define LDT_END_ADDR (LDT_BASE_ADDR + PGDIR_SIZE) diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index a12afff146d1..073755c89126 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -493,11 +493,11 @@ static inline bool is_hypervisor_range(int idx) { #ifdef CONFIG_X86_64 /* - * ffff800000000000 - ffff87ffffffffff is reserved for - * the hypervisor. + * A hole in the beginning of kernel address space reserved + * for a hypervisor. */ - return (idx >= pgd_index(__PAGE_OFFSET) - 16) && - (idx < pgd_index(__PAGE_OFFSET)); + return (idx >= pgd_index(GUARD_HOLE_BASE_ADDR)) && + (idx < pgd_index(GUARD_HOLE_END_ADDR)); #else return false; #endif diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c index 2c84c6ad8b50..c8f011e07a15 100644 --- a/arch/x86/xen/mmu_pv.c +++ b/arch/x86/xen/mmu_pv.c @@ -640,19 +640,20 @@ static int __xen_pgd_walk(struct mm_struct *mm, pgd_t *pgd, unsigned long limit) { int i, nr, flush = 0; - unsigned hole_low, hole_high; + unsigned hole_low = 0, hole_high = 0; /* The limit is the last byte to be touched */ limit--; BUG_ON(limit >= FIXADDR_TOP); +#ifdef CONFIG_X86_64 /* * 64-bit has a great big hole in the middle of the address - * space, which contains the Xen mappings. On 32-bit these - * will end up making a zero-sized hole and so is a no-op. + * space, which contains the Xen mappings. */ - hole_low = pgd_index(USER_LIMIT); - hole_high = pgd_index(PAGE_OFFSET); + hole_low = pgd_index(GUARD_HOLE_BASE_ADDR); + hole_high = pgd_index(GUARD_HOLE_END_ADDR); +#endif nr = pgd_index(limit) + 1; for (i = 0; i < nr; i++) { -- 2.19.1