commit e18aca0236a2dac4a134ace4685e97ad09d3605b · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Thomas Gleixner:
"Fixlets for x86:

- Prevent kexec crash when KASLR is enabled, which was caused by an
address calculation bug

- Restore the freeing of PUDs on memory hot remove

- Correct a negated pointer check in the intel uncore performance
monitoring driver

- Plug a memory leak in an error exit path in the RDT code"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/intel_rdt: Fix memory leak on mount failure
x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
x86/boot/KASLR: Add checking for the offset of kernel virtual address randomization
perf/x86/intel/uncore: Fix wrong box pointer check
x86/mm/hotplug: Fix BUG_ON() after hot-remove by not freeing PUD

Linus Torvalds 8 years ago e18aca02 a527bf61

+15 -10

6 changed files

expand all

unified split

arch

x86

boot

compressed

kaslr.c

misc.c

misc.h

events

intel

uncore.c

kernel

cpu

intel_rdt_rdtgroup.c

init_64.c

-3

arch/x86/boot/compressed/kaslr.c

··· 564 { 565 unsigned long random_addr, min_addr; 566 567 - /* By default, keep output position unchanged. */ 568 - *virt_addr = *output; 569 - 570 if (cmdline_find_option_bool("nokaslr")) { 571 warn("KASLR disabled: 'nokaslr' on cmdline."); 572 return;

··· 564 { 565 unsigned long random_addr, min_addr; 566 567 if (cmdline_find_option_bool("nokaslr")) { 568 warn("KASLR disabled: 'nokaslr' on cmdline."); 569 return;

+4 -2

arch/x86/boot/compressed/misc.c

··· 338 unsigned long output_len) 339 { 340 const unsigned long kernel_total_size = VO__end - VO__text; 341 - unsigned long virt_addr = (unsigned long)output; 342 343 /* Retain x86 boot parameters pointer passed from startup_32/64. */ 344 boot_params = rmode; ··· 390 #ifdef CONFIG_X86_64 391 if (heap > 0x3fffffffffffUL) 392 error("Destination address too large"); 393 #else 394 if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff)) 395 error("Destination address too large"); ··· 399 #ifndef CONFIG_RELOCATABLE 400 if ((unsigned long)output != LOAD_PHYSICAL_ADDR) 401 error("Destination address does not match LOAD_PHYSICAL_ADDR"); 402 - if ((unsigned long)output != virt_addr) 403 error("Destination virtual address changed when not relocatable"); 404 #endif 405

··· 338 unsigned long output_len) 339 { 340 const unsigned long kernel_total_size = VO__end - VO__text; 341 + unsigned long virt_addr = LOAD_PHYSICAL_ADDR; 342 343 /* Retain x86 boot parameters pointer passed from startup_32/64. */ 344 boot_params = rmode; ··· 390 #ifdef CONFIG_X86_64 391 if (heap > 0x3fffffffffffUL) 392 error("Destination address too large"); 393 + if (virt_addr + max(output_len, kernel_total_size) > KERNEL_IMAGE_SIZE) 394 + error("Destination virtual address is beyond the kernel mapping area"); 395 #else 396 if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff)) 397 error("Destination address too large"); ··· 397 #ifndef CONFIG_RELOCATABLE 398 if ((unsigned long)output != LOAD_PHYSICAL_ADDR) 399 error("Destination address does not match LOAD_PHYSICAL_ADDR"); 400 + if (virt_addr != LOAD_PHYSICAL_ADDR) 401 error("Destination virtual address changed when not relocatable"); 402 #endif 403

-2

arch/x86/boot/compressed/misc.h

··· 81 unsigned long output_size, 82 unsigned long *virt_addr) 83 { 84 - /* No change from existing output location. */ 85 - *virt_addr = *output; 86 } 87 #endif 88

··· 81 unsigned long output_size, 82 unsigned long *virt_addr) 83 { 84 } 85 #endif 86

+1 -1

arch/x86/events/intel/uncore.c

··· 1170 pmu = type->pmus; 1171 for (i = 0; i < type->num_boxes; i++, pmu++) { 1172 box = pmu->boxes[pkg]; 1173 - if (!box && atomic_inc_return(&box->refcnt) == 1) 1174 uncore_box_init(box); 1175 } 1176 }

··· 1170 pmu = type->pmus; 1171 for (i = 0; i < type->num_boxes; i++, pmu++) { 1172 box = pmu->boxes[pkg]; 1173 + if (box && atomic_inc_return(&box->refcnt) == 1) 1174 uncore_box_init(box); 1175 } 1176 }

+3 -1

arch/x86/kernel/cpu/intel_rdt_rdtgroup.c

··· 856 dentry = kernfs_mount(fs_type, flags, rdt_root, 857 RDTGROUP_SUPER_MAGIC, NULL); 858 if (IS_ERR(dentry)) 859 - goto out_cdp; 860 861 static_branch_enable(&rdt_enable_key); 862 goto out; 863 864 out_cdp: 865 cdp_disable(); 866 out:

··· 856 dentry = kernfs_mount(fs_type, flags, rdt_root, 857 RDTGROUP_SUPER_MAGIC, NULL); 858 if (IS_ERR(dentry)) 859 + goto out_destroy; 860 861 static_branch_enable(&rdt_enable_key); 862 goto out; 863 864 + out_destroy: 865 + kernfs_remove(kn_info); 866 out_cdp: 867 cdp_disable(); 868 out:

+7 -1

arch/x86/mm/init_64.c

··· 990 991 pud_base = pud_offset(p4d, 0); 992 remove_pud_table(pud_base, addr, next, direct); 993 - free_pud_table(pud_base, p4d); 994 } 995 996 if (direct)

··· 990 991 pud_base = pud_offset(p4d, 0); 992 remove_pud_table(pud_base, addr, next, direct); 993 + /* 994 + * For 4-level page tables we do not want to free PUDs, but in the 995 + * 5-level case we should free them. This code will have to change 996 + * to adapt for boot-time switching between 4 and 5 level page tables. 997 + */ 998 + if (CONFIG_PGTABLE_LEVELS == 5) 999 + free_pud_table(pud_base, p4d); 1000 } 1001 1002 if (direct)