{"id":281,"url":"http://patchwork.ozlabs.org/api/1.0/patches/281/?format=json","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/1.0/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/"},"msgid":"","date":"2008-09-15T20:43:35","name":"powerpc: Avoid integer overflow in page_is_ram()","commit_ref":"a880e7623397bcb44877b012cd65baa11ad1bbf8","pull_url":null,"state":"accepted","archived":true,"hash":"0e5cb05026d3047aaab2423611195e547cb89e3d","submitter":{"id":64,"url":"http://patchwork.ozlabs.org/api/1.0/people/64/?format=json","name":"Roland Dreier","email":"rdreier@cisco.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/adak5ddf8co.fsf@cisco.com/mbox/","series":[],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/281/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":["patchwork@ozlabs.org","linuxppc-dev@ozlabs.org"],"Delivered-To":["patchwork@ozlabs.org","linuxppc-dev@ozlabs.org"],"Received":["from ozlabs.org (localhost [127.0.0.1])\n\tby ozlabs.org (Postfix) with ESMTP id EA06CDE66A\n\tfor ; Tue, 16 Sep 2008 06:43:58 +1000 (EST)","from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72])\n\t(using TLSv1 with cipher RC4-SHA (128/128 bits))\n\t(Client CN \"sj-iport-3.cisco.com\", Issuer \"Cisco SSCA\" (not verified))\n\tby ozlabs.org (Postfix) with ESMTPS id 00CD3DE304\n\tfor ; Tue, 16 Sep 2008 06:43:39 +1000 (EST)","from sj-dkim-2.cisco.com ([171.71.179.186])\n\tby sj-iport-3.cisco.com with ESMTP; 15 Sep 2008 20:43:36 +0000","from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238])\n\tby sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m8FKhaaw020983;\n\tMon, 15 Sep 2008 13:43:36 -0700","from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com\n\t[171.70.151.144])\n\tby sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m8FKha5F026997; \n\tMon, 15 Sep 2008 20:43:36 GMT","from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by\n\txbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); \n\tMon, 15 Sep 2008 13:43:36 -0700","from roland-conroe ([10.33.42.9]) by xfe-sjc-212.amer.cisco.com\n\twith\n\tMicrosoft SMTPSVC(6.0.3790.1830); Mon, 15 Sep 2008 13:43:35 -0700","by roland-conroe (Postfix, from userid 33217)\n\tid BAB061B64DA; Mon, 15 Sep 2008 13:43:35 -0700 (PDT)"],"From":"Roland Dreier ","To":"Paul Mackerras ","Subject":"[PATCH] powerpc: Avoid integer overflow in page_is_ram()","References":"<18638.50702.962371.862911@cargo.ozlabs.ibm.com>","X-Message-Flag":"Warning: May contain useful information","Date":"Mon, 15 Sep 2008 13:43:35 -0700","In-Reply-To":"<18638.50702.962371.862911@cargo.ozlabs.ibm.com> (Paul\n\tMackerras's message of \"Mon, 15 Sep 2008 13:31:10 -0700\")","Message-ID":"","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux)","MIME-Version":"1.0","X-OriginalArrivalTime":"15 Sep 2008 20:43:35.0889 (UTC)\n\tFILETIME=[B9935C10:01C91773]","DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; l=1823; t=1221511416;\n\tx=1222375416; c=relaxed/simple; s=sjdkim2002;\n\th=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;\n\td=cisco.com; i=rdreier@cisco.com;\n\tz=From:=20Roland=20Dreier=20\n\t|Subject:=20[PATCH]=20powerpc=3A=20Avoid=20integer=20overfl\n\tow=20in=20page_is_ram() |Sender:=20;\n\tbh=bq+G/nGjSqguYyakt09h2WWTWQoj3E0vVA5XsqOwo6k=;\n\tb=08YsSIzL3MRqv9DOV5Gp1EUucW15FjdGBSyuqiyz7qxm6W081+YRP947DC\n\tSjDs5b1ZEiqCy1ul0ZCNeffWL3ZgQdPP57o3ggMLqTtMJwZhsratTXa3+AEk\n\t8BiEmtDzai;","Authentication-Results":"sj-dkim-2; header.From=rdreier@cisco.com; dkim=pass (\n\tsig from cisco.com/sjdkim2002 verified; ); ","Cc":"linuxppc-dev@ozlabs.org","X-BeenThere":"linuxppc-dev@ozlabs.org","X-Mailman-Version":"2.1.11","Precedence":"list","List-Id":"Linux on PowerPC Developers Mail List ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"linuxppc-dev-bounces+patchwork=ozlabs.org@ozlabs.org","Errors-To":"linuxppc-dev-bounces+patchwork=ozlabs.org@ozlabs.org"},"content":"Commit 8b150478 (\"ppc: make phys_mem_access_prot() work with pfns\ninstead of addresses\") fixed page_is_ram() in arch/ppc to avoid overflow\nfor addresses above 4G on 32-bit kernels. However arch/powerpc's\npage_is_ram() is missing the same fix -- it computes a physical address\nby doing pfn << PAGE_SHIFT, which overflows if pfn corresponds to a page\nabove 4G.\n\nIn particular this causes pages above 4G to be mapped with the wrong\ncaching attribute; for example many ppc440-based SoCs have PCI space\nabove 4G, and mmap()ing MMIO space may end up with a mapping that has\ncaching enabled.\n\nFix this by working with the pfn and avoiding the conversion to\nphysical address that causes the overflow. This patch compares the\npfn to max_pfn, which is a semantic change from the old code -- that\ncode compared the physical address to high_memory, which corresponds\nto max_low_pfn. However, I think that was is another bug, since\nhighmem pages are still RAM.\n\nReported-by: vb \nSigned-off-by: Roland Dreier \nAcked-by: Benjamin Herrenschmidt ","diff":"diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c\nindex 1c93c25..98d7bf9 100644\n--- a/arch/powerpc/mm/mem.c\n+++ b/arch/powerpc/mm/mem.c\n@@ -75,11 +75,10 @@ static inline pte_t *virt_to_kpte(unsigned long vaddr)\n \n int page_is_ram(unsigned long pfn)\n {\n-\tunsigned long paddr = (pfn << PAGE_SHIFT);\n-\n #ifndef CONFIG_PPC64\t/* XXX for now */\n-\treturn paddr < __pa(high_memory);\n+\treturn pfn < max_pfn;\n #else\n+\tunsigned long paddr = (pfn << PAGE_SHIFT);\n \tint i;\n \tfor (i=0; i < lmb.memory.cnt; i++) {\n \t\tunsigned long base;\n","prefixes":[]}