| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tip-9df9516940a61d29aedf4d91b483ca6597e7d480@git.kernel.org>
Date: Mon, 20 Aug 2018 09:11:55 -0700
From: tip-bot for Vlastimil Babka <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: torvalds@...ux-foundation.org, dave.hansen@...el.com,
mingo@...nel.org, ak@...ux.intel.com, dimstar@...e.de,
hpa@...or.com, vbabka@...e.cz, mhocko@...e.com, mhocko@...nel.org,
tglx@...utronix.de, linux-kernel@...r.kernel.org, adrian@...e.de
Subject: [tip:x86/urgent] x86/speculation/l1tf: Fix overflow in
l1tf_pfn_limit() on 32bit
Commit-ID: 9df9516940a61d29aedf4d91b483ca6597e7d480
Gitweb: https://git.kernel.org/tip/9df9516940a61d29aedf4d91b483ca6597e7d480
Author: Vlastimil Babka <vbabka@...e.cz>
AuthorDate: Mon, 20 Aug 2018 11:58:35 +0200
Committer: Thomas Gleixner <tglx@...utronix.de>
CommitDate: Mon, 20 Aug 2018 18:04:42 +0200
x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
On 32bit PAE kernels on 64bit hardware with enough physical bits,
l1tf_pfn_limit() will overflow unsigned long. This in turn affects
max_swapfile_size() and can lead to swapon returning -EINVAL. This has been
observed in a 32bit guest with 42 bits physical address size, where
max_swapfile_size() overflows exactly to 1 << 32, thus zero, and produces
the following warning to dmesg:
[ 6.396845] Truncating oversized swap area, only using 0k out of 2047996k
Fix this by using unsigned long long instead.
Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2")
Reported-by: Dominique Leuenberger <dimstar@...e.de>
Reported-by: Adrian Schroeter <adrian@...e.de>
Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Acked-by: Andi Kleen <ak@...ux.intel.com>
Acked-by: Michal Hocko <mhocko@...e.com>
Cc: "H . Peter Anvin" <hpa@...or.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: Michal Hocko <mhocko@...nel.org>
Cc: stable@...r.kernel.org
Link: https://lkml.kernel.org/r/20180820095835.5298-1-vbabka@suse.cz
---
arch/x86/include/asm/processor.h | 4 ++--
arch/x86/mm/init.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 682286aca881..a0a52274cb4a 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -181,9 +181,9 @@ extern const struct seq_operations cpuinfo_op;
extern void cpu_detect(struct cpuinfo_x86 *c);
-static inline unsigned long l1tf_pfn_limit(void)
+static inline unsigned long long l1tf_pfn_limit(void)
{
- return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
+ return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
}
extern void early_cpu_init(void);
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index acfab322fbe0..02de3d6065c4 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void)
if (boot_cpu_has_bug(X86_BUG_L1TF)) {
/* Limit the swap file size to MAX_PA/2 for L1TF workaround */
- unsigned long l1tf_limit = l1tf_pfn_limit() + 1;
+ unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
/*
* We encode swap offsets also with 3 bits below those for pfn
* which makes the usable limit higher.
@@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void)
#if CONFIG_PGTABLE_LEVELS > 2
l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT;
#endif
- pages = min_t(unsigned long, l1tf_limit, pages);
+ pages = min_t(unsigned long long, l1tf_limit, pages);
}
return pages;
}
Powered by blists - more mailing lists