lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 20 Aug 2018 13:41:03 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     Michal Hocko <mhocko@...nel.org>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>, stable@...r.kernel.org,
        Adrian Schroeter <adrian@...e.de>,
        Dominique Leuenberger <dimstar@...e.de>
Subject: Re: [PATCH] x86/speculation/l1tf: fix overflow on l1tf_pfn_limit() on
 32bit

On 08/20/2018 12:49 PM, Michal Hocko wrote:
> On Mon 20-08-18 11:58:35, Vlastimil Babka wrote:
>> On 32bit PAE kernels on 64bit hardware with enough physical bits,
>> l1tf_pfn_limit() will overflow unsigned long. This in turn affects
>> max_swapfile_size() and can lead to swapon returning -EINVAL. This has been
>> observed in a 32bit guest with 42 bits physical address size, where
>> max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces the
>> following warning to dmesg:
>>
>> [    6.396845] Truncating oversized swap area, only using 0k out of 2047996k
>>
>> Fix this by using unsigned long long instead.
>>
>> Reported-by: Dominique Leuenberger <dimstar@...e.de>
>> Reported-by: Adrian Schroeter <adrian@...e.de>
>> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
>> Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
> 
> Looks good to me. I would probably use phys_addr_t which would be more
> descriptive but this is just minor thing.

Hmm phys_addr_t is still 32bit on !PAE so there the overflow could still
happen. I guess max_swapfile_size() should skip the whole L1TF part for
!PAE since there is no pte inverting done anyway.

Also the value is "number of pages" which is not the same as "physical
address" so the phys_addr_t could be misleading anyway?

> Acked-by: Michal Hocko <mhocko@...e.com>

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ