| From b0a182f875689647b014bc01d36b340217792852 Mon Sep 17 00:00:00 2001 |
| From: Vlastimil Babka <vbabka@suse.cz> |
| Date: Thu, 23 Aug 2018 15:44:18 +0200 |
| Subject: x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM |
| |
| From: Vlastimil Babka <vbabka@suse.cz> |
| |
| commit b0a182f875689647b014bc01d36b340217792852 upstream. |
| |
| Two users have reported [1] that they have an "extremely unlikely" system |
| with more than MAX_PA/2 memory and L1TF mitigation is not effective. In |
| fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to |
| holes in the e820 map, the main region is almost 500MB over the 32GB limit: |
| |
| [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable |
| |
| Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the |
| 500MB revealed, that there's an off-by-one error in the check in |
| l1tf_select_mitigation(). |
| |
| l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range |
| check in the mitigation path does not take this into account. |
| |
| Instead of amending the range check, make l1tf_pfn_limit() return the first |
| PFN which is over the limit which is less error prone. Adjust the other |
| users accordingly. |
| |
| [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 |
| |
| Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") |
| Reported-by: George Anchev <studio@anchev.net> |
| Reported-by: Christopher Snowhill <kode54@gmail.com> |
| Signed-off-by: Vlastimil Babka <vbabka@suse.cz> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Cc: "H . Peter Anvin" <hpa@zytor.com> |
| Cc: Linus Torvalds <torvalds@linux-foundation.org> |
| Cc: Andi Kleen <ak@linux.intel.com> |
| Cc: Dave Hansen <dave.hansen@intel.com> |
| Cc: Michal Hocko <mhocko@kernel.org> |
| Cc: stable@vger.kernel.org |
| Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/include/asm/processor.h | 2 +- |
| arch/x86/mm/init.c | 2 +- |
| arch/x86/mm/mmap.c | 2 +- |
| 3 files changed, 3 insertions(+), 3 deletions(-) |
| |
| --- a/arch/x86/include/asm/processor.h |
| +++ b/arch/x86/include/asm/processor.h |
| @@ -182,7 +182,7 @@ extern void cpu_detect(struct cpuinfo_x8 |
| |
| static inline unsigned long long l1tf_pfn_limit(void) |
| { |
| - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; |
| + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); |
| } |
| |
| extern void early_cpu_init(void); |
| --- a/arch/x86/mm/init.c |
| +++ b/arch/x86/mm/init.c |
| @@ -892,7 +892,7 @@ unsigned long max_swapfile_size(void) |
| |
| if (boot_cpu_has_bug(X86_BUG_L1TF)) { |
| /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ |
| - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; |
| + unsigned long long l1tf_limit = l1tf_pfn_limit(); |
| /* |
| * We encode swap offsets also with 3 bits below those for pfn |
| * which makes the usable limit higher. |
| --- a/arch/x86/mm/mmap.c |
| +++ b/arch/x86/mm/mmap.c |
| @@ -191,7 +191,7 @@ bool pfn_modify_allowed(unsigned long pf |
| /* If it's real memory always allow */ |
| if (pfn_valid(pfn)) |
| return true; |
| - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) |
| + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) |
| return false; |
| return true; |
| } |