From patchwork Fri Jul 22 18:42:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 72638 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp1146125qga; Fri, 22 Jul 2016 11:44:19 -0700 (PDT) X-Received: by 10.98.49.198 with SMTP id x189mr8968441pfx.135.1469213059216; Fri, 22 Jul 2016 11:44:19 -0700 (PDT) Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id 19si17098552pft.165.2016.07.22.11.44.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Jul 2016 11:44:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) client-ip=2001:1868:205::9; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:1868:205::9 as permitted sender) smtp.mailfrom=linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1bQfPJ-0003oX-3j; Fri, 22 Jul 2016 18:42:45 +0000 Received: from mail-wm0-x234.google.com ([2a00:1450:400c:c09::234]) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1bQfPF-0003ma-6Y for linux-arm-kernel@lists.infradead.org; Fri, 22 Jul 2016 18:42:42 +0000 Received: by mail-wm0-x234.google.com with SMTP id i5so77863351wmg.0 for ; Fri, 22 Jul 2016 11:42:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=fu+NHlJCaRgiw03xkKrhQN3qGE1iP7srH3YNTeQsfb8=; b=X/3W6x5tsCMQLG0uBVH2CjBkTf6ZAaZZ848lCKk656j53YXXoy8RRzlCwtJP2WYLPL //LKeDAzRJiVzCY402ooPPzVqkagWEMovlelvEpT0RQN4hQ6UK4Z+V3bWBSd+1dQ6jo3 oEl2baqCY/tksirA/NhtSUNN4FA0/z4eHHihY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=fu+NHlJCaRgiw03xkKrhQN3qGE1iP7srH3YNTeQsfb8=; b=LH5RLXaZvHR0kGn1h9up1Xf9fJR/WBLxSp9n2R/c0qo++AnS1RPD3Tc43peoRuA//k eY9WHkaNhVwEUKtCH4I/OHPGaFy5MFnizo1tApvl52FyxVuGCLV8iRacrY+lbk/gEX/t /8EryghKkQFol7uBI98cThe8yuyqfczhiUaJy7rV7LCTE8COH+wJYHj6abwwT2qNNbEH JY7N1iIpGUwtXj27dBo/f/me73URXaictbTHxXQ+0IzqBE1c8Lz/C5v9B6TZsGV5wamr PIHv7+1kSjVcOq+WHCr9czzuwEkFmWoZrC6Pf45zlfGUdsT23EvQPIHztACiZ15+qQt6 X65g== X-Gm-Message-State: AEkoouvgkHbTlCEU5V00eHtq9ff0uxEoQeLad2yHk25UCwg0C1Vin4S8G7eI4WvEoaj/I9Jk X-Received: by 10.28.26.5 with SMTP id a5mr7063203wma.27.1469212938270; Fri, 22 Jul 2016 11:42:18 -0700 (PDT) Received: from localhost.localdomain (154.red-83-36-182.dynamicip.rima-tde.net. [83.36.182.154]) by smtp.gmail.com with ESMTPSA id d64sm13775783wmc.22.2016.07.22.11.42.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 22 Jul 2016 11:42:17 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux@armlinux.org.uk Subject: [PATCH] ARM: mm: use fully constructed struct pages for EFI pgd allocations Date: Fri, 22 Jul 2016 20:42:08 +0200 Message-Id: <1469212928-21517-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160722_114241_707946_E009D2FD X-CRM114-Status: GOOD ( 13.15 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:234 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, Ard Biesheuvel , leif.lindholm@linaro.org, sudeep.holla@arm.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org The late_alloc() PTE allocation function used by create_mapping_late() does not call pgtable_page_ctor() on PTE pages it allocates, leaving the per-page spinlock uninitialized. Since generic page table manipulation code may assume that translation table pages that are not owned by init_mm are covered by fully constructed struct pages, the following crash may occur with the new UEFI memory attributes table code. efi: memattr: Processing EFI Memory Attributes table: efi: memattr: 0x0000ffa16000-0x0000ffa82fff [Runtime Code |RUN| | |XP| | | | | | | | ] Unable to handle kernel NULL pointer dereference at virtual address 00000010 pgd = c0204000 [00000010] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc4-00063-g3882aa7b340b #361 Hardware name: Generic DT based system task: ed858000 ti: ed842000 task.ti: ed842000 PC is at __lock_acquire+0xa0/0x19a8 ... [] (__lock_acquire) from [] (lock_acquire+0x6c/0x88) [] (lock_acquire) from [] (_raw_spin_lock+0x2c/0x3c) [] (_raw_spin_lock) from [] (apply_to_page_range+0xe8/0x238) [] (apply_to_page_range) from [] (efi_set_mapping_permissions+0x54/0x5c) [] (efi_set_mapping_permissions) from [] (efi_memattr_apply_permissions+0x2b8/0x378) [] (efi_memattr_apply_permissions) from [] (arm_enable_runtime_services+0x1f0/0x22c) [] (arm_enable_runtime_services) from [] (do_one_initcall+0x44/0x174) [] (do_one_initcall) from [] (kernel_init_freeable+0x90/0x1e8) [] (kernel_init_freeable) from [] (kernel_init+0x8/0x114) [] (kernel_init) from [] (ret_from_fork+0x14/0x24) The crash is due to the fact that the UEFI page tables are not owned by init_mm, but are not covered by fully constructed struct pages. Given that the UEFI subsystem is currently the only user of create_mapping_late(), add an unconditional call to pgtable_page_ctor() to late_alloc(). Fixes: 9fc68b717c24 ("ARM/efi: Apply strict permissions for UEFI Runtime Services regions") Signed-off-by: Ard Biesheuvel --- The commit in question was introduced in v4.7, so ideally this should go in as a late fix. However, EFI on ARM is not widely used [yet], and the memory attributes table even less so, so I am perfectly happy for this to go in later. arch/arm/mm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c index 62f4d01941f7..d0ac45451805 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -728,7 +728,7 @@ static void *__init late_alloc(unsigned long sz) { void *ptr = (void *)__get_free_pages(PGALLOC_GFP, get_order(sz)); - BUG_ON(!ptr); + BUG_ON(!ptr || !pgtable_page_ctor(virt_to_page(ptr))); return ptr; }