1 From b0a182f875689647b014bc01d36b340217792852 Mon Sep 17 00:00:00 2001
2 From: Vlastimil Babka <vbabka@suse.cz>
3 Date: Thu, 23 Aug 2018 15:44:18 +0200
4 Subject: x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
6 From: Vlastimil Babka <vbabka@suse.cz>
8 commit b0a182f875689647b014bc01d36b340217792852 upstream.
10 Two users have reported [1] that they have an "extremely unlikely" system
11 with more than MAX_PA/2 memory and L1TF mitigation is not effective. In
12 fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to
13 holes in the e820 map, the main region is almost 500MB over the 32GB limit:
15 [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable
17 Suggestions to use 'mem=32G' to enable the L1TF mitigation while losing the
18 500MB revealed, that there's an off-by-one error in the check in
19 l1tf_select_mitigation().
21 l1tf_pfn_limit() returns the last usable pfn (inclusive) and the range
22 check in the mitigation path does not take this into account.
24 Instead of amending the range check, make l1tf_pfn_limit() return the first
25 PFN which is over the limit which is less error prone. Adjust the other
28 [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536
30 Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf")
31 Reported-by: George Anchev <studio@anchev.net>
32 Reported-by: Christopher Snowhill <kode54@gmail.com>
33 Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
34 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
35 Cc: "H . Peter Anvin" <hpa@zytor.com>
36 Cc: Linus Torvalds <torvalds@linux-foundation.org>
37 Cc: Andi Kleen <ak@linux.intel.com>
38 Cc: Dave Hansen <dave.hansen@intel.com>
39 Cc: Michal Hocko <mhocko@kernel.org>
40 Cc: stable@vger.kernel.org
41 Link: https://lkml.kernel.org/r/20180823134418.17008-1-vbabka@suse.cz
42 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
45 arch/x86/include/asm/processor.h | 2 +-
46 arch/x86/mm/init.c | 2 +-
47 arch/x86/mm/mmap.c | 2 +-
48 3 files changed, 3 insertions(+), 3 deletions(-)
50 --- a/arch/x86/include/asm/processor.h
51 +++ b/arch/x86/include/asm/processor.h
52 @@ -174,7 +174,7 @@ extern void cpu_detect(struct cpuinfo_x8
54 static inline unsigned long long l1tf_pfn_limit(void)
56 - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1;
57 + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT);
60 extern void early_cpu_init(void);
61 --- a/arch/x86/mm/init.c
62 +++ b/arch/x86/mm/init.c
63 @@ -779,7 +779,7 @@ unsigned long max_swapfile_size(void)
65 if (boot_cpu_has_bug(X86_BUG_L1TF)) {
66 /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
67 - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1;
68 + unsigned long long l1tf_limit = l1tf_pfn_limit();
70 * We encode swap offsets also with 3 bits below those for pfn
71 * which makes the usable limit higher.
72 --- a/arch/x86/mm/mmap.c
73 +++ b/arch/x86/mm/mmap.c
74 @@ -138,7 +138,7 @@ bool pfn_modify_allowed(unsigned long pf
75 /* If it's real memory always allow */
78 - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))
79 + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN))