From patchwork Tue Nov 29 14:30:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuriy Kolerov X-Patchwork-Id: 700547 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tSmDm32H4z9t1P for ; Wed, 30 Nov 2016 01:30:48 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux)) id 1cBjQk-0000I1-Q3; Tue, 29 Nov 2016 14:30:46 +0000 Received: from us01smtprelay-2.synopsys.com ([198.182.60.111] helo=smtprelay.synopsys.com) by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux)) id 1cBjQi-0008BL-QX for linux-snps-arc@lists.infradead.org; Tue, 29 Nov 2016 14:30:45 +0000 Received: from mailhost.synopsys.com (mailhost1.synopsys.com [10.12.238.239]) by smtprelay.synopsys.com (Postfix) with ESMTP id 2DDFB10C0E22; Tue, 29 Nov 2016 06:30:22 -0800 (PST) Received: from mailhost.synopsys.com (localhost [127.0.0.1]) by mailhost.synopsys.com (Postfix) with ESMTP id C40FAC64; Tue, 29 Nov 2016 06:30:22 -0800 (PST) Received: from ykolerov-vm.internal.synopsys.com (ykolerov-840g3.internal.synopsys.com [10.121.3.40]) by mailhost.synopsys.com (Postfix) with ESMTP id 6DE5FC5E; Tue, 29 Nov 2016 06:30:21 -0800 (PST) From: Yuriy Kolerov To: linux-snps-arc@lists.infradead.org Subject: [PATCH v2] ARC: mm: Fix invalid page mapping in kernel with PAE40 Date: Tue, 29 Nov 2016 17:30:17 +0300 Message-Id: <1480429817-16163-1-git-send-email-yuriy.kolerov@synopsys.com> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20161129_063044_931416_39428B22 X-CRM114-Status: UNSURE ( 8.40 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -3.3 (---) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-3.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [198.182.60.111 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [198.182.60.111 listed in wl.mailspike.net] -1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: linux-snps-arc@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Linux on Synopsys ARC Processors List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Vineet.Gupta1@synopsys.com, Alexey.Brodkin@synopsys.com, linux-kernel@vger.kernel.org, Yuriy Kolerov MIME-Version: 1.0 Sender: "linux-snps-arc" Errors-To: linux-snps-arc-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Originally pfn_pte(pfn, prot) macro is implemented incorrectly and truncates the most significant byte in the value of PTE (Page Table Entry). It leads to the creation of invalid page mapping in the kernel with PAE40 if the physical page frame resides in the memory above of 4GB boundary. The behaviour of the system with such corrupted mappings is undefined. The kernel can crash when such pages are unmapped because the kernel can try to get access to bad address. For example if the kernel with 8KB pages will try to create a mapping of the virtual page to the physical frame (pfn) at 0x110000 then the value of pte will be truncated (0x10000000) and the invalid mapping will be created. Signed-off-by: Yuriy Kolerov --- arch/arc/include/asm/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h index 89eeb37..e94ca72 100644 --- a/arch/arc/include/asm/pgtable.h +++ b/arch/arc/include/asm/pgtable.h @@ -280,7 +280,7 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep) #define pte_page(pte) pfn_to_page(pte_pfn(pte)) #define mk_pte(page, prot) pfn_pte(page_to_pfn(page), prot) -#define pfn_pte(pfn, prot) __pte(((pfn) << PAGE_SHIFT) | pgprot_val(prot)) +#define pfn_pte(pfn, prot) __pte(__pfn_to_phys(pfn) | pgprot_val(prot)) /* Don't use virt_to_pfn for macros below: could cause truncations for PAE40*/ #define pte_pfn(pte) (pte_val(pte) >> PAGE_SHIFT)