| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Sep 2021 11:41:32 -0400
From: Jeff Moyer <jmoyer@...hat.com>
To: dan.j.williams@...el.com
Cc: David Hildenbrand <david@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, Tony Luck <tony.luck@...el.com>,
Borislav Petkov <bp@...en8.de>, linux-edac@...r.kernel.org,
x86@...nel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [patch, v2] x86/pat: pass valid address to sanitize_phys()
Ping?
Jeff Moyer <jmoyer@...hat.com> writes:
> The end address passed to memtype_reserve() is handed directly to
> sanitize_phys(). However, end is exclusive and sanitize_phys() expects
> an inclusive address. If end falls at the end of the physical address
> space, sanitize_phys() will return 0. This can result in drivers
> failing to load, and the following warning:
>
> [ 9.999440] mpt3sas version 29.100.01.00 loaded
> [ 9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
> [ 9.999819] ------------[ cut here ]------------
> [ 9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
> [ 9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
> [ 9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
> [ 9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
> [ 9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
> [ 9.999843] Call Trace:
> [ 9.999851] [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
> [ 9.999857] [<ffffffffa429bc08>] __warn+0xd8/0x100
> [ 9.999859] [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
> [ 9.999861] [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
> [ 9.999867] [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
> [ 9.999872] [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999875] [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
> [ 9.999879] [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [ 9.999884] [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
> [ 9.999889] [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
> [ 9.999894] [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
> [ 9.999901] [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
> [ 9.999903] [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
> [ 9.999909] [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
> [ 9.999910] [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
> [ 9.999912] [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
> [ 9.999914] [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
> [ 9.999916] [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
> [ 9.999918] [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
> [ 9.999920] [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
> [ 9.999922] [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
> [ 9.999924] [<ffffffffc049b000>] ? 0xffffffffc049afff
> [ 9.999928] [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
> [ 9.999933] [<ffffffffa420210a>] do_one_initcall+0xba/0x240
> [ 9.999940] [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
> [ 9.999946] [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
> [ 9.999948] [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
> [ 9.999954] [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
> [ 9.999955] ---[ end trace 6d6eea4438db89ef ]---
> [ 9.999957] ioremap reserve_memtype failed -22
> [ 10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
> [ 10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
>
> (Note that this warning was from an older distribution kernel, so line
> numbers and file names may not line up with the current tree.)
>
> Fix this by passing the inclusive end address to sanitize_phys().
>
> Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
> Signed-off-by: Jeff Moyer <jmoyer@...hat.com>
> Reviewed-by: David Hildenbrand <david@...hat.com>
>
> ---
> v2:
> - Add the warning splat to the commit log. (tglx)
> - Use parenthesis when referring to function names. (tglx)
> - Add a comment to the code. (tglx)
> - Use inclusive/exclusive instead of interval notation.
>
> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
> index 3112ca7786ed..4ba2a3ee4bce 100644
> --- a/arch/x86/mm/pat/memtype.c
> +++ b/arch/x86/mm/pat/memtype.c
> @@ -583,7 +583,12 @@ int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
> int err = 0;
>
> start = sanitize_phys(start);
> - end = sanitize_phys(end);
> +
> + /*
> + * The end address passed into this function is exclusive, but
> + * sanitize_phys() expects an inclusive address.
> + */
> + end = sanitize_phys(end - 1) + 1;
> if (start >= end) {
> WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
> start, end - 1, cattr_name(req_type));
Powered by blists - more mailing lists