[PATCH] ARM: mmu: fix crash in EFI calls due to p4d typo in create_mapping_late()

Wed Jul 15 03:08:35 EDT 2020

On Wed, 24 Jun 2020 at 09:05, Mike Rapoport <rppt at linux.ibm.com> wrote:
>
> On Tue, Jun 23, 2020 at 06:59:36PM +0200, Ard Biesheuvel wrote:
> > Commit
> >
> >   84e6ffb2c49c7901 ("arm: add support for folded p4d page tables")
> >
> > updated create_mapping_late() to take folded P4Ds into account when
> > creating mappings, but inverted the p4d_alloc() failure test, resulting
> > in no mapping to be created at all.
> >
> > When the EFI rtc driver subsequently tries to invoke the EFI GetTime()
> > service, the memory regions covering the EFI data structures are missing
> > from the page tables, resulting in a crash like
> >
> >   Unable to handle kernel paging request at virtual address 5ae0cf28
> >   pgd = (ptrval)
> >   [5ae0cf28] *pgd=80000040205003, *pmd=00000000
> >   Internal error: Oops: 207 [#1] SMP THUMB2
> >   Modules linked in:
> >   CPU: 0 PID: 7 Comm: kworker/u32:0 Not tainted 5.7.0+ #92
> >   Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
> >   Workqueue: efi_rts_wq efi_call_rts
> >   PC is at efi_call_rts+0x94/0x294
> >   LR is at efi_call_rts+0x83/0x294
> >   pc : [<c0b4f098>]    lr : [<c0b4f087>]    psr: 30000033
> >   sp : e6219ef0  ip : 00000000  fp : ffffe000
> >   r10: 00000000  r9 : 00000000  r8 : 30000013
> >   r7 : e6201dd0  r6 : e6201ddc  r5 : 00000000  r4 : c181f264
> >   r3 : 5ae0cf10  r2 : 00000001  r1 : e6201dd0  r0 : e6201ddc
> >   Flags: nzCV  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment none
> >   Control: 70c5383d  Table: 661cc840  DAC: 00000001
> >   Process kworker/u32:0 (pid: 7, stack limit = 0x(ptrval))
> >   ...
> >   [<c0b4f098>] (efi_call_rts) from [<c0448219>] (process_one_work+0x16d/0x3d8)
> >   [<c0448219>] (process_one_work) from [<c0448581>] (worker_thread+0xfd/0x408)
> >   [<c0448581>] (worker_thread) from [<c044ca7b>] (kthread+0x103/0x104)
> >   ...
> >
> > Fixes: 84e6ffb2c49c7901 ("arm: add support for folded p4d page tables")
> > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> > ---
> >  arch/arm/mm/mmu.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
> > index 628028bfbb92..bcd82614c25d 100644
> > --- a/arch/arm/mm/mmu.c
> > +++ b/arch/arm/mm/mmu.c
> > @@ -966,7 +966,7 @@ void __init create_mapping_late(struct mm_struct *mm, struct map_desc *md,
> >       pud_t *pud;
> >
> >       p4d = p4d_alloc(mm, pgd_offset(mm, md->virtual), md->virtual);
> > -     if (!WARN_ON(!p4d))
> > +     if (WARN_ON(!p4d))
>
> It must have been cosmic radiation :)
>
> Reviewed-by: Mike Rapoport <rppt at linux.ibm.com>
>

Russell,

I have put this patch into the patch system on the 24th of June, and
it fixes a guaranteed boot crash on LPAE kernels booting via EFI.
Could you please merge it as a fix?

> >               return;
> >       pud = pud_alloc(mm, p4d, md->virtual);
> >       if (WARN_ON(!pud))
> > --
> > 2.27.0
> >
>
> --
> Sincerely yours,
> Mike.