From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CCFEC3DA7F for ; Thu, 15 Aug 2024 04:29:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 94B806B007B; Thu, 15 Aug 2024 00:29:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8FB786B0082; Thu, 15 Aug 2024 00:29:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C3AB6B0083; Thu, 15 Aug 2024 00:29:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 5DEEE6B007B for ; Thu, 15 Aug 2024 00:29:06 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D667F1612E9 for ; Thu, 15 Aug 2024 04:29:05 +0000 (UTC) X-FDA: 82453199850.25.89A0C07 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by imf12.hostedemail.com (Postfix) with ESMTP id F01E040008 for ; Thu, 15 Aug 2024 04:29:03 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Q6mnrFrA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf12.hostedemail.com: domain of shankerwangmiao@gmail.com designates 209.85.216.48 as permitted sender) smtp.mailfrom=shankerwangmiao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723696085; a=rsa-sha256; cv=none; b=LqOyhmsdDCBDilkt7+3JIGKcGynkbWpoGFUjAcnnkG+sxJiAsoA4vq6hM3h4j9yUZFccwT plfwHCWTFarNMyHMZr230KDaZqCvZIz7LR6gx7pnxDzAzaiS2UAE3f5hy9NByGi4CfbCYz l40SzHkUrqEZg/8oLYouSJXvM/4wPOg= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Q6mnrFrA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf12.hostedemail.com: domain of shankerwangmiao@gmail.com designates 209.85.216.48 as permitted sender) smtp.mailfrom=shankerwangmiao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723696085; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VFLslw7cUuZWfGL4McVvZQx5aa0QedRZOUE2A7L2GMU=; b=1mE5lYUM6Olk+3aFPKqGsHou7hZgjUIR9blWna4FAWo8l9c/kNGKqNI0kOKEhD0m7NuR/G L4GapOIVRkttsYILzHzEyEpb5zhzPHle2KaUX2xY/DpJjsoWjLi0+Urs4Aw74fo5xga6GH 7JsXxV1QL2iP4EJgeGi00yceihWSSA8= Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-2d3bdab22b1so386201a91.0 for ; Wed, 14 Aug 2024 21:29:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723696142; x=1724300942; darn=kvack.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VFLslw7cUuZWfGL4McVvZQx5aa0QedRZOUE2A7L2GMU=; b=Q6mnrFrASdI9gJ4cFf0C6FtAuARtkgJk2kxkXIfOeRazwXuB73xhjdnHH9PsgEAHgQ dRWBvM2rziJvs3+GKUhM0sFLbe6mDBey+3mV5jpDZJwjruYt7Hl5RLcBgmQV22iQv3Nk OkokbaQAU2oLSGLf/68ppNo0bI++EUoW1IJu1g9C5zrE4kG2ilLKwQqe0OdrOkv838YK A3kXzTxyLF6XZ/040UASYAisJiHWfZTKXw+KVZ+v4e9oXgiK0jrkjnxUVWxaHsPxjpV+ AkyOnLAa+MuwqXTHWDCUhGDvO72ArZAHZP6z5u3K4AJlc5YCmAJk2Xh5KNy6jE/hTxlx yzkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723696142; x=1724300942; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VFLslw7cUuZWfGL4McVvZQx5aa0QedRZOUE2A7L2GMU=; b=JVVWSg5M0Kn69mDe/4tlYIFfB+wDA71P2/BYn1EKQd+YZ+zhUBJfyy+BMpNsJLorvh WQtS4Fxw/Jc6IbiFs0mLPoTI2+NtrGyUX2Gph0eZfHR/gj1vzm0LykecJQWcsMDWzpap pNMLyoRncm0EphJ0qjpMPs/t4XEAPPwaw9Y0KSHnaMj7xJfMKkIRMeprv5Lg3VloOcBz TjgWh1D0gWZMRfODl2qo5bfW2jg0Sztrb3of5M5DWlq2z4YBK/0VOZLjjaRPyroB+XNS DNsknpQvdQhW/M+UZpwEbyTEgYuR6drqQb9IE9/46nocGJfAFW6wZWhOy3E8XlLZbdxt Dz+w== X-Forwarded-Encrypted: i=1; AJvYcCXaIMA/TnoT+cVVRgLa2n3CtDDJQ0lY1PsTSmmggH3iMFhFpFTALM71px+ac5NXIRGET6qMZqsFBbGyHe5FQl7LQxc= X-Gm-Message-State: AOJu0Yx2DPWsid5zcs4BEjUTHvH+NZ5tSYTpCF5uCcjxGXrU3P+WRzaA n5oMdIaRVZwuWzWBCJqQi09wmJeiV63yNQQSUYALR2bS2U4Z85gPgWbl5CFGcYA= X-Google-Smtp-Source: AGHT+IFY9vXcQcIZcdE97WC6zB//oh2Tta9UfS2JDs4QwCFUFQd2HCWfJ5naFWtlIJriWpRLHCXkCw== X-Received: by 2002:a17:90a:be0b:b0:2d3:c2a9:1c07 with SMTP id 98e67ed59e1d1-2d3c2a91cd6mr2222565a91.9.1723696142142; Wed, 14 Aug 2024 21:29:02 -0700 (PDT) Received: from smtpclient.apple (v133-130-115-230.a046.g.tyo1.static.cnode.io. [133.130.115.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d3ac7f21d2sm2655982a91.28.2024.08.14.21.28.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Aug 2024 21:29:01 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\)) Subject: Re: [PATCH v3] ACPI: PCI: check if the root io space is page aligned From: Miao Wang In-Reply-To: <20240814163711.GA351420@bhelgaas> Date: Thu, 15 Aug 2024 12:28:44 +0800 Cc: =?utf-8?Q?Ilpo_J=C3=A4rvinen?= , Bjorn Helgaas , "Rafael J. Wysocki" , Len Brown , linux-pci@vger.kernel.org, linux-acpi@vger.kernel.org, linux-mm@kvack.org Content-Transfer-Encoding: quoted-printable Message-Id: <86348A3F-6AF4-4DC0-ACF5-08EC52E3828C@gmail.com> References: <20240814163711.GA351420@bhelgaas> To: Bjorn Helgaas X-Mailer: Apple Mail (2.3774.600.62) X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: F01E040008 X-Stat-Signature: k8aeafwz55nesntm4d4cbo3mjm6oejf7 X-Rspam-User: X-HE-Tag: 1723696143-284614 X-HE-Meta: U2FsdGVkX18UnJFIKiFro0Vc76gdAXzF1JC4zzqmdJtttRyYyd/gHQ9AUvQuVe90UUwA/Z2Wpu5+cBgDJnyHOwLiobIAj+T5wKTK2GI3KtpAHFkEcWa7owuqSqrBvV8FbnjlH/hkIMYu4JHFkkfben2qTXEeT/wXYprlKa02QxWjfPSzz0f9mjWoLsv3WJRtVqclYCzD8HXA/QJPoEPkGD2JKm89LeI9BsCj7h5RAH2Tbx/qwEzBN2rRsSjW+PLKWxB+f6Nxz7BtPe/2CszCgQerVTbaVNyRwHStbIT3e3dlcUckJmN1HJ+QzMGR0Exx8CaQ19m+ANlcvtg7E16WbmZegx/TPUnP1s28rUfZCINmX2p71Y1aEFt0cxKOXNam5RuGBTLa38b8N+0Ear4ksaKRfYTqoS7NcpD7+gCatu2nLPGgqdNbX7w5O4GAt30QPals10S8qKS+FoE/YXBV2sa+c/CpC0apJszXQCz1BhlwvnQ6IH+EosvhZsdKc2cjyjw29IXxCjtKu2OxGOcorqzcJ7fqxuxTQVZmVEyAseraIYsiz9IyrrtTM9YHz8vbB+QYRR15JyEv4tcxdyQ4hPMYCz7NXVO2ea7dSg16203G60mspScV75qGr62RM03q5t+jVST/4WQDHj2Gzr9CxXqTsvKU3t94GmnsZKOKexiBGxmtk5I9hQM0NZbloeRNaFTDoM8L+ciJlVDgnkoIxN7d8gvN3FTizICBTN5SlWwmh36wg5hZiIE8GBpsW1wgKUfDR5GoXDWKLOQ8vY00m0Url8hoih2PXA9+iisGcX5S+e825prwtKZU13CiaXmuQyqDTEWgMbR/aor206JrS9/gXmm2moc8CKmbVjYAvscqe1V+cK7opYwoUBBllXWwQFcgs90UlwuHvxkcRKPizYLiwLewGIjkeyP/WDa7gh1zg3ReuMANshO/FCFZTB3oGyyPtbHYycpJd3rnqXK puva9Rir Ez0jnDQ0QwW7QLctiiyOLbWqGdjgI9L+T9PR9vlQFZaxL2Tzm7T2jTdOVsasKVu00RO0MCAjwUPKWpdE17PocHZ4bRSEBbcA+hsP0Oj7exRNZ4vGzvnMMkNzt6tFIx0CH3sw95F+fGBw5lxoOaERywd2SR/Cqn0UDfyM2ViOODd42njLj2hVRF989025IXHvkUYg4LYVb+efXzhuhSMP0ig3vmdnzMnps4zNnbm9sLlKSnti/e7z4j2Bivh/I8mRah43bJPm7fpRkpp0+TFUH/Ir4wZ/ty+kGz5ip6LocV45VjApbB6ZGevUTXZ3iao5vTCM1JNe7UQsMMonsHRU3BC4/hC7/Ek2SrXXOjHh9GvMCKq0/MGxru7Ahexb0tHLx0NR+Nk8m7ySCY3u97vbO6pU/FTC0GfdD+V9AYhvZy1SlIcktnNULKcDJa5BQTLxK9AzLK/F5E4jNAbdoUzcVZ+Uf3N7/MPPGOmtl X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, > 2024=E5=B9=B48=E6=9C=8815=E6=97=A5 00:37=EF=BC=8CBjorn Helgaas = =E5=86=99=E9=81=93=EF=BC=9A >=20 > [+cc linux-mm for vmap page alignment checking question] >=20 > On Wed, Aug 14, 2024 at 08:09:15PM +0800, Miao Wang via B4 Relay = wrote: >> From: Miao Wang >>=20 >> When the IO resource given by _CRS method is not page aligned, = especially >> when the page size is larger than 4KB, serious problems will happen >> because the misaligned address is passed down to pci_remap_iospace(), >> then to vmap_page_range(), and finally to vmap_pte_range(), where the >> length between addr and end is expected to be divisible by PAGE_SIZE, = or >> the loop will overrun till the pfn_none check fails. >=20 > What does this problem look like to a user? Panic, oops, hang, > warning backtrace? I assume this is not a regression, but maybe > something you tripped over because of a BIOS defect? Does this need > to be backported to stable kernels? Panic, or actually BUG in vmap_pte_range() at the = !pte_none(ptep_get(pte)) check, since misaligned addresses will cause the loop in vmap_pte_range overrun and finally reach one of the already mapped pages. This happens = on a LS2k2000 machine, the buggy firmware of which declares the IO space of the PCI root controller as follows: QWordIO (ResourceProducer, MinFixed, MaxFixed, PosDecode, EntireRange, 0x0000000000000000, // Granularity 0x0000000000004000, // Range Minimum 0x0000000000009FFF, // Range Maximum 0x000000FDFC000000, // Translation Offset 0x0000000000006000, // Length ,, , TypeStatic, DenseTranslation) At first, I thought there might be some overlapping address spaces. But = when I added some debug output in vmap_page_range(), I realized that it was because a loop overrun. Normally, loongarch64 kernel is compiled using 16K page size, and thus = the length here is not page aligned. I tested my patch using a virtual = machine with a deliberately modified DSDT table to reproduce this issue. > It seems sort of weird to me that all those vmap_*_range() functions > take the full page address (not a PFN) and depend on the addr/size > being page-aligned, but they don't validate the alignment. But I'm > not a VM person and I suppose there's a reason for passing the full > address. Ah, I also have this question. >=20 > But it does mean that other users of vmap_page_range() are also > potentially susceptible to this issue, e.g., vmap(), vm_map_ram(), > ioremap_page_range(), etc., so I'm not sure that > acpi_pci_root_remap_iospace() is the best place to check the > alignment. My first idea was that the misaligned address is introduced from DSDT table and the check would be better to be done inside the ACPI system. However, lets wait for replies from linux-mm to decide where should be the best place. >=20 >> Signed-off-by: Miao Wang >> --- >> Changes in v3: >> - Adjust code formatting. >> - Reword the commit message for further description of the possible = reason >> leading to misaligned IO resource addresses. >> - Link to v2: = https://lore.kernel.org/r/20240814-check_pci_probe_res-v2-1-a03c8c9b498b@g= mail.com >>=20 >> Changes in v2: >> - Sorry for posting out the draft version in V1, fixed a silly = compiling issue. >> - Link to v1: = https://lore.kernel.org/r/20240814-check_pci_probe_res-v1-1-122ee07821ab@g= mail.com >> --- >> drivers/acpi/pci_root.c | 14 +++++++++++--- >> 1 file changed, 11 insertions(+), 3 deletions(-) >>=20 >> diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c >> index d0bfb3706801..a425e93024f2 100644 >> --- a/drivers/acpi/pci_root.c >> +++ b/drivers/acpi/pci_root.c >> @@ -858,7 +858,7 @@ static void = acpi_pci_root_validate_resources(struct device *dev, >> } >> } >>=20 >> -static void acpi_pci_root_remap_iospace(struct fwnode_handle = *fwnode, >> +static void acpi_pci_root_remap_iospace(struct acpi_device *device, >> struct resource_entry *entry) >> { >> #ifdef PCI_IOBASE >> @@ -868,7 +868,15 @@ static void acpi_pci_root_remap_iospace(struct = fwnode_handle *fwnode, >> resource_size_t length =3D resource_size(res); >> unsigned long port; >>=20 >> - if (pci_register_io_range(fwnode, cpu_addr, length)) >> + if (!PAGE_ALIGNED(cpu_addr) || !PAGE_ALIGNED(length) || >> + !PAGE_ALIGNED(pci_addr)) { >> + dev_err(&device->dev, >> + FW_BUG "I/O resource %pR or its offset %pa is not page aligned\n", >> + res, &entry->offset); >> + goto err; >> + } >> + >> + if (pci_register_io_range(&device->fwnode, cpu_addr, length)) >> goto err; >=20 > This change verifies alignment for the ACPI case that leads to the > pci_remap_iospace() -> vmap_page_range() -> vmap_pte_range() path, but=20= > there are others even in drivers/pci/, e.g., pci_remap_iospace() is > also used in the DT path, where I suppose a defective DT could cause a > similar issue. >=20 >> port =3D pci_address_to_pio(cpu_addr); >> @@ -910,7 +918,7 @@ int acpi_pci_probe_root_resources(struct = acpi_pci_root_info *info) >> else { >> resource_list_for_each_entry_safe(entry, tmp, list) { >> if (entry->res->flags & IORESOURCE_IO) >> - acpi_pci_root_remap_iospace(&device->fwnode, >> + acpi_pci_root_remap_iospace(device, >> entry); >>=20 >> if (entry->res->flags & IORESOURCE_DISABLED) >>=20 >> --- >> base-commit: 7c626ce4bae1ac14f60076d00eafe71af30450ba >> change-id: 20240813-check_pci_probe_res-27e3e6df72b2 >>=20 >> Best regards, >> --=20 >> Miao Wang