• Mark Rutland's avatar
    arm64: head: avoid over-mapping in map_memory · 90268574
    Mark Rutland authored
    The `compute_indices` and `populate_entries` macros operate on inclusive
    bounds, and thus the `map_memory` macro which uses them also operates
    on inclusive bounds.
    
    We pass `_end` and `_idmap_text_end` to `map_memory`, but these are
    exclusive bounds, and if one of these is sufficiently aligned (as a
    result of kernel configuration, physical placement, and KASLR), then:
    
    * In `compute_indices`, the computed `iend` will be in the page/block *after*
      the final byte of the intended mapping.
    
    * In `populate_entries`, an unnecessary entry will be created at the end
      of each level of table. At the leaf level, this entry will map up to
      SWAPPER_BLOCK_SIZE bytes of physical addresses that we did not intend
      to map.
    
    As we may map up to SWAPPER_BLOCK_SIZE bytes more than intended, we may
    violate the boot protocol and map physical address past the 2MiB-aligned
    end address we are permitted to map. As we map these with Normal memory
    attributes, this may result in further problems depending on what these
    physical addresses correspond to.
    
    The final entry at each level may require an additional table at that
    level. As EARLY_ENTRIES() calculates an inclusive bound, we allocate
    enough memory for this.
    
    Avoid the extraneous mapping by having map_memory convert the exclusive
    end address to an inclusive end address by subtracting one, and do
    likewise in EARLY_ENTRIES() when calculating the number of required
    tables. For clarity, comments are updated to more clearly document which
    boundaries the macros operate on.  For consistency with the other
    macros, the comments in map_memory are also updated to describe `vstart`
    and `vend` as virtual addresses.
    
    Fixes: 0370b31e ("arm64: Extend early page table code to allow for larger kernels")
    Cc: <stable@vger.kernel.org> # 4.16.x
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Cc: Anshuman Khandual <anshuman.khandual@arm.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Steve Capper <steve.capper@arm.com>
    Cc: Will Deacon <will@kernel.org>
    Acked-by: default avatarWill Deacon <will@kernel.org>
    Link: https://lore.kernel.org/r/20210823101253.55567-1-mark.rutland@arm.comSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    90268574
head.S 25 KB