2019-05-27 14:55:01 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2017-12-02 00:47:08 +08:00
|
|
|
/*
|
|
|
|
* drmem.h: Power specific logical memory block representation
|
|
|
|
*
|
|
|
|
* Copyright 2017 IBM Corporation
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _ASM_POWERPC_LMB_H
|
|
|
|
#define _ASM_POWERPC_LMB_H
|
|
|
|
|
|
|
|
struct drmem_lmb {
|
|
|
|
u64 base_addr;
|
|
|
|
u32 drc_index;
|
|
|
|
u32 aa_index;
|
|
|
|
u32 flags;
|
2018-10-02 23:35:59 +08:00
|
|
|
#ifdef CONFIG_MEMORY_HOTPLUG
|
|
|
|
int nid;
|
|
|
|
#endif
|
2017-12-02 00:47:08 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct drmem_lmb_info {
|
|
|
|
struct drmem_lmb *lmbs;
|
|
|
|
int n_lmbs;
|
|
|
|
u32 lmb_size;
|
|
|
|
};
|
|
|
|
|
|
|
|
extern struct drmem_lmb_info *drmem_info;
|
|
|
|
|
|
|
|
#define for_each_drmem_lmb_in_range(lmb, start, end) \
|
powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable
In guests without hotplugagble memory drmem structure is only zero
initialized. Trying to manipulate DLPAR parameters results in a crash.
$ echo "memory add count 1" > /sys/kernel/dlpar
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
...
NIP: c0000000000ff294 LR: c0000000000ff248 CTR: 0000000000000000
REGS: c0000000fb9d3880 TRAP: 0300 Tainted: G E (5.5.0-rc6-2-default)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28242428 XER: 20000000
CFAR: c0000000009a6c10 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0
...
NIP dlpar_memory+0x6e4/0xd00
LR dlpar_memory+0x698/0xd00
Call Trace:
dlpar_memory+0x698/0xd00 (unreliable)
handle_dlpar_errorlog+0xc0/0x190
dlpar_store+0x198/0x4a0
kobj_attr_store+0x30/0x50
sysfs_kf_write+0x64/0x90
kernfs_fop_write+0x1b0/0x290
__vfs_write+0x3c/0x70
vfs_write+0xd0/0x260
ksys_write+0xdc/0x130
system_call+0x5c/0x68
Taking closer look at the code, I can see that for_each_drmem_lmb is a
macro expanding into `for (lmb = &drmem_info->lmbs[0]; lmb <=
&drmem_info->lmbs[drmem_info->n_lmbs - 1]; lmb++)`. When drmem_info->lmbs
is NULL, the loop would iterate through the whole address range if it
weren't stopped by the NULL pointer dereference on the next line.
This patch aligns for_each_drmem_lmb and for_each_drmem_lmb_in_range
macro behavior with the common C semantics, where the end marker does
not belong to the scanned range, and alters get_lmb_range() semantics.
As a side effect, the wraparound observed in the crash is prevented.
Fixes: 6c6ea53725b3 ("powerpc/mm: Separate ibm, dynamic-memory data from DT format")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Libor Pechacek <lpechacek@suse.cz>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200131132829.10281-1-msuchanek@suse.de
2020-01-31 21:28:29 +08:00
|
|
|
for ((lmb) = (start); (lmb) < (end); (lmb)++)
|
2017-12-02 00:47:08 +08:00
|
|
|
|
|
|
|
#define for_each_drmem_lmb(lmb) \
|
|
|
|
for_each_drmem_lmb_in_range((lmb), \
|
|
|
|
&drmem_info->lmbs[0], \
|
powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable
In guests without hotplugagble memory drmem structure is only zero
initialized. Trying to manipulate DLPAR parameters results in a crash.
$ echo "memory add count 1" > /sys/kernel/dlpar
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
...
NIP: c0000000000ff294 LR: c0000000000ff248 CTR: 0000000000000000
REGS: c0000000fb9d3880 TRAP: 0300 Tainted: G E (5.5.0-rc6-2-default)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28242428 XER: 20000000
CFAR: c0000000009a6c10 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0
...
NIP dlpar_memory+0x6e4/0xd00
LR dlpar_memory+0x698/0xd00
Call Trace:
dlpar_memory+0x698/0xd00 (unreliable)
handle_dlpar_errorlog+0xc0/0x190
dlpar_store+0x198/0x4a0
kobj_attr_store+0x30/0x50
sysfs_kf_write+0x64/0x90
kernfs_fop_write+0x1b0/0x290
__vfs_write+0x3c/0x70
vfs_write+0xd0/0x260
ksys_write+0xdc/0x130
system_call+0x5c/0x68
Taking closer look at the code, I can see that for_each_drmem_lmb is a
macro expanding into `for (lmb = &drmem_info->lmbs[0]; lmb <=
&drmem_info->lmbs[drmem_info->n_lmbs - 1]; lmb++)`. When drmem_info->lmbs
is NULL, the loop would iterate through the whole address range if it
weren't stopped by the NULL pointer dereference on the next line.
This patch aligns for_each_drmem_lmb and for_each_drmem_lmb_in_range
macro behavior with the common C semantics, where the end marker does
not belong to the scanned range, and alters get_lmb_range() semantics.
As a side effect, the wraparound observed in the crash is prevented.
Fixes: 6c6ea53725b3 ("powerpc/mm: Separate ibm, dynamic-memory data from DT format")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Libor Pechacek <lpechacek@suse.cz>
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200131132829.10281-1-msuchanek@suse.de
2020-01-31 21:28:29 +08:00
|
|
|
&drmem_info->lmbs[drmem_info->n_lmbs])
|
2017-12-02 00:47:08 +08:00
|
|
|
|
2017-12-02 00:47:42 +08:00
|
|
|
/*
|
|
|
|
* The of_drconf_cell_v1 struct defines the layout of the LMB data
|
|
|
|
* specified in the ibm,dynamic-memory device tree property.
|
|
|
|
* The property itself is a 32-bit value specifying the number of
|
|
|
|
* LMBs followed by an array of of_drconf_cell_v1 entries, one
|
|
|
|
* per LMB.
|
|
|
|
*/
|
|
|
|
struct of_drconf_cell_v1 {
|
|
|
|
__be64 base_addr;
|
|
|
|
__be32 drc_index;
|
|
|
|
__be32 reserved;
|
|
|
|
__be32 aa_index;
|
|
|
|
__be32 flags;
|
|
|
|
};
|
|
|
|
|
2017-12-02 00:47:53 +08:00
|
|
|
/*
|
|
|
|
* Version 2 of the ibm,dynamic-memory property is defined as a
|
|
|
|
* 32-bit value specifying the number of LMB sets followed by an
|
|
|
|
* array of of_drconf_cell_v2 entries, one per LMB set.
|
|
|
|
*/
|
|
|
|
struct of_drconf_cell_v2 {
|
|
|
|
u32 seq_lmbs;
|
|
|
|
u64 base_addr;
|
|
|
|
u32 drc_index;
|
|
|
|
u32 aa_index;
|
|
|
|
u32 flags;
|
|
|
|
} __packed;
|
|
|
|
|
2017-12-02 00:47:42 +08:00
|
|
|
#define DRCONF_MEM_ASSIGNED 0x00000008
|
|
|
|
#define DRCONF_MEM_AI_INVALID 0x00000040
|
|
|
|
#define DRCONF_MEM_RESERVED 0x00000080
|
|
|
|
|
2017-12-02 00:47:08 +08:00
|
|
|
static inline u32 drmem_lmb_size(void)
|
|
|
|
{
|
|
|
|
return drmem_info->lmb_size;
|
|
|
|
}
|
|
|
|
|
2017-12-02 00:47:31 +08:00
|
|
|
#define DRMEM_LMB_RESERVED 0x80000000
|
|
|
|
|
|
|
|
static inline void drmem_mark_lmb_reserved(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
lmb->flags |= DRMEM_LMB_RESERVED;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void drmem_remove_lmb_reservation(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
lmb->flags &= ~DRMEM_LMB_RESERVED;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool drmem_lmb_reserved(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
return lmb->flags & DRMEM_LMB_RESERVED;
|
|
|
|
}
|
|
|
|
|
2017-12-02 00:47:21 +08:00
|
|
|
u64 drmem_lmb_memory_max(void);
|
|
|
|
void __init walk_drmem_lmbs(struct device_node *dn,
|
|
|
|
void (*func)(struct drmem_lmb *, const __be32 **));
|
2017-12-02 00:47:31 +08:00
|
|
|
int drmem_update_dt(void);
|
2017-12-02 00:47:21 +08:00
|
|
|
|
2017-12-02 00:47:08 +08:00
|
|
|
#ifdef CONFIG_PPC_PSERIES
|
|
|
|
void __init walk_drmem_lmbs_early(unsigned long node,
|
|
|
|
void (*func)(struct drmem_lmb *, const __be32 **));
|
|
|
|
#endif
|
|
|
|
|
2018-04-21 04:29:48 +08:00
|
|
|
static inline void invalidate_lmb_associativity_index(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
lmb->aa_index = 0xffffffff;
|
|
|
|
}
|
|
|
|
|
2018-10-02 23:35:59 +08:00
|
|
|
#ifdef CONFIG_MEMORY_HOTPLUG
|
|
|
|
static inline void lmb_set_nid(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
lmb->nid = memory_add_physaddr_to_nid(lmb->base_addr);
|
|
|
|
}
|
|
|
|
static inline void lmb_clear_nid(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
lmb->nid = -1;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
static inline void lmb_set_nid(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
static inline void lmb_clear_nid(struct drmem_lmb *lmb)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2017-12-02 00:47:08 +08:00
|
|
|
#endif /* _ASM_POWERPC_LMB_H */
|