On 30/11/2018 13:11, Kirill A. Shutemov wrote: > On Fri, Nov 30, 2018 at 12:03:33PM +0000, Juergen Gross wrote: >> On 30/11/2018 12:57, Kirill A. Shutemov wrote: >>> There is a guard hole at the beginning of kernel address space, also >>> used by hypervisors. It occupies 16 PGD entries. >>> >>> We do not state the reserved range directly, but calculate it relative >>> to other entities: direct mapping and user space ranges. >>> >>> The calculation got broken by recent change in kernel memory layout: LDT >>> remap range is now mapped before direct mapping and makes the calculation >>> invalid. >>> >>> The breakage leads to crash on Xen dom0 boot[1]. >>> >>> State the reserved range directly. It's part of kernel ABI (hypervisors >>> expect it to be stable) and must not depend on changes in the rest of >>> kernel memory layout. >>> >>> [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html >>> >>> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> >>> Reported-by: Hans van Kranenburg <Hans.van.Kranenburg@xxxxxxxxxx> >>> Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging") >>> --- >>> arch/x86/include/asm/pgtable_64_types.h | 5 +++++ >>> arch/x86/mm/dump_pagetables.c | 8 ++++---- >>> arch/x86/xen/mmu_pv.c | 11 ++++++----- >>> 3 files changed, 15 insertions(+), 9 deletions(-) >>> >>> diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h >>> index 84bd9bdc1987..13aef22cee18 100644 >>> --- a/arch/x86/include/asm/pgtable_64_types.h >>> +++ b/arch/x86/include/asm/pgtable_64_types.h >>> @@ -111,6 +111,11 @@ extern unsigned int ptrs_per_p4d; >>> */ >>> #define MAXMEM (1UL << MAX_PHYSMEM_BITS) >>> >>> +#define GUARD_HOLE_PGD_ENTRY -256UL >>> +#define GUARD_HOLE_SIZE (16UL << PGDIR_SHIFT) >>> +#define GUARD_HOLE_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) >> >> s/LDT_PGD_ENTRY/GUARD_HOLE_PGD_ENTRY/ > > Ughh.. > >>From 4308d560cc2874a9f596512bcb4c601b2450653d Mon Sep 17 00:00:00 2001 > From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx> > Date: Fri, 30 Nov 2018 14:29:42 +0300 > Subject: [PATCH 1/2] x86/mm: Fix guard hole handling > > There is a guard hole at the beginning of kernel address space, also > used by hypervisors. It occupies 16 PGD entries. > > We do not state the reserved range directly, but calculate it relative > to other entities: direct mapping and user space ranges. > > The calculation got broken by recent change in kernel memory layout: LDT > remap range is now mapped before direct mapping and makes the calculation > invalid. > > The breakage leads to crash on Xen dom0 boot[1]. > > State the reserved range directly. It's part of kernel ABI (hypervisors > expect it to be stable) and must not depend on changes in the rest of > kernel memory layout. > > [1] https://lists.xenproject.org/archives/html/xen-devel/2018-11/msg03313.html > > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> > Reported-by: Hans van Kranenburg <Hans.van.Kranenburg@xxxxxxxxxx> > Fixes: d52888aa2753 ("x86/mm: Move LDT remap out of KASLR region on 5-level paging") > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> Juergen
