Re: [PATCH 1/2] x86/mm: Fix guard hole handling
From: Juergen Gross
Date: Fri Nov 30 2018 - 07:19:47 EST
On 30/11/2018 13:11, Kirill A. Shutemov wrote:
> On Fri, Nov 30, 2018 at 12:03:33PM +0000, Juergen Gross wrote:
>> On 30/11/2018 12:57, Kirill A. Shutemov wrote:
>>> There is a guard hole at the beginning of kernel address space, also
>>> used by hypervisors. It occupies 16 PGD entries.
>>>
>>> We do not state the reserved range directly, but calculate it relative
>>> to other entities: direct mapping and user space ranges.
>>>
>>> The calculation got broken by recent change in kernel memory layout: LDT
>>> remap range is now mapped before direct mapping and makes the calculation
>>> invalid.
>>>
>>> The breakage leads to crash on Xen dom0 boot[1].
>>>
>>> State the reserved range directly. It's part of kernel ABI (hypervisors
>>> expect it to be stable) and must not depend on changes in the rest of
>>> kernel memory layout.
>>>
>>> [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html
>>>
>>> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
>>> Reported-by: Hans van Kranenburg <Hans.van.Kranenburg@xxxxxxxxxx>
>>> Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging")
>>> ---
>>> arch/x86/include/asm/pgtable_64_types.h | 5 +++++
>>> arch/x86/mm/dump_pagetables.c | 8 ++++----
>>> arch/x86/xen/mmu_pv.c | 11 ++++++-----
>>> 3 files changed, 15 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
>>> index 84bd9bdc1987..13aef22cee18 100644
>>> --- a/arch/x86/include/asm/pgtable_64_types.h
>>> +++ b/arch/x86/include/asm/pgtable_64_types.h
>>> @@ -111,6 +111,11 @@ extern unsigned int ptrs_per_p4d;
>>> */
>>> #define MAXMEM (1UL << MAX_PHYSMEM_BITS)
>>>
>>> +#define GUARD_HOLE_PGD_ENTRY -256UL
>>> +#define GUARD_HOLE_SIZE (16UL << PGDIR_SHIFT)
>>> +#define GUARD_HOLE_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT)
>>
>> s/LDT_PGD_ENTRY/GUARD_HOLE_PGD_ENTRY/
>
> Ughh..
>
>>From 4308d560cc2874a9f596512bcb4c601b2450653d Mon Sep 17 00:00:00 2001
> From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
> Date: Fri, 30 Nov 2018 14:29:42 +0300
> Subject: [PATCH 1/2] x86/mm: Fix guard hole handling
>
> There is a guard hole at the beginning of kernel address space, also
> used by hypervisors. It occupies 16 PGD entries.
>
> We do not state the reserved range directly, but calculate it relative
> to other entities: direct mapping and user space ranges.
>
> The calculation got broken by recent change in kernel memory layout: LDT
> remap range is now mapped before direct mapping and makes the calculation
> invalid.
>
> The breakage leads to crash on Xen dom0 boot[1].
>
> State the reserved range directly. It's part of kernel ABI (hypervisors
> expect it to be stable) and must not depend on changes in the rest of
> kernel memory layout.
>
> [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Reported-by: Hans van Kranenburg <Hans.van.Kranenburg@xxxxxxxxxx>
> Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging")
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
Juergen