diff mbox

arm64/mm: fix virtual address boundary check

Message ID 1456329708-2042-1-git-send-email-miles.chen@mediatek.com (mailing list archive)
State New, archived
Headers show

Commit Message

Miles Chen Feb. 24, 2016, 4:01 p.m. UTC
From: Miles Chen <miles.chen@mediatek.com>

The MODULES_VADDR is not the lowest possible
kernel virtual address. TASK_SIZE_64 may be larger than
MODULES_VADDR, FIXADDR_TOP, and PCI_IO_START.

Fix this by comparing TASK_SIZE_64 (highest user virtual address)
with VA_START (lowest kernel virtual address).

 #define VA_BITS		(CONFIG_ARM64_VA_BITS)
 #define VA_START		(UL(0xffffffffffffffff) << VA_BITS)
 #define PAGE_OFFSET		(UL(0xffffffffffffffff) << (VA_BITS - 1))
 #define MODULES_END		(PAGE_OFFSET)
 #define MODULES_VADDR		(MODULES_END - SZ_64M)
 #define PCI_IO_END		(MODULES_VADDR - SZ_2M)
 #define PCI_IO_START		(PCI_IO_END - PCI_IO_SIZE)
 #define FIXADDR_TOP		(PCI_IO_START - SZ_2M)
 #define TASK_SIZE_64		(UL(1) << VA_BITS)

Signed-off-by: Miles Chen <miles.chen@mediatek.com>
---
 arch/arm64/mm/init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Catalin Marinas Feb. 24, 2016, 4:19 p.m. UTC | #1
On Thu, Feb 25, 2016 at 12:01:48AM +0800, miles.chen@mediatek.com wrote:
> From: Miles Chen <miles.chen@mediatek.com>
> 
> The MODULES_VADDR is not the lowest possible
> kernel virtual address. TASK_SIZE_64 may be larger than
> MODULES_VADDR, FIXADDR_TOP, and PCI_IO_START.
> 
> Fix this by comparing TASK_SIZE_64 (highest user virtual address)
> with VA_START (lowest kernel virtual address).
> 
>  #define VA_BITS		(CONFIG_ARM64_VA_BITS)
>  #define VA_START		(UL(0xffffffffffffffff) << VA_BITS)
>  #define PAGE_OFFSET		(UL(0xffffffffffffffff) << (VA_BITS - 1))
>  #define MODULES_END		(PAGE_OFFSET)
>  #define MODULES_VADDR		(MODULES_END - SZ_64M)
>  #define PCI_IO_END		(MODULES_VADDR - SZ_2M)
>  #define PCI_IO_START		(PCI_IO_END - PCI_IO_SIZE)
>  #define FIXADDR_TOP		(PCI_IO_START - SZ_2M)
>  #define TASK_SIZE_64		(UL(1) << VA_BITS)

We should remove these checks altogether. There is a huge gap between
the user and kernel addresses that they would never overlap (we don't
have enough levels of page tables to cover 64-bit VA space).
Miles Chen Feb. 25, 2016, 1:34 a.m. UTC | #2
On Wed, 2016-02-24 at 16:19 +0000, Catalin Marinas wrote:
> On Thu, Feb 25, 2016 at 12:01:48AM +0800, miles.chen@mediatek.com wrote:
> > From: Miles Chen <miles.chen@mediatek.com>
> > 
> > The MODULES_VADDR is not the lowest possible
> > kernel virtual address. TASK_SIZE_64 may be larger than
> > MODULES_VADDR, FIXADDR_TOP, and PCI_IO_START.
> > 
> > Fix this by comparing TASK_SIZE_64 (highest user virtual address)
> > with VA_START (lowest kernel virtual address).
> > 
> >  #define VA_BITS		(CONFIG_ARM64_VA_BITS)
> >  #define VA_START		(UL(0xffffffffffffffff) << VA_BITS)
> >  #define PAGE_OFFSET		(UL(0xffffffffffffffff) << (VA_BITS - 1))
> >  #define MODULES_END		(PAGE_OFFSET)
> >  #define MODULES_VADDR		(MODULES_END - SZ_64M)
> >  #define PCI_IO_END		(MODULES_VADDR - SZ_2M)
> >  #define PCI_IO_START		(PCI_IO_END - PCI_IO_SIZE)
> >  #define FIXADDR_TOP		(PCI_IO_START - SZ_2M)
> >  #define TASK_SIZE_64		(UL(1) << VA_BITS)
> 
> We should remove these checks altogether. There is a huge gap between
> the user and kernel addresses that they would never overlap (we don't
> have enough levels of page tables to cover 64-bit VA space).
> 
Thanks for your reply. I confirmed that in the ARMv8 documentation. 
I'll send another patch to remove these checks.


Cheers,
Miles
diff mbox

Patch

diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index f3b061e..7d75697 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -343,8 +343,8 @@  void __init mem_init(void)
 #ifdef CONFIG_COMPAT
 	BUILD_BUG_ON(TASK_SIZE_32			> TASK_SIZE_64);
 #endif
-	BUILD_BUG_ON(TASK_SIZE_64			> MODULES_VADDR);
-	BUG_ON(TASK_SIZE_64				> MODULES_VADDR);
+	BUILD_BUG_ON(TASK_SIZE_64			> VA_START);
+	BUG_ON(TASK_SIZE_64				> VA_START);
 
 	if (PAGE_SIZE >= 16384 && get_num_physpages() <= 128) {
 		extern int sysctl_overcommit_memory;