* [PATCH] x86/ioremap: Fix off-by-one in e820 check in memremap_should_map_decrypted() @ 2025-04-18 13:59 Dmytro Maluka 2025-04-18 14:43 ` Tom Lendacky 0 siblings, 1 reply; 3+ messages in thread From: Dmytro Maluka @ 2025-04-18 13:59 UTC (permalink / raw) To: Dave Hansen Cc: Tom Lendacky, Dmytro Maluka, Andy Lutomirski, Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), H. Peter Anvin, open list:X86 MM The end address in e820__get_entry_type() is exclusive, not inclusive. Note: untested, bug found by code inspection. Signed-off-by: Dmytro Maluka <dmaluka@chromium.org> --- arch/x86/mm/ioremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index 331e101bf801..a44800a6196e 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -578,7 +578,7 @@ static bool memremap_should_map_decrypted(resource_size_t phys_addr, } /* Check if the address is outside kernel usable area */ - switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { + switch (e820__get_entry_type(phys_addr, phys_addr + size)) { case E820_TYPE_RESERVED: case E820_TYPE_ACPI: case E820_TYPE_NVS: -- 2.49.0.805.g082f7c87e0-goog ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/ioremap: Fix off-by-one in e820 check in memremap_should_map_decrypted() 2025-04-18 13:59 [PATCH] x86/ioremap: Fix off-by-one in e820 check in memremap_should_map_decrypted() Dmytro Maluka @ 2025-04-18 14:43 ` Tom Lendacky 2025-04-18 16:48 ` Dmytro Maluka 0 siblings, 1 reply; 3+ messages in thread From: Tom Lendacky @ 2025-04-18 14:43 UTC (permalink / raw) To: Dmytro Maluka, Dave Hansen Cc: Andy Lutomirski, Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), H. Peter Anvin, open list:X86 MM On 4/18/25 08:59, Dmytro Maluka wrote: > The end address in e820__get_entry_type() is exclusive, not inclusive. > > Note: untested, bug found by code inspection. > > Signed-off-by: Dmytro Maluka <dmaluka@chromium.org> > --- > arch/x86/mm/ioremap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c > index 331e101bf801..a44800a6196e 100644 > --- a/arch/x86/mm/ioremap.c > +++ b/arch/x86/mm/ioremap.c > @@ -578,7 +578,7 @@ static bool memremap_should_map_decrypted(resource_size_t phys_addr, > } > > /* Check if the address is outside kernel usable area */ > - switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { > + switch (e820__get_entry_type(phys_addr, phys_addr + size)) { I don't think removing the " - 1" is correct. For example, if you are mapping a page-aligned value for page-size (4K), then not subtracting 1 will place you on the next page, which is incorrect, because you are not mapping that page. Thanks, Tom > case E820_TYPE_RESERVED: > case E820_TYPE_ACPI: > case E820_TYPE_NVS: ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/ioremap: Fix off-by-one in e820 check in memremap_should_map_decrypted() 2025-04-18 14:43 ` Tom Lendacky @ 2025-04-18 16:48 ` Dmytro Maluka 0 siblings, 0 replies; 3+ messages in thread From: Dmytro Maluka @ 2025-04-18 16:48 UTC (permalink / raw) To: Tom Lendacky Cc: Dave Hansen, Andy Lutomirski, Peter Zijlstra, Thomas Gleixner, Ingo Molnar, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), H. Peter Anvin, open list:X86 MM, Grzegorz Jaszczyk On Fri, Apr 18, 2025 at 09:43:43AM -0500, Tom Lendacky wrote: > On 4/18/25 08:59, Dmytro Maluka wrote: > > The end address in e820__get_entry_type() is exclusive, not inclusive. > > > > Note: untested, bug found by code inspection. > > > > Signed-off-by: Dmytro Maluka <dmaluka@chromium.org> > > --- > > arch/x86/mm/ioremap.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c > > index 331e101bf801..a44800a6196e 100644 > > --- a/arch/x86/mm/ioremap.c > > +++ b/arch/x86/mm/ioremap.c > > @@ -578,7 +578,7 @@ static bool memremap_should_map_decrypted(resource_size_t phys_addr, > > } > > > > /* Check if the address is outside kernel usable area */ > > - switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { > > + switch (e820__get_entry_type(phys_addr, phys_addr + size)) { > > I don't think removing the " - 1" is correct. For example, if you are > mapping a page-aligned value for page-size (4K), then not subtracting 1 > will place you on the next page, which is incorrect, because you are not > mapping that page. But __e820__mapped_all(), called by e820__get_entry_type(), handles 'end' non-inclusively: ... /* Is the region (part) in overlap with the current region? */ if (entry->addr >= end || entry->addr + entry->size <= start) continue; ... /* * If 'start' is now at or beyond 'end', we're done, full * coverage of the desired range exists: */ if (start >= end) return entry; ... i.e. if we don't subtract 1, phys_addr + size is still outside the checked region, so all good? Whereas if we subtract 1, then we have a problem, since phys_addr + size - 1 is also outside the checked region, i.e. we check [phys_addr, phys_addr + size - 2] only? Am I missing something? ...Besides that, after looking closer at e820__get_entry_type(), it seems buggy on its own (independently of this off-by-one): it is supposed to return the e820 type of the given range, but if this range is not covered by a single e820 region but is covered by several e820 regions, it doesn't check if they all have the same type, it just returns the type of the last region. So e.g. if half of the range is E820_TYPE_RAM and only the second half is E820_TYPE_RESERVED, e820__get_entry_type() will wrongly return E820_TYPE_RESERVED, so memremap_should_map_decrypted() will cause the the whole range mapped decrypted? > > Thanks, > Tom > > > case E820_TYPE_RESERVED: > > case E820_TYPE_ACPI: > > case E820_TYPE_NVS: ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-04-18 16:48 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-04-18 13:59 [PATCH] x86/ioremap: Fix off-by-one in e820 check in memremap_should_map_decrypted() Dmytro Maluka 2025-04-18 14:43 ` Tom Lendacky 2025-04-18 16:48 ` Dmytro Maluka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox