| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Aug 2018 15:56:33 +0200
From: Michal Hocko <mhocko@...nel.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andi Kleen <ak@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>, stable@...r.kernel.org,
Christopher Snowhill <kode54@...il.com>,
George Anchev <studio@...hev.net>
Subject: Re: [PATCH] x86/speculation/l1tf: fix off-by-one error when warning
that system has too much RAM
On Thu 23-08-18 15:44:18, Vlastimil Babka wrote:
> Two users have reported [1] that they have an "extremely unlikely" system
> with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact
> it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes
> in the e820 map, the main region is almost 500MB over the 32GB limit:
>
> [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable
>
> Suggestions to use 'mem=32G' to prefer L1TF mitigation while losing the 500MB
> revealed, that there's an off-by-one error in the check in
> l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn
> (inclusive), but it's more common and hopefully less error-prone to return the
> first pfn that's over limit, so this patch changes that and updates the other
> callers.
>
> [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536
>
> Reported-by: George Anchev <studio@...hev.net>
> Reported-by: Christopher Snowhill <kode54@...il.com>
> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
> Cc: stable@...r.kernel.org
> Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
Yes this should be less error prone.
Acked-by: Michal Hocko <mhocko@...e.com>
> ---
> arch/x86/include/asm/processor.h | 2 +-
> arch/x86/mm/init.c | 2 +-
> arch/x86/mm/mmap.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
> index a0a52274cb4a..c24297268ebc 100644
> --- a/arch/x86/include/asm/processor.h
> +++ b/arch/x86/include/asm/processor.h
> @@ -183,7 +183,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c);
>
> static inline unsigned long long l1tf_pfn_limit(void)
> {
> - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
> + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT);
> }
>
> extern void early_cpu_init(void);
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index 02de3d6065c4..63a6f9fcaf20 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void)
>
> if (boot_cpu_has_bug(X86_BUG_L1TF)) {
> /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
> - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
> + unsigned long long l1tf_limit = l1tf_pfn_limit();
> /*
> * We encode swap offsets also with 3 bits below those for pfn
> * which makes the usable limit higher.
> diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
> index f40ab8185d94..1e95d57760cf 100644
> --- a/arch/x86/mm/mmap.c
> +++ b/arch/x86/mm/mmap.c
> @@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot)
> /* If it's real memory always allow */
> if (pfn_valid(pfn))
> return true;
> - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
> + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
> return false;
> return true;
> }
> --
> 2.18.0
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists