From: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org
Cc: linux-pci@vger.kernel.org, jbarnes@virtuousgeek.org
Subject: [PATCH 1/4] x86: ioremap: fix wrong address masking
Date: Fri, 11 Jun 2010 18:18:40 +0900 [thread overview]
Message-ID: <4C11FF70.5080909@jp.fujitsu.com> (raw)
In-Reply-To: <4C11FF10.4060203@jp.fujitsu.com>
Current x86 ioremap() doesn't handle physical address higher than
32-bit properly in X86_32 PAE mode. When physical address higher than
32-bit is passed to ioremap(), higher 32-bits in physical address is
cleared wrongly. Due to this bug, ioremap() can map wrong address to
linear address space.
In my case, 64-bit MMIO region was assigned to a PCI device (ioat
device) on my system. Because of the ioremap()'s bug, wrong physical
address (instead of MMIO region) was mapped to linear address space.
Because of this, loading ioatdma driver caused unexpected behavior
(kernel panic, kernel hangup, ...).
Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
---
arch/x86/mm/ioremap.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
Index: linux-2.6.34/arch/x86/mm/ioremap.c
===================================================================
--- linux-2.6.34.orig/arch/x86/mm/ioremap.c 2010-06-10 07:28:28.222386973 +0900
+++ linux-2.6.34/arch/x86/mm/ioremap.c 2010-06-10 07:28:31.966187993 +0900
@@ -62,7 +62,7 @@
static void __iomem *__ioremap_caller(resource_size_t phys_addr,
unsigned long size, unsigned long prot_val, void *caller)
{
- unsigned long pfn, offset, vaddr;
+ unsigned long pfn, last_pfn, offset, vaddr;
resource_size_t last_addr;
const resource_size_t unaligned_phys_addr = phys_addr;
const unsigned long unaligned_size = size;
@@ -100,10 +100,8 @@
/*
* Don't allow anybody to remap normal RAM that we're using..
*/
- for (pfn = phys_addr >> PAGE_SHIFT;
- (pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
- pfn++) {
-
+ last_pfn = last_addr >> PAGE_SHIFT;
+ for (pfn = phys_addr >> PAGE_SHIFT; pfn < last_pfn; pfn++) {
int is_ram = page_is_ram(pfn);
if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
@@ -115,7 +113,7 @@
* Mappings have to be page-aligned
*/
offset = phys_addr & ~PAGE_MASK;
- phys_addr &= PAGE_MASK;
+ phys_addr &= PHYSICAL_PAGE_MASK;
size = PAGE_ALIGN(last_addr+1) - phys_addr;
retval = reserve_memtype(phys_addr, (u64)phys_addr + size,
next prev parent reply other threads:[~2010-06-11 9:19 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-11 9:17 [RFC][PATCH 0/4] x86: ioremap() problem in X86_32 PAE Kenji Kaneshige
2010-06-11 9:18 ` Kenji Kaneshige [this message]
2010-06-11 9:20 ` [PATCH 2/4] x86: ioremap: fix physical address check Kenji Kaneshige
2010-06-11 17:43 ` H. Peter Anvin
2010-06-14 0:18 ` KAMEZAWA Hiroyuki
2010-06-14 8:59 ` KAMEZAWA Hiroyuki
2010-06-14 9:13 ` Kenji Kaneshige
2010-06-14 11:06 ` Kenji Kaneshige
2010-06-14 18:36 ` H. Peter Anvin
2010-06-15 2:21 ` Kenji Kaneshige
2010-06-14 20:16 ` Rolf Eike Beer
2010-06-15 2:33 ` Kenji Kaneshige
2010-06-14 1:54 ` Kenji Kaneshige
2010-06-14 6:38 ` Maciej W. Rozycki
2010-06-14 8:23 ` Kenji Kaneshige
2010-06-14 9:02 ` Kenji Kaneshige
2010-06-14 15:40 ` H. Peter Anvin
2010-06-14 15:11 ` H. Peter Anvin
2010-06-14 8:27 ` Kenji Kaneshige
2010-06-14 15:12 ` H. Peter Anvin
2010-06-11 9:20 ` [PATCH 3/4] x86: ioremap: remove physical address warning message Kenji Kaneshige
2010-06-11 17:44 ` H. Peter Anvin
2010-06-14 2:06 ` Kenji Kaneshige
2010-06-11 9:21 ` [PATCH 4/4] x86: ioremap: fix normal ram range check Kenji Kaneshige
2010-06-11 17:41 ` [RFC][PATCH 0/4] x86: ioremap() problem in X86_32 PAE H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C11FF70.5080909@jp.fujitsu.com \
--to=kaneshige.kenji@jp.fujitsu.com \
--cc=hpa@zytor.com \
--cc=jbarnes@virtuousgeek.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox