Thomas Gleixner 0b46b4ac92 x86/kaslr: Expose and use the end of the physical memory address space ... commit ea72ce5da2 upstream. iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8@gmail.com> Reported-by: Alistair Popple <apopple@nvidia.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-By: Max Ramanouski <max8rr8@gmail.com> Tested-by: Alistair Popple <apopple@nvidia.com> Reviewed-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Alistair Popple <apopple@nvidia.com> Reviewed-by: Kees Cook <kees@kernel.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2024-09-12 11:11:25 +02:00
..
acpi	ACPICA: Add a depth argument to acpi_execute_reg_methods()	2024-08-29 17:33:13 +02:00
asm-generic	vmlinux.lds.h: catch .bss..L* sections into BSS")	2024-08-03 08:53:35 +02:00
clocksource	pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.	2024-09-08 07:54:44 +02:00
crypto
drm	drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq()	2024-08-03 08:53:45 +02:00
dt-bindings
keys
kunit
kvm
linux	x86/kaslr: Expose and use the end of the physical memory address space	2024-09-12 11:11:25 +02:00
math-emu
media
memory
misc
net	net: remove NULL-pointer net parameter in ip_metrics_convert	2024-09-08 07:54:45 +02:00
pcmcia
ras
rdma
rv
scsi	scsi: core: Fix the return value of scsi_logical_block_count()	2024-08-29 17:33:52 +02:00
soc	net: mscc: ocelot: serialize access to the injection/extraction groups	2024-08-29 17:33:45 +02:00
sound	ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception	2024-09-08 07:54:30 +02:00
target
trace	platform/x86/intel/ifs: Gen2 Scan test support	2024-08-14 13:58:37 +02:00
uapi	Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD"	2024-08-29 17:33:10 +02:00
ufs	scsi: ufs: core: Check LSDBS cap when !mcq	2024-09-08 07:54:29 +02:00
vdso
video
xen