diff mbox series

[v2] x86/pat: pass valid address to sanitize_phys()

Message ID x49o8a3pu5i.fsf@segfault.boston.devel.redhat.com (mailing list archive)
State New, archived
Headers show
Series [v2] x86/pat: pass valid address to sanitize_phys() | expand

Commit Message

Jeff Moyer Aug. 11, 2021, 9:07 p.m. UTC
The end address passed to memtype_reserve() is handed directly to
sanitize_phys().  However, end is exclusive and sanitize_phys() expects
an inclusive address.  If end falls at the end of the physical address
space, sanitize_phys() will return 0.  This can result in drivers
failing to load, and the following warning:

[    9.999440] mpt3sas version 29.100.01.00 loaded
[    9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
[    9.999819] ------------[ cut here ]------------
[    9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
[    9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
[    9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
[    9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
[    9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
[    9.999843] Call Trace:
[    9.999851]  [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
[    9.999857]  [<ffffffffa429bc08>] __warn+0xd8/0x100
[    9.999859]  [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
[    9.999861]  [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
[    9.999867]  [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
[    9.999872]  [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
[    9.999875]  [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
[    9.999879]  [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
[    9.999884]  [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
[    9.999889]  [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
[    9.999894]  [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
[    9.999901]  [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
[    9.999903]  [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
[    9.999909]  [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
[    9.999910]  [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
[    9.999912]  [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
[    9.999914]  [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
[    9.999916]  [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
[    9.999918]  [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
[    9.999920]  [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
[    9.999922]  [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
[    9.999924]  [<ffffffffc049b000>] ? 0xffffffffc049afff
[    9.999928]  [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
[    9.999933]  [<ffffffffa420210a>] do_one_initcall+0xba/0x240
[    9.999940]  [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
[    9.999946]  [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
[    9.999948]  [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
[    9.999954]  [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
[    9.999955] ---[ end trace 6d6eea4438db89ef ]---
[    9.999957] ioremap reserve_memtype failed -22
[   10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
[   10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!

(Note that this warning was from an older distribution kernel, so line
numbers and file names may not line up with the current tree.)

Fix this by passing the inclusive end address to sanitize_phys().

Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>

---
v2:
- Add the warning splat to the commit log. (tglx)
- Use parenthesis when referring to function names. (tglx)
- Add a comment to the code. (tglx)
- Use inclusive/exclusive instead of interval notation.

Comments

Jeff Moyer Sept. 1, 2021, 3:41 p.m. UTC | #1
Ping?

Jeff Moyer <jmoyer@redhat.com> writes:

> The end address passed to memtype_reserve() is handed directly to
> sanitize_phys().  However, end is exclusive and sanitize_phys() expects
> an inclusive address.  If end falls at the end of the physical address
> space, sanitize_phys() will return 0.  This can result in drivers
> failing to load, and the following warning:
>
> [    9.999440] mpt3sas version 29.100.01.00 loaded
> [    9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
> [    9.999819] ------------[ cut here ]------------
> [    9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
> [    9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
> [    9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
> [    9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
> [    9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
> [    9.999843] Call Trace:
> [    9.999851]  [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
> [    9.999857]  [<ffffffffa429bc08>] __warn+0xd8/0x100
> [    9.999859]  [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
> [    9.999861]  [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
> [    9.999867]  [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
> [    9.999872]  [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [    9.999875]  [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
> [    9.999879]  [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [    9.999884]  [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
> [    9.999889]  [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
> [    9.999894]  [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
> [    9.999901]  [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
> [    9.999903]  [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
> [    9.999909]  [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
> [    9.999910]  [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
> [    9.999912]  [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
> [    9.999914]  [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
> [    9.999916]  [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
> [    9.999918]  [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
> [    9.999920]  [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
> [    9.999922]  [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
> [    9.999924]  [<ffffffffc049b000>] ? 0xffffffffc049afff
> [    9.999928]  [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
> [    9.999933]  [<ffffffffa420210a>] do_one_initcall+0xba/0x240
> [    9.999940]  [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
> [    9.999946]  [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
> [    9.999948]  [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
> [    9.999954]  [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
> [    9.999955] ---[ end trace 6d6eea4438db89ef ]---
> [    9.999957] ioremap reserve_memtype failed -22
> [   10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
> [   10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
>
> (Note that this warning was from an older distribution kernel, so line
> numbers and file names may not line up with the current tree.)
>
> Fix this by passing the inclusive end address to sanitize_phys().
>
> Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
> Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>
>
> ---
> v2:
> - Add the warning splat to the commit log. (tglx)
> - Use parenthesis when referring to function names. (tglx)
> - Add a comment to the code. (tglx)
> - Use inclusive/exclusive instead of interval notation.
>
> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
> index 3112ca7786ed..4ba2a3ee4bce 100644
> --- a/arch/x86/mm/pat/memtype.c
> +++ b/arch/x86/mm/pat/memtype.c
> @@ -583,7 +583,12 @@ int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
>  	int err = 0;
>  
>  	start = sanitize_phys(start);
> -	end = sanitize_phys(end);
> +
> +	/*
> +	 * The end address passed into this function is exclusive, but
> +	 * sanitize_phys() expects an inclusive address.
> +	 */
> +	end = sanitize_phys(end - 1) + 1;
>  	if (start >= end) {
>  		WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
>  				start, end - 1, cattr_name(req_type));
Dan Williams Sept. 1, 2021, 5:08 p.m. UTC | #2
On Wed, Aug 11, 2021 at 2:06 PM Jeff Moyer <jmoyer@redhat.com> wrote:
>
> The end address passed to memtype_reserve() is handed directly to
> sanitize_phys().  However, end is exclusive and sanitize_phys() expects
> an inclusive address.  If end falls at the end of the physical address
> space, sanitize_phys() will return 0.  This can result in drivers
> failing to load, and the following warning:
>
> [    9.999440] mpt3sas version 29.100.01.00 loaded
> [    9.999817] mpt3sas_cm0: 64 BIT PCI BUS DMA ADDRESSING SUPPORTED, total mem (65413664 kB)
> [    9.999819] ------------[ cut here ]------------
> [    9.999826] WARNING: CPU: 26 PID: 749 at arch/x86/mm/pat.c:354 reserve_memtype+0x262/0x450
> [    9.999828] reserve_memtype failed: [mem 0x3ffffff00000-0xffffffffffffffff], req uncached-minus
> [    9.999828] Modules linked in: mpt3sas(+) bnxt_en(+) ahci(+) crct10dif_pclmul crct10dif_common nvme crc32c_intel libahci nvme_core libata raid_class scsi_transport_sas devlink drm_panel_orientation_quirks nfit libnvdimm dm_mirror dm_region_hash dm_log dm_mod
> [    9.999840] CPU: 26 PID: 749 Comm: systemd-udevd Not tainted 3.10.0-1077.el7_7.mpt3sas_test008.x86_64 #1
> [    9.999842] Hardware name: Inspur SA5112M5/SA5112M5, BIOS 4.1.12 02/24/2021
> [    9.999843] Call Trace:
> [    9.999851]  [<ffffffffa497c4e4>] dump_stack+0x19/0x1b
> [    9.999857]  [<ffffffffa429bc08>] __warn+0xd8/0x100
> [    9.999859]  [<ffffffffa429bc8f>] warn_slowpath_fmt+0x5f/0x80
> [    9.999861]  [<ffffffffa427b1f2>] reserve_memtype+0x262/0x450
> [    9.999867]  [<ffffffffa4276254>] __ioremap_caller+0xf4/0x330
> [    9.999872]  [<ffffffffc04620a1>] ? mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [    9.999875]  [<ffffffffa42764aa>] ioremap_nocache+0x1a/0x20
> [    9.999879]  [<ffffffffc04620a1>] mpt3sas_base_map_resources+0x151/0xa60 [mpt3sas]
> [    9.999884]  [<ffffffffa442656b>] ? __kmalloc+0x1eb/0x230
> [    9.999889]  [<ffffffffc0465555>] mpt3sas_base_attach+0xf5/0xa50 [mpt3sas]
> [    9.999894]  [<ffffffffc046af3c>] _scsih_probe+0x4ec/0xb00 [mpt3sas]
> [    9.999901]  [<ffffffffa45d297a>] local_pci_probe+0x4a/0xb0
> [    9.999903]  [<ffffffffa45d40c9>] pci_device_probe+0x109/0x160
> [    9.999909]  [<ffffffffa46b7225>] driver_probe_device+0xc5/0x3e0
> [    9.999910]  [<ffffffffa46b7623>] __driver_attach+0x93/0xa0
> [    9.999912]  [<ffffffffa46b7590>] ? __device_attach+0x50/0x50
> [    9.999914]  [<ffffffffa46b4dc5>] bus_for_each_dev+0x75/0xc0
> [    9.999916]  [<ffffffffa46b6b9e>] driver_attach+0x1e/0x20
> [    9.999918]  [<ffffffffa46b6640>] bus_add_driver+0x200/0x2d0
> [    9.999920]  [<ffffffffa46b7cb4>] driver_register+0x64/0xf0
> [    9.999922]  [<ffffffffa45d3905>] __pci_register_driver+0xa5/0xc0
> [    9.999924]  [<ffffffffc049b000>] ? 0xffffffffc049afff
> [    9.999928]  [<ffffffffc049b16e>] _mpt3sas_init+0x16e/0x1000 [mpt3sas]
> [    9.999933]  [<ffffffffa420210a>] do_one_initcall+0xba/0x240
> [    9.999940]  [<ffffffffa431e95a>] load_module+0x271a/0x2bb0
> [    9.999946]  [<ffffffffa45b0600>] ? ddebug_proc_write+0x100/0x100
> [    9.999948]  [<ffffffffa431eedf>] SyS_init_module+0xef/0x140
> [    9.999954]  [<ffffffffa498fed2>] system_call_fastpath+0x25/0x2a
> [    9.999955] ---[ end trace 6d6eea4438db89ef ]---
> [    9.999957] ioremap reserve_memtype failed -22
> [   10.000087] mpt3sas_cm0: unable to map adapter memory! or resource not found
> [   10.000334] mpt3sas_cm0: failure at drivers/scsi/mpt3sas/mpt3sas_scsih.c:10597/_scsih_probe()!
>
> (Note that this warning was from an older distribution kernel, so line
> numbers and file names may not line up with the current tree.)
>
> Fix this by passing the inclusive end address to sanitize_phys().
>
> Fixes: 510ee090abc3 ("x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses")
> Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
> Reviewed-by: David Hildenbrand <david@redhat.com>

Reviewed-by: Dan Williams <dan.j.williams@intel.com>
diff mbox series

Patch

diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
index 3112ca7786ed..4ba2a3ee4bce 100644
--- a/arch/x86/mm/pat/memtype.c
+++ b/arch/x86/mm/pat/memtype.c
@@ -583,7 +583,12 @@  int memtype_reserve(u64 start, u64 end, enum page_cache_mode req_type,
 	int err = 0;
 
 	start = sanitize_phys(start);
-	end = sanitize_phys(end);
+
+	/*
+	 * The end address passed into this function is exclusive, but
+	 * sanitize_phys() expects an inclusive address.
+	 */
+	end = sanitize_phys(end - 1) + 1;
 	if (start >= end) {
 		WARN(1, "%s failed: [mem %#010Lx-%#010Lx], req %s\n", __func__,
 				start, end - 1, cattr_name(req_type));