From patchwork Mon Dec 18 10:00:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 10118685 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9D0106019C for ; Mon, 18 Dec 2017 10:02:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AF2128DB1 for ; Mon, 18 Dec 2017 10:02:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7FE1528E35; Mon, 18 Dec 2017 10:02:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EDDDE28DB1 for ; Mon, 18 Dec 2017 10:02:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=todaIRpGAnBhzxdlKMuQPu+RuOYOVuJ+JhGq9MO+Eos=; b=Dm/zz+p+VYIbLEIsRMGVoNPZcM RFRdcadDO/ibjOc3qip+FYPJwaUqSb62tb2fWxgiqJXQ/S5Mrp/Atj1/nDlOWVuOuVL8MRtXMdWUJ ydt+x9H3XQRQw6FcSQhrLnsfiTdwlOFIRWxP+5X2dLmPW0zM09ytjNohP0s97LfoCKNnx3ekIGGPi FXgNttdhF2H63t3Nn+jDUaE1J9bynMO15FRd7WNfO2SY7tgDqD8TFNKjCjG+ISzkebdQvkjAtcwl2 gzoBOs1OHtaNEWlPUn5v4qXM2zNKtyUNqwR+/xdSjo0JiAIu4fzEg/QdbE1URKOt8aAzIgeERCxSO vIWQXC6g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eQsFH-0007Pj-Kn; Mon, 18 Dec 2017 10:02:03 +0000 Received: from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1eQsEu-0006rc-Ev for linux-arm-kernel@lists.infradead.org; Mon, 18 Dec 2017 10:01:44 +0000 Received: by mail-wm0-x241.google.com with SMTP id n138so27965564wmg.2 for ; Mon, 18 Dec 2017 02:01:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cJ7O2YDOAngf5T+WiKm6bbOBGLcGUbWRpHo6dhz4Ckg=; b=ZClxsCZHs2lr9Mgw0CX+KCPRYa8Y653f5I5R4Nu7M6s9yNTLh1Uyfc5URM6kX2zekj 7KAqdvsbZ3vwdzRYUXAC/2UCv8yTuV88jgeL82Bg0e/MbiPpM/ilVIY1eoq2T+PjI668 P7711x9HBYExAC3VFS4xzVmuYfSbDIHdiz8o8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cJ7O2YDOAngf5T+WiKm6bbOBGLcGUbWRpHo6dhz4Ckg=; b=bGAGA95HwF0LP+/SBQ+LaPt3AqhvfcML3Lpv564IOIVIUxD/SKzPazAkePyraGMmu4 rZLofeyBrRxQFT/f8qWyc+zurEII30TQf3B8+XChzK0eh7s8/A4owWD9+JX2fJKFiCys wfhvEWgOpfg8G7W2NjKxh8tRQlpIOEOkv6zvRgyqVoUo+OqEfW9Uy5KIcDA08OwzHAA1 p6x63cy7CQcOBgl2AgZwuXuMkRkVidwbCRvD0y1rSea4XUN5PlDqdxCSQvLOaJxNwnqh m0+M56NihuCU/wwxU0FOFgis1nJBoCk7Y4Rb02gq/6GzRKNNl0v52Bdj4C8EzMmaoCM8 FDLQ== X-Gm-Message-State: AKGB3mJV+iEMIK6XkkwsLLVay5pJvOptsNvmMegRC/rmmlmUGR9cvoQe G9AyGsjOFo9g4HRIxhGY/ewuFhQW8Kg= X-Google-Smtp-Source: ACJfBovO2WGgDSNQ+UM+d1RVdxXnBepGR1qn7ZU0pw4qM6ftnZySwLh1y63PysclTLwe3RdJJniDvg== X-Received: by 10.80.226.198 with SMTP id q6mr28948338edl.290.1513591278786; Mon, 18 Dec 2017 02:01:18 -0800 (PST) Received: from localhost.localdomain (x50d2404e.cust.hiper.dk. [80.210.64.78]) by smtp.gmail.com with ESMTPSA id h16sm10403130edj.34.2017.12.18.02.01.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 18 Dec 2017 02:01:17 -0800 (PST) From: Christoffer Dall To: Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Subject: [PULL 2/5] KVM: arm/arm64: Fix HYP unmapping going off limits Date: Mon, 18 Dec 2017 11:00:54 +0100 Message-Id: <20171218100057.7839-3-christoffer.dall@linaro.org> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171218100057.7839-1-christoffer.dall@linaro.org> References: <20171218100057.7839-1-christoffer.dall@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171218_020140_659196_3FADCC31 X-CRM114-Status: GOOD ( 11.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kvm@vger.kernel.org, Marc Zyngier , stable@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, Christoffer Dall MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Marc Zyngier When we unmap the HYP memory, we try to be clever and unmap one PGD at a time. If we start with a non-PGD aligned address and try to unmap a whole PGD, things go horribly wrong in unmap_hyp_range (addr and end can never match, and it all goes really badly as we keep incrementing pgd and parse random memory as page tables...). The obvious fix is to let unmap_hyp_range do what it does best, which is to iterate over a range. The size of the linear mapping, which begins at PAGE_OFFSET, can be easily calculated by subtracting PAGE_OFFSET form high_memory, because high_memory is defined as the linear map address of the last byte of DRAM, plus one. The size of the vmalloc region is given trivially by VMALLOC_END - VMALLOC_START. Cc: stable@vger.kernel.org Reported-by: Andre Przywara Tested-by: Andre Przywara Reviewed-by: Christoffer Dall Signed-off-by: Marc Zyngier Signed-off-by: Christoffer Dall --- virt/kvm/arm/mmu.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index b36945d49986..b4b69c2d1012 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -509,8 +509,6 @@ static void unmap_hyp_range(pgd_t *pgdp, phys_addr_t start, u64 size) */ void free_hyp_pgds(void) { - unsigned long addr; - mutex_lock(&kvm_hyp_pgd_mutex); if (boot_hyp_pgd) { @@ -521,10 +519,10 @@ void free_hyp_pgds(void) if (hyp_pgd) { unmap_hyp_range(hyp_pgd, hyp_idmap_start, PAGE_SIZE); - for (addr = PAGE_OFFSET; virt_addr_valid(addr); addr += PGDIR_SIZE) - unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); - for (addr = VMALLOC_START; is_vmalloc_addr((void*)addr); addr += PGDIR_SIZE) - unmap_hyp_range(hyp_pgd, kern_hyp_va(addr), PGDIR_SIZE); + unmap_hyp_range(hyp_pgd, kern_hyp_va(PAGE_OFFSET), + (uintptr_t)high_memory - PAGE_OFFSET); + unmap_hyp_range(hyp_pgd, kern_hyp_va(VMALLOC_START), + VMALLOC_END - VMALLOC_START); free_pages((unsigned long)hyp_pgd, hyp_pgd_order); hyp_pgd = NULL;