From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABE86C433E0 for ; Wed, 17 Feb 2021 16:21:44 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 639D264DE0 for ; Wed, 17 Feb 2021 16:21:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 639D264DE0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=Dx8B3fbk53LhrMTFhXblIVjHG1EECwy/ZUZ/+3/4Cp4=; b=b/bNfCEt2KFtdja94UTBeyllqJ EIfLXQrh8cQ7wm4oC+SlLr2MsUWhtEoF0JEQzJaOm63HM5rSSYA9WsF4bU7YF1yx4bF5Eka8bM7FI Z+JtS9VOGaD8vC2hynxA0Wf8jIhlebxT5quPdgvzYUnju0oRSKjjL1FliVy1Kz0MnYDTExQW5Y+Wu G4t6UE7FtcwsT22LUMJ74Ecv/R0lenIlql5kZq1ZMQHQFS+vuhU/5kd6m9x7zb0KFYb/F1BlJd4P1 gHz/7jiejGYHJdPjG2wThD+kOmrPSApO0Yv1tr8CqjYKC3+xTXkzi50g4hA1Jwearm6H5Ry3xX+u+ Wq0xvsAA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCPY8-0004R3-Ky; Wed, 17 Feb 2021 16:19:36 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lCPY6-0004QU-If for linux-arm-kernel@lists.infradead.org; Wed, 17 Feb 2021 16:19:35 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2E25A64DA1; Wed, 17 Feb 2021 16:19:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1613578773; bh=BVROWTgws0mPvLy3LbSpWdNtRF3nfKPqrVoE7GqtYlM=; h=From:To:Cc:Subject:Date:From; b=tnwlF9cP8RCYSyi6PDIFMh5p7pUnEtxGEpI9G/mceEzERFra+LSJfC+a7GQBV17IK cedeqfzlls+O87EH/3hxrrUEe/47DOWcZfVPm9sfi3BcZQYk7xqXUvlh7JWHC/T18Z s+3VFqhNokHBwaGn5lKN2gcVQItxZETNgiM5FRTdUMc5vDGvh3KwUQyPcbFLBeb2Eh EFKEsbBhsClza8egA9qkhF9dmFTwDfYlSwECaogLsUKqYXaD7Xewtp0R+eY6YBJjM3 osV7TBaXNHaT2sWzujnNFAhnpPYmvn+Mx7wJwLsjtqfA4MGTIlbxOJLrnwGD2QJ7Fk 4G++i8sncaPaQ== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v2] ARM: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled Date: Wed, 17 Feb 2021 17:19:28 +0100 Message-Id: <20210217161928.72167-1-ardb@kernel.org> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210217_111934_766671_BAB6A19D X-CRM114-Status: GOOD ( 19.29 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Robinson , linus.walleij@linaro.org, tglx@linutronix.de, linux@armlinux.org.uk, Ard Biesheuvel Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The debugging code for kmap_local() doubles the number of per-CPU fixmap slots allocated for kmap_local(), in order to use half of them as guard regions. This causes the fixmap region to grow downwards beyond the start of the fixmap region if the supported number of CPUs is large, and collide with the newly added virtual DT mapping, which is obviously not good. One manifestation of this is EFI boot on a kernel built with NR_CPUS=32 and CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting in block entries below the fixmap region that the fixmap code misidentifies as fixmap table entries, and subsequently tries to dereference using a phys-to-virt translation that is only valid for lowmem. This results in a cryptic splat such as the one below. ftrace: allocating 45548 entries in 89 pages 8<--- cut here --- Unable to handle kernel paging request at virtual address fc6006f0 pgd = (ptrval) [fc6006f0] *pgd=80000040207003, *pmd=00000000 Internal error: Oops: a06 [#1] SMP ARM Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382 Hardware name: Generic DT based system PC is at cpu_ca15_set_pte_ext+0x24/0x30 LR is at __set_fixmap+0xe4/0x118 pc : [] lr : [] psr: 400000d3 sp : c1601ed8 ip : 00400000 fp : 00800000 r10: 0000071f r9 : 00421000 r8 : 00c00000 r7 : 00c00000 r6 : 0000071f r5 : ffade000 r4 : 4040171f r3 : 00c00000 r2 : 4040171f r1 : c041ac78 r0 : fc6006f0 Flags: nZcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 40203000 DAC: 00000001 Process swapper (pid: 0, stack limit = 0x(ptrval)) So let's limit CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL is in effect. Also, fix the BUILD_BUG_ON() check that was supposed to catch this, by checking whether the region grows below the start address rather than above the end address. Fixes: 2a15ba82fa6ca3f3 ("ARM: highmem: Switch to generic kmap atomic") Reported-by: Peter Robinson Tested-by: Peter Robinson Signed-off-by: Ard Biesheuvel --- v2: - fix BUILD_BUG_ON() check - add a Fixes: tag and Peter's Tested-by: - clarify the commit log a bit arch/arm/Kconfig | 8 +++++++- arch/arm/mm/mmu.c | 3 +-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 138248999df7..3d2c684eab77 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1310,9 +1310,15 @@ config KASAN_SHADOW_OFFSET config NR_CPUS int "Maximum number of CPUs (2-32)" - range 2 32 + range 2 16 if DEBUG_KMAP_LOCAL + range 2 32 if !DEBUG_KMAP_LOCAL depends on SMP default "4" + help + The maximum number of CPUs that the kernel can support. + Up to 32 CPUs can be supported, or up to 16 if kmap_local() + debugging is enabled, which uses half of the per-CPU fixmap + slots as guard regions. config HOTPLUG_CPU bool "Support for hot-pluggable CPUs" diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c index c06ebfbc48c4..56c7954cb626 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -388,8 +388,7 @@ void __set_fixmap(enum fixed_addresses idx, phys_addr_t phys, pgprot_t prot) pte_t *pte = pte_offset_fixmap(pmd_off_k(vaddr), vaddr); /* Make sure fixmap region does not exceed available allocation. */ - BUILD_BUG_ON(FIXADDR_START + (__end_of_fixed_addresses * PAGE_SIZE) > - FIXADDR_END); + BUILD_BUG_ON(__fix_to_virt(__end_of_fixed_addresses) < FIXADDR_START); BUG_ON(idx >= __end_of_fixed_addresses); /* we only support device mappings until pgprot_kernel has been set */ -- 2.30.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel