| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180820104932.GI29735@dhcp22.suse.cz>
Date: Mon, 20 Aug 2018 12:49:32 +0200
From: Michal Hocko <mhocko@...nel.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>, stable@...r.kernel.org,
Adrian Schroeter <adrian@...e.de>,
Dominique Leuenberger <dimstar@...e.de>
Subject: Re: [PATCH] x86/speculation/l1tf: fix overflow on l1tf_pfn_limit()
on 32bit
On Mon 20-08-18 11:58:35, Vlastimil Babka wrote:
> On 32bit PAE kernels on 64bit hardware with enough physical bits,
> l1tf_pfn_limit() will overflow unsigned long. This in turn affects
> max_swapfile_size() and can lead to swapon returning -EINVAL. This has been
> observed in a 32bit guest with 42 bits physical address size, where
> max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces the
> following warning to dmesg:
>
> [ 6.396845] Truncating oversized swap area, only using 0k out of 2047996k
>
> Fix this by using unsigned long long instead.
>
> Reported-by: Dominique Leuenberger <dimstar@...e.de>
> Reported-by: Adrian Schroeter <adrian@...e.de>
> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
> Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2")
> Cc: stable@...r.kernel.org
> Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
Looks good to me. I would probably use phys_addr_t which would be more
descriptive but this is just minor thing.
Acked-by: Michal Hocko <mhocko@...e.com>
> ---
> arch/x86/include/asm/processor.h | 4 ++--
> arch/x86/mm/init.c | 4 ++--
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
> index 682286aca881..a0a52274cb4a 100644
> --- a/arch/x86/include/asm/processor.h
> +++ b/arch/x86/include/asm/processor.h
> @@ -181,9 +181,9 @@ extern const struct seq_operations cpuinfo_op;
>
> extern void cpu_detect(struct cpuinfo_x86 *c);
>
> -static inline unsigned long l1tf_pfn_limit(void)
> +static inline unsigned long long l1tf_pfn_limit(void)
> {
> - return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
> + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
> }
>
> extern void early_cpu_init(void);
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index acfab322fbe0..02de3d6065c4 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void)
>
> if (boot_cpu_has_bug(X86_BUG_L1TF)) {
> /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
> - unsigned long l1tf_limit = l1tf_pfn_limit() + 1;
> + unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
> /*
> * We encode swap offsets also with 3 bits below those for pfn
> * which makes the usable limit higher.
> @@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void)
> #if CONFIG_PGTABLE_LEVELS > 2
> l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT;
> #endif
> - pages = min_t(unsigned long, l1tf_limit, pages);
> + pages = min_t(unsigned long long, l1tf_limit, pages);
> }
> return pages;
> }
> --
> 2.18.0
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists