releases/4.4.154/x86-speculation-l1tf-fix-off-by-one-error-when-warning-that-system-has-too-much-ram.patch

   1 From b0a182f875689647b014bc01d36b340217792852 Mon Sep 17 00:00:00 2001
   2 From: Vlastimil Babka <vbabka@suse.cz>
   3 Date: Thu, 23 Aug 2018 15:44:18 +0200
   4 Subject: x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
   5
   6 From: Vlastimil Babka <vbabka@suse.cz>
   7
   8 commit b0a182f875689647b014bc01d36b340217792852 upstream.
   9
  10 Two users have reported [1] that they have an "extremely unlikely" system
  11 with more than MAX_PA/2 memory and L1TF mitigation is not effective. In
  12 fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to
  13 holes in the e820 map, the main region is almost 500MB over the 32GB limit:
  14
  15 [    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable
  16
  17 Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the
  18 500MB revealed, that there's an off-by-one error in the check in
  19 l1tf_select_mitigation().
  20
  21 l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range
  22 check in the mitigation path does not take this into account.
  23
  24 Instead of amending the range check, make l1tf_pfn_limit() return the first
  25 PFN which is over the limit which is less error prone. Adjust the other
  26 users accordingly.
  27
  28 [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536
  29
  30 Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
  31 Reported-by: George Anchev <studio@anchev.net>
  32 Reported-by: Christopher Snowhill <kode54@gmail.com>
  33 Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
  34 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  35 Cc: "H . Peter Anvin" <hpa@zytor.com>
  36 Cc: Linus Torvalds <torvalds@linux-foundation.org>
  37 Cc: Andi Kleen <ak@linux.intel.com>
  38 Cc: Dave Hansen <dave.hansen@intel.com>
  39 Cc: Michal Hocko <mhocko@kernel.org>
  40 Cc: stable@vger.kernel.org
  41 Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz
  42 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  43
  44 ---
  45  arch/x86/include/asm/processor.h |    2 +-
  46  arch/x86/mm/init.c               |    2 +-
  47  arch/x86/mm/mmap.c               |    2 +-
  48  3 files changed, 3 insertions(+), 3 deletions(-)
  49
  50 --- a/arch/x86/include/asm/processor.h
  51 +++ b/arch/x86/include/asm/processor.h
  52 @@ -174,7 +174,7 @@ extern void cpu_detect(struct cpuinfo_x8
  53
  54  static inline unsigned long long l1tf_pfn_limit(void)
  55  {
  56 -       return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
  57 +       return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT);
  58  }
  59
  60  extern void early_cpu_init(void);
  61 --- a/arch/x86/mm/init.c
  62 +++ b/arch/x86/mm/init.c
  63 @@ -779,7 +779,7 @@ unsigned long max_swapfile_size(void)
  64
  65         if (boot_cpu_has_bug(X86_BUG_L1TF)) {
  66                 /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
  67 -               unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
  68 +               unsigned long long l1tf_limit = l1tf_pfn_limit();
  69                 /*
  70                  * We encode swap offsets also with 3 bits below those for pfn
  71                  * which makes the usable limit higher.
  72 --- a/arch/x86/mm/mmap.c
  73 +++ b/arch/x86/mm/mmap.c
  74 @@ -138,7 +138,7 @@ bool pfn_modify_allowed(unsigned long pf
  75         /* If it's real memory always allow */
  76         if (pfn_valid(pfn))
  77                 return true;
  78 -       if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
  79 +       if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
  80                 return false;
  81         return true;
  82  }