Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 459570 Details for
Bug 603470
sys-kernel/gentoo-sources-4.9.0 fails to boot on Thinkpad T540p
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch 1 of 2
efi-memmap.patch (text/plain), 5.84 KB, created by
Anton Gubarkov
on 2017-01-11 09:17:31 UTC
(
hide
)
Description:
patch 1 of 2
Filename:
MIME Type:
Creator:
Anton Gubarkov
Created:
2017-01-11 09:17:31 UTC
Size:
5.84 KB
patch
obsolete
>From 20b1e22d01a4b0b11d3a1066e9feb04be38607ec Mon Sep 17 00:00:00 2001 >From: Nicolai Stange <nicstange@gmail.com> >Date: Thu, 5 Jan 2017 13:51:29 +0100 >Subject: [PATCH] x86/efi: Don't allocate memmap through memblock after mm_init() >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >With the following commit: > > 4bc9f92e64c8 ("x86/efi-bgrt: Use efi_mem_reserve() to avoid copying image data") > >... efi_bgrt_init() calls into the memblock allocator through >efi_mem_reserve() => efi_arch_mem_reserve() *after* mm_init() has been called. > >Indeed, KASAN reports a bad read access later on in efi_free_boot_services(): > > BUG: KASAN: use-after-free in efi_free_boot_services+0xae/0x24c > at addr ffff88022de12740 > Read of size 4 by task swapper/0/0 > page:ffffea0008b78480 count:0 mapcount:-127 > mapping: (null) index:0x1 flags: 0x5fff8000000000() > [...] > Call Trace: > dump_stack+0x68/0x9f > kasan_report_error+0x4c8/0x500 > kasan_report+0x58/0x60 > __asan_load4+0x61/0x80 > efi_free_boot_services+0xae/0x24c > start_kernel+0x527/0x562 > x86_64_start_reservations+0x24/0x26 > x86_64_start_kernel+0x157/0x17a > start_cpu+0x5/0x14 > >The instruction at the given address is the first read from the memmap's >memory, i.e. the read of md->type in efi_free_boot_services(). > >Note that the writes earlier in efi_arch_mem_reserve() don't splat because >they're done through early_memremap()ed addresses. > >So, after memblock is gone, allocations should be done through the "normal" >page allocator. Introduce a helper, efi_memmap_alloc() for this. Use >it from efi_arch_mem_reserve(), efi_free_boot_services() and, for the sake >of consistency, from efi_fake_memmap() as well. > >Note that for the latter, the memmap allocations cease to be page aligned. >This isn't needed though. > >Tested-by: Dan Williams <dan.j.williams@intel.com> >Signed-off-by: Nicolai Stange <nicstange@gmail.com> >Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> >Cc: <stable@vger.kernel.org> # v4.9 >Cc: Dave Young <dyoung@redhat.com> >Cc: Linus Torvalds <torvalds@linux-foundation.org> >Cc: Matt Fleming <matt@codeblueprint.co.uk> >Cc: Mika Penttilä <mika.penttila@nextfour.com> >Cc: Peter Zijlstra <peterz@infradead.org> >Cc: Thomas Gleixner <tglx@linutronix.de> >Cc: linux-efi@vger.kernel.org >Fixes: 4bc9f92e64c8 ("x86/efi-bgrt: Use efi_mem_reserve() to avoid copying image data") >Link: http://lkml.kernel.org/r/20170105125130.2815-1-nicstange@gmail.com >Signed-off-by: Ingo Molnar <mingo@kernel.org> >--- > arch/x86/platform/efi/quirks.c | 4 ++-- > drivers/firmware/efi/fake_mem.c | 3 +-- > drivers/firmware/efi/memmap.c | 38 ++++++++++++++++++++++++++++++++++++++ > include/linux/efi.h | 1 + > 4 files changed, 42 insertions(+), 4 deletions(-) > >diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c >index 10aca63a50d7..30031d5293c4 100644 >--- a/arch/x86/platform/efi/quirks.c >+++ b/arch/x86/platform/efi/quirks.c >@@ -214,7 +214,7 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size) > > new_size = efi.memmap.desc_size * num_entries; > >- new_phys = memblock_alloc(new_size, 0); >+ new_phys = efi_memmap_alloc(num_entries); > if (!new_phys) { > pr_err("Could not allocate boot services memmap\n"); > return; >@@ -355,7 +355,7 @@ void __init efi_free_boot_services(void) > } > > new_size = efi.memmap.desc_size * num_entries; >- new_phys = memblock_alloc(new_size, 0); >+ new_phys = efi_memmap_alloc(num_entries); > if (!new_phys) { > pr_err("Failed to allocate new EFI memmap\n"); > return; >diff --git a/drivers/firmware/efi/fake_mem.c b/drivers/firmware/efi/fake_mem.c >index 520a40e5e0e4..6c7d60c239b5 100644 >--- a/drivers/firmware/efi/fake_mem.c >+++ b/drivers/firmware/efi/fake_mem.c >@@ -71,8 +71,7 @@ void __init efi_fake_memmap(void) > } > > /* allocate memory for new EFI memmap */ >- new_memmap_phy = memblock_alloc(efi.memmap.desc_size * new_nr_map, >- PAGE_SIZE); >+ new_memmap_phy = efi_memmap_alloc(new_nr_map); > if (!new_memmap_phy) > return; > >diff --git a/drivers/firmware/efi/memmap.c b/drivers/firmware/efi/memmap.c >index f03ddecd232b..78686443cb37 100644 >--- a/drivers/firmware/efi/memmap.c >+++ b/drivers/firmware/efi/memmap.c >@@ -9,6 +9,44 @@ > #include <linux/efi.h> > #include <linux/io.h> > #include <asm/early_ioremap.h> >+#include <linux/memblock.h> >+#include <linux/slab.h> >+ >+static phys_addr_t __init __efi_memmap_alloc_early(unsigned long size) >+{ >+ return memblock_alloc(size, 0); >+} >+ >+static phys_addr_t __init __efi_memmap_alloc_late(unsigned long size) >+{ >+ unsigned int order = get_order(size); >+ struct page *p = alloc_pages(GFP_KERNEL, order); >+ >+ if (!p) >+ return 0; >+ >+ return PFN_PHYS(page_to_pfn(p)); >+} >+ >+/** >+ * efi_memmap_alloc - Allocate memory for the EFI memory map >+ * @num_entries: Number of entries in the allocated map. >+ * >+ * Depending on whether mm_init() has already been invoked or not, >+ * either memblock or "normal" page allocation is used. >+ * >+ * Returns the physical address of the allocated memory map on >+ * success, zero on failure. >+ */ >+phys_addr_t __init efi_memmap_alloc(unsigned int num_entries) >+{ >+ unsigned long size = num_entries * efi.memmap.desc_size; >+ >+ if (slab_is_available()) >+ return __efi_memmap_alloc_late(size); >+ >+ return __efi_memmap_alloc_early(size); >+} > > /** > * __efi_memmap_init - Common code for mapping the EFI memory map >diff --git a/include/linux/efi.h b/include/linux/efi.h >index a07a476178cd..0c5420208c40 100644 >--- a/include/linux/efi.h >+++ b/include/linux/efi.h >@@ -950,6 +950,7 @@ static inline efi_status_t efi_query_variable_store(u32 attributes, > #endif > extern void __iomem *efi_lookup_mapped_addr(u64 phys_addr); > >+extern phys_addr_t __init efi_memmap_alloc(unsigned int num_entries); > extern int __init efi_memmap_init_early(struct efi_memory_map_data *data); > extern int __init efi_memmap_init_late(phys_addr_t addr, unsigned long size); > extern void __init efi_memmap_unmap(void); >-- >2.10.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=459570">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 603470
:
457124
|
457126
| 459570 |
459572
