From patchwork Thu Mar 5 14:32:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qian Cai X-Patchwork-Id: 11421921 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB530138D for ; Thu, 5 Mar 2020 14:33:02 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9EE5920732 for ; Thu, 5 Mar 2020 14:33:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="D+OoHwLv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9EE5920732 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C33806B0003; Thu, 5 Mar 2020 09:33:01 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id BE4866B0005; Thu, 5 Mar 2020 09:33:01 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AD3956B0007; Thu, 5 Mar 2020 09:33:01 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0097.hostedemail.com [216.40.44.97]) by kanga.kvack.org (Postfix) with ESMTP id 963146B0003 for ; Thu, 5 Mar 2020 09:33:01 -0500 (EST) Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 7FC86824805A for ; Thu, 5 Mar 2020 14:33:01 +0000 (UTC) X-FDA: 76561550562.13.girls75_71a7b857e2906 X-Spam-Summary: 2,0,0,dd503883414db387,d41d8cd98f00b204,cai@lca.pw,,RULES_HIT:41:355:379:541:800:960:973:988:989:1260:1345:1437:1534:1542:1711:1730:1747:1777:1792:2393:2559:2562:2693:3138:3139:3140:3141:3142:3353:3866:3867:3868:3870:3871:3872:4250:4321:5007:6119:6261:6653:7903:8660:9036:10004:11026:11473:11657:11658:11914:12043:12297:12438:12517:12519:12555:12679:12895:12986:13148:13230:14018:14181:14394:14721:21080:21433:21444:21451:21627:21990:30003:30054:30056,0,RBL:209.85.222.194:@lca.pw:.lbl8.mailshell.net-62.14.0.100 66.201.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:74,LUA_SUMMARY:none X-HE-Tag: girls75_71a7b857e2906 X-Filterd-Recvd-Size: 4974 Received: from mail-qk1-f194.google.com (mail-qk1-f194.google.com [209.85.222.194]) by imf21.hostedemail.com (Postfix) with ESMTP for ; Thu, 5 Mar 2020 14:33:00 +0000 (UTC) Received: by mail-qk1-f194.google.com with SMTP id j7so5195449qkd.5 for ; Thu, 05 Mar 2020 06:33:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id; bh=t12PP+Y6fPg04CGydQKRRud0jZNc7mh3eq+JnGGoFlw=; b=D+OoHwLv5FkiKYYj+d73ffAMgsCKhAJcd1W6XTW4We88gcuddps6vzAiuWSwtm12ec WIMfjMcZXNx0qEy6cpVC4VH0l5cTK+qQOA88gcaoHbzKkXczF2NN1zj4AxY+HmoyCmPA VeftV9WHoPHEUW+/TmYdBS6Pp7Z2vew0495PtiJGCvliuiomniLTeO+BOu7ShXSgeH+a IyX7US3HmI7+fYcvYS+WtzU0a1Jjo2Uvpp+GmwW3+aZ3SQ6nmXxDOxYP2njvzY/AP4Lo 9wIb4YzvdMPQ6+MzBBpue2ktT7CHiXfN96vA1AlXiniIbePKT1hT0rCAJbe/hJQkYNfd imIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=t12PP+Y6fPg04CGydQKRRud0jZNc7mh3eq+JnGGoFlw=; b=CepMS7Dv4iULdHR52UW08iYt4+iod6vGTdMDVGQmxPY1x/nT2e1LULw+86hGEEX/yu EBbd7lzobUBdr6aQuZww7sHpgW6jMe9bcrm1yYd1It6PfBH9+xPFzxdOEbLgL0lY40pG YNIckpyilwWlQYc1KetAETDw5q48r//n0mqwoqWbfKaxK/xKQ5e7bXhbuSAODEv8sElH gXeLAGexana0oGGzjGw+4RblxFlshCIuLRSdsfENY0Nx3laM9kLJa2NfLRgLINPJ2nel AouqaQjsCt7/XAau4uCJgbHrYhlJ/pIGOxj0HXhvjjbgRra5b2drpK4LPKXxZLvFPh6D waxA== X-Gm-Message-State: ANhLgQ1U42Oe0kl+16M/djLtfbVruU3DGuq9VXB/bovglX955t3WtrxI Pp9W2CQioHf9EdM5z1nSxH2wlQ== X-Google-Smtp-Source: ADFU+vsE3hyiBkiu5Q9p6/HXzxk0WFlohUygbSOHcmSvau43NwWVfS2PwRAeTD8NEkmqJRJ6pC7zBg== X-Received: by 2002:a05:620a:2209:: with SMTP id m9mr4055395qkh.71.1583418779726; Thu, 05 Mar 2020 06:32:59 -0800 (PST) Received: from qcai.nay.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id f7sm16969486qtc.29.2020.03.05.06.32.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Mar 2020 06:32:59 -0800 (PST) From: Qian Cai To: mpe@ellerman.id.au, akpm@linux-foundation.org Cc: rashmicy@gmail.com, christophe.leroy@c-s.fr, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH -next v2] powerpc/64s/pgtable: fix an undefined behaviour Date: Thu, 5 Mar 2020 09:32:39 -0500 Message-Id: <1583418759-16105-1-git-send-email-cai@lca.pw> X-Mailer: git-send-email 1.8.3.1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Booting a power9 server with hash MMU could trigger an undefined behaviour because pud_offset(p4d, 0) will do, 0 >> (PAGE_SHIFT:16 + PTE_INDEX_SIZE:8 + H_PMD_INDEX_SIZE:10) Fix it by converting pud_offset() and friends to static inline functions. UBSAN: shift-out-of-bounds in arch/powerpc/mm/ptdump/ptdump.c:282:15 shift exponent 34 is too large for 32-bit type 'int' CPU: 6 PID: 1 Comm: swapper/0 Not tainted 5.6.0-rc4-next-20200303+ #13 Call Trace: dump_stack+0xf4/0x164 (unreliable) ubsan_epilogue+0x18/0x78 __ubsan_handle_shift_out_of_bounds+0x160/0x21c walk_pagetables+0x2cc/0x700 walk_pud at arch/powerpc/mm/ptdump/ptdump.c:282 (inlined by) walk_pagetables at arch/powerpc/mm/ptdump/ptdump.c:311 ptdump_check_wx+0x8c/0xf0 mark_rodata_ro+0x48/0x80 kernel_init+0x74/0x194 ret_from_kernel_thread+0x5c/0x74 Suggested-by: Christophe Leroy Signed-off-by: Qian Cai --- arch/powerpc/include/asm/book3s/64/pgtable.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h index fa60e8594b9f..4967bc9e25e2 100644 --- a/arch/powerpc/include/asm/book3s/64/pgtable.h +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h @@ -1016,12 +1016,20 @@ static inline bool p4d_access_permitted(p4d_t p4d, bool write) #define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address)) -#define pud_offset(p4dp, addr) \ - (((pud_t *) p4d_page_vaddr(*(p4dp))) + pud_index(addr)) -#define pmd_offset(pudp,addr) \ - (((pmd_t *) pud_page_vaddr(*(pudp))) + pmd_index(addr)) -#define pte_offset_kernel(dir,addr) \ - (((pte_t *) pmd_page_vaddr(*(dir))) + pte_index(addr)) +static inline pud_t *pud_offset(p4d_t *p4d, unsigned long address) +{ + return (pud_t *)p4d_page_vaddr(*p4d) + pud_index(address); +} + +static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) +{ + return (pmd_t *)pud_page_vaddr(*pud) + pmd_index(address); +} + +static inline pte_t *pte_offset_kernel(pmd_t *pmd, unsigned long address) +{ + return (pte_t *)pmd_page_vaddr(*pmd) + pte_index(address); +} #define pte_offset_map(dir,addr) pte_offset_kernel((dir), (addr))