From: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
To: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org,
jbarnes@virtuousgeek.org
Subject: Re: [PATCH 2/4] x86: ioremap: fix physical address check
Date: Mon, 14 Jun 2010 18:13:33 +0900 [thread overview]
Message-ID: <4C15F2BD.9020904@jp.fujitsu.com> (raw)
In-Reply-To: <20100614175912.976f5878.kamezawa.hiroyu@jp.fujitsu.com>
Thank you Hiroyuki.
So many bugs in ioremap()...
Will try with those bugs fixed.
Thanks,
Kenji Kaneshige
(2010/06/14 17:59), KAMEZAWA Hiroyuki wrote:
> On Mon, 14 Jun 2010 09:18:23 +0900
> KAMEZAWA Hiroyuki<kamezawa.hiroyu@jp.fujitsu.com> wrote:
>
>> On Fri, 11 Jun 2010 10:43:27 -0700
>> "H. Peter Anvin"<hpa@zytor.com> wrote:
>>
>>> On 06/11/2010 02:20 AM, Kenji Kaneshige wrote:
>>>> If the physical address is too high to be handled by ioremap() in
>>>> x86_32 PAE (e.g. more than 36-bit physical address), ioremap() must
>>>> return error (NULL). However, current x86 ioremap try to map this too
>>>> high physical address, and it causes unexpected behavior.
>>>
>>> What unexpected behavior? It is perfectly legitimately to map such a
>>> high address in PAE mode. We have a 36-bit kernel-imposed limit on
>>> *RAM* in 32-bit mode (because we can't manage more than that), but there
>>> is no reason it should apply to I/O.
>>>
>>
>> I'm sorry for lack of study.
>
> Now, __ioremap_caller() gets 64 bit argument as physical address.
> == 2.6.35-rc2 ==
> static void __iomem *__ioremap_caller(resource_size_t phys_addr,
> unsigned long size, unsigned long prot_val, void *caller)
> {
> ==
>
> And check physical address is valid based on the value got from cpuid.
> ==
> if (!phys_addr_valid(phys_addr)) {
> printk(KERN_WARNING "ioremap: invalid physical address %llx\n",
> (unsigned long long)phys_addr);
> WARN_ON_ONCE(1);
> return NULL;
> }
> ==
>
>
> At 1st, this seems buggy.
> ==
> /*
> * Don't allow anybody to remap normal RAM that we're using..
> */
> for (pfn = phys_addr>> PAGE_SHIFT;
> (pfn<< PAGE_SHIFT)< (last_addr& PAGE_MASK);
> pfn++) {
>
> int is_ram = page_is_ram(pfn);
>
> if (is_ram&& pfn_valid(pfn)&& !PageReserved(pfn_to_page(pfn)))
> return NULL;
> WARN_ON_ONCE(is_ram);
> }
> ==
> If phys_addr> 44bit, pfn should be 64bit. don't it ?
> Then, page_is_ram should eat 64bit arguments.
>
> But here, assume phys_addr< 44bit and continue.
>
> Next,
> ===
> offset = phys_addr& ~PAGE_MASK;
> phys_addr&= PAGE_MASK;
> size = PAGE_ALIGN(last_addr+1) - phys_addr;
>
> this mask ops is bad. as the patch-1 shows.
>
> And, finally, calls get_vm_area.
>
> ==
> /*
> * Ok, go for it..
> */
> area = get_vm_area_caller(size, VM_IOREMAP, caller);
> if (!area)
> goto err_free_memtype;
> area->phys_addr = phys_addr;
> vaddr = (unsigned long) area->addr;
> ==
> Because area->phys_addr is 32bit. This may break something if we unmap this later.
>
> And, page table operation is this.
> ==
> if (ioremap_page_range(vaddr, vaddr + size, phys_addr, prot))
> goto err_free_area;
> ==
>
> Let's see lib/ioremap.c
> ==
> int ioremap_page_range(unsigned long addr,
> unsigned long end, unsigned long phys_addr, pgprot_t prot)
> {
> pgd_t *pgd;
>
> ==
>
> Oh, phys_addr is unsigned long again....Then, Kenji-san, what's buggy is this check.
> I think.
>
> Thanks,
> -Kame
>
>
>
>
>
>
>
next prev parent reply other threads:[~2010-06-14 9:14 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-11 9:17 [RFC][PATCH 0/4] x86: ioremap() problem in X86_32 PAE Kenji Kaneshige
2010-06-11 9:18 ` [PATCH 1/4] x86: ioremap: fix wrong address masking Kenji Kaneshige
2010-06-11 9:20 ` [PATCH 2/4] x86: ioremap: fix physical address check Kenji Kaneshige
2010-06-11 17:43 ` H. Peter Anvin
2010-06-14 0:18 ` KAMEZAWA Hiroyuki
2010-06-14 8:59 ` KAMEZAWA Hiroyuki
2010-06-14 9:13 ` Kenji Kaneshige [this message]
2010-06-14 11:06 ` Kenji Kaneshige
2010-06-14 18:36 ` H. Peter Anvin
2010-06-15 2:21 ` Kenji Kaneshige
2010-06-14 20:16 ` Rolf Eike Beer
2010-06-15 2:33 ` Kenji Kaneshige
2010-06-14 1:54 ` Kenji Kaneshige
2010-06-14 6:38 ` Maciej W. Rozycki
2010-06-14 8:23 ` Kenji Kaneshige
2010-06-14 9:02 ` Kenji Kaneshige
2010-06-14 15:40 ` H. Peter Anvin
2010-06-14 15:11 ` H. Peter Anvin
2010-06-14 8:27 ` Kenji Kaneshige
2010-06-14 15:12 ` H. Peter Anvin
2010-06-11 9:20 ` [PATCH 3/4] x86: ioremap: remove physical address warning message Kenji Kaneshige
2010-06-11 17:44 ` H. Peter Anvin
2010-06-14 2:06 ` Kenji Kaneshige
2010-06-11 9:21 ` [PATCH 4/4] x86: ioremap: fix normal ram range check Kenji Kaneshige
2010-06-11 17:41 ` [RFC][PATCH 0/4] x86: ioremap() problem in X86_32 PAE H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C15F2BD.9020904@jp.fujitsu.com \
--to=kaneshige.kenji@jp.fujitsu.com \
--cc=hpa@zytor.com \
--cc=jbarnes@virtuousgeek.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.