From patchwork Mon Dec 18 10:00:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 122201 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2624437qgn; Mon, 18 Dec 2017 02:01:26 -0800 (PST) X-Google-Smtp-Source: ACJfBotnweFPxyBjXCyw9EGORp6njv8y/nQqrSZ/4puaKc59UH6AWbULl6K1y8fAcRmHr8kxa+MK X-Received: by 10.84.167.2 with SMTP id c2mr21703351plb.25.1513591285930; Mon, 18 Dec 2017 02:01:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1513591285; cv=none; d=google.com; s=arc-20160816; b=rrgp5R6FZP2/h8NMfiZWiMGZKEhd8j7H5i7mXTJfinYST0I3rGhBSn5K6FlN9tZmSG k/+KSoCZVoN9vkwazgVNC/pbXf4ddm47VA+/4qwmykHeV+DRSPyTVK+2fUoW5q2TIoMU owXpGDatvMM/RI6Q6cNuBc+aXTNTzrq8GnqAhd9NlEqXMyQNUm1TyuA7p5U8x8MKPFDg HouLIGHu5/ViXvzjZdr9OnN1EV7LAps4Hb17/aidMxvY5mKZ8oMwQEypdqSI3m7h7mAT ZQSzireYONtAa3CyOo/4UsSqWXVz48zZN4a6FHThg3vX89qFrul9N0OZjC9iCz4TFfz0 KddQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=cJ7O2YDOAngf5T+WiKm6bbOBGLcGUbWRpHo6dhz4Ckg=; b=GQGnedxbuJ3OO/P3UuslRv9vlN6HPp5mX/W8nl46E+ZB40eVDfVohL5U8BCEbqQgNG LvkNDV1MjiALUAZisJ78rrKBxZiBjplsFO5yXNz2imoVYWIw4PbSKNaru+ru18QIB+Eh IRTlFuei2I2I0MvfJn6rhxfhcPY8Fu1qE0SRIpCXFbutvwkCi1SRRsR0OyF3HzupRLjW zVa0XjhAvPEaccHdoknZ75+zM74LPg0l27QGjV3O5kD7E+JsLiH3XEg18HE9wr8uZHpb 0IoTjNTuiyve1njbd6dHASNU3Ycom2KReKtxYzL66fbg9RoTFhL9sDC4JAZqN369XT4l L8LQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZClxsCZH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z23si8319207pgc.428.2017.12.18.02.01.25; Mon, 18 Dec 2017 02:01:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZClxsCZH; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758384AbdLRKBX (ORCPT + 10 others); Mon, 18 Dec 2017 05:01:23 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:40796 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758397AbdLRKBU (ORCPT ); Mon, 18 Dec 2017 05:01:20 -0500 Received: by mail-wm0-f66.google.com with SMTP id f206so28083592wmf.5 for ; Mon, 18 Dec 2017 02:01:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cJ7O2YDOAngf5T+WiKm6bbOBGLcGUbWRpHo6dhz4Ckg=; b=ZClxsCZHs2lr9Mgw0CX+KCPRYa8Y653f5I5R4Nu7M6s9yNTLh1Uyfc5URM6kX2zekj 7KAqdvsbZ3vwdzRYUXAC/2UCv8yTuV88jgeL82Bg0e/MbiPpM/ilVIY1eoq2T+PjI668 P7711x9HBYExAC3VFS4xzVmuYfSbDIHdiz8o8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cJ7O2YDOAngf5T+WiKm6bbOBGLcGUbWRpHo6dhz4Ckg=; b=EnZ9qqCq2a7GLTfc4vdkYjcwg1nAbII1ZIHUdTW7R/XoL3tgadPyTl9rXqXmgfQqKA SirDiTREIKSWL1jH6l3CpkWryvQ+D+g65ZLogr2CFPp1Msk9+q7ypPY7cSUVs2PbTs0E 6iN3zo8N0r+rviStGgZeFfo8TNnbNPgdMCYXjSg8KPh94azrxMWOB4ci9Vk1yi7hx+ng Pem+1ZOSbFeIpDrHgBNRaIb9SYIo5Q/Mu38STVfFEZlo4qAN00dtbUOa69rdbdYEVGa1 J3Q/kgTLbRx84k3BSxskAkuIrTMeQh+t9jGr0dk1NIyfqPOxwa1TzidVrnrB2Ka5iTDh uBVA== X-Gm-Message-State: AKGB3mISLL1daQJ+qHo8OPJs+gBmJLLmqvL2l8VKllEPUQ3cTPtKOK+v /pOXqAV7WPM/a/sI6r8ci3MwEA== X-Received: by 10.80.226.198 with SMTP id q6mr28948338edl.290.1513591278786; Mon, 18 Dec 2017 02:01:18 -0800 (PST) Received: from localhost.localdomain (x50d2404e.cust.hiper.dk. [80.210.64.78]) by smtp.gmail.com with ESMTPSA id h16sm10403130edj.34.2017.12.18.02.01.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 18 Dec 2017 02:01:17 -0800 (PST) From: Christoffer Dall To: Paolo Bonzini , =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= Cc: Marc Zyngier , linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, stable@vger.kernel.org, Christoffer Dall Subject: [PULL 2/5] KVM: arm/arm64: Fix HYP unmapping going off limits Date: Mon, 18 Dec 2017 11:00:54 +0100 Message-Id: <20171218100057.7839-3-christoffer.dall@linaro.org> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171218100057.7839-1-christoffer.dall@linaro.org> References: <20171218100057.7839-1-christoffer.dall@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Marc Zyngier When we unmap the HYP memory, we try to be clever and unmap one PGD at a time. If we start with a non-PGD aligned address and try to unmap a whole PGD, things go horribly wrong in unmap_hyp_range (addr and end can never match, and it all goes really badly as we keep incrementing pgd and parse random memory as page tables...). The obvious fix is to let unmap_hyp_range do what it does best, which is to iterate over a range. The size of the linear mapping, which begins at PAGE_OFFSET, can be easily calculated by subtracting PAGE_OFFSET form high_memory, because high_memory is defined as the linear map address of the last byte of DRAM, plus one. The size of the vmalloc region is given trivially by VMALLOC_END - VMALLOC_START. Cc: stable@vger.kernel.org Reported-by: Andre Przywara Tested-by: Andre Przywara Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall --- virt/kvm/arm/mmu.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) -- 2.14.2 diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index b36945d49986..b4b69c2d1012 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -509,8 +509,6 @@ static void unmap_hyp_range(pgd_t *pgdp, phys_addr_t start, u64 size) */ void free_hyp_pgds(void) { - unsigned long addr; - mutex_lock(&kvm_hyp_pgd_mutex); if (boot_hyp_pgd) { @@ -521,10 +519,10 @@ void free_hyp_pgds(void) if (hyp_pgd) { unmap_hyp_range(hyp_pgd, hyp_idmap_start, PAGE_SIZE); - for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE) - unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); - for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE) - unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); + unmap_hyp_range(hyp_pgd, kern_hyp_va(PAGE_OFFSET), + (uintptr_t)high_memory - PAGE_OFFSET); + unmap_hyp_range(hyp_pgd, kern_hyp_va(VMALLOC_START), + VMALLOC_END - VMALLOC_START); free_pages((unsigned long)hyp_pgd, hyp_pgd_order); hyp_pgd = NULL;