From patchwork Sat Mar 5 15:32:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 63623 Delivered-To: patch@linaro.org Received: by 10.112.199.169 with SMTP id jl9csp634873lbc; Sat, 5 Mar 2016 07:33:00 -0800 (PST) X-Received: by 10.66.146.196 with SMTP id te4mr20778917pab.125.1457191980803; Sat, 05 Mar 2016 07:33:00 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id yl8si14091066pab.245.2016.03.05.07.33.00; Sat, 05 Mar 2016 07:33:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dkim=pass header.i=@linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753351AbcCEPcx (ORCPT + 30 others); Sat, 5 Mar 2016 10:32:53 -0500 Received: from mail-wm0-f46.google.com ([74.125.82.46]:36049 "EHLO mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750804AbcCEPct (ORCPT ); Sat, 5 Mar 2016 10:32:49 -0500 Received: by mail-wm0-f46.google.com with SMTP id n186so28955152wmn.1 for ; Sat, 05 Mar 2016 07:32:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=6h6EmTL6xhcBCpGO6qEN8Sj1YbTBj8zSsbJT/DccBQE=; b=gsm0PHSdDLP5x2F3SqCOAdEbxWo9P1IHiRQk2Ve1CUwXyU8mpn4Uetl0RORGvHndsS maxUAlXR2GHgivJWB2rU9Y8OfLEMkWa9PwScdN0w8MdpfNc6fcQPMFGHS+dfDX9oTqDF BgwZQR9iyzkGNJdzKZJwGB8IiuJawDPofpD6U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=6h6EmTL6xhcBCpGO6qEN8Sj1YbTBj8zSsbJT/DccBQE=; b=iUL2CUYPebVh2C9rWLOHUR1X/9gFNHE1nwgR+N6Z9XhKGQxKWx0V4JqvWGWDQaxFQb fRHSYMg9t7N2Qaq3/dMjlcoJS9k0+XKvAjjpDbGjzY0aseLGCiAHjx+pTIMBjPTBYCBC IsdLywOMy+ePrbajPAYDyWnAn0xECiAC7ptIG/0v/AfP+3wzfl+q2Ym6e73dbXYNFOYY MMwlsjIrbPlmhxK+APJok1aem2EDhsMthn2BUroNi7KFkjEh8s49oJjV/JrDmUpeyhpz 39VKLzkNJPtTXdEDyCdJN6x/u/Oiks4+3+FpZUB+cAQDtpVJLBo9LpkNQlmZix4VwyCP vd2Q== X-Gm-Message-State: AD7BkJLh5rmkduXJ1FzyQ5Frs2ojKJMLikPviq4Vie3bv7vnFloFroVMwKvRVl59fpk+UNvu X-Received: by 10.28.54.197 with SMTP id y66mr4056144wmh.16.1457191968341; Sat, 05 Mar 2016 07:32:48 -0800 (PST) Received: from localhost.localdomain (151.20.90.92.rev.sfr.net. [92.90.20.151]) by smtp.gmail.com with ESMTPSA id t3sm8668179wjz.11.2016.03.05.07.32.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 05 Mar 2016 07:32:47 -0800 (PST) From: Ard Biesheuvel To: linux-kernel@vger.kernel.org, dan.j.williams@intel.com Cc: linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org, Ard Biesheuvel Subject: [PATCH] memremap: check pfn validity before passing to pfn_to_page() Date: Sat, 5 Mar 2016 16:32:38 +0100 Message-Id: <1457191958-5263-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In memremap's helper function try_ram_remap(), we dereference a struct page pointer that was derived from a PFN that is known to be covered by a 'System RAM' iomem region, and is thus assumed to be a 'valid' PFN, i.e., a PFN that has a struct page associated with it and is covered by the kernel direct mapping. However, the assumption that there is a 1:1 relation between the System RAM iomem region and the kernel direct mapping is not universally valid on all architectures, and on ARM and arm64, 'System RAM' may include regions for which pfn_valid() returns false. Generally speaking, both __va() and pfn_to_page() should only ever be called on PFNs/physical addresses for which pfn_valid() returns true, so add that check to try_ram_remap(). Signed-off-by: Ard Biesheuvel --- kernel/memremap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.9.1 diff --git a/kernel/memremap.c b/kernel/memremap.c index b981a7b023f0..03fa254f61f6 100644 --- a/kernel/memremap.c +++ b/kernel/memremap.c @@ -29,10 +29,10 @@ __weak void __iomem *ioremap_cache(resource_size_t offset, unsigned long size) static void *try_ram_remap(resource_size_t offset, size_t size) { - struct page *page = pfn_to_page(offset >> PAGE_SHIFT); + unsigned long pfn = PHYS_PFN(offset); /* In the simple case just return the existing linear address */ - if (!PageHighMem(page)) + if (pfn_valid(pfn) && !PageHighMem(pfn_to_page(pfn))) return __va(offset); return NULL; /* fallback to ioremap_cache */ }