mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-14 12:37:32 +00:00
f2e58b0414
commit ccde460b9a
upstream.
memory_corruption_check[{_period|_size}]()'s handlers do not check input
argument before passing it to kstrtoul() or simple_strtoull(). The argument
would be a NULL pointer if each of the kernel parameters, without its
value, is set in command line and thus cause the following panic.
PANIC: early exception 0xe3 IP 10:ffffffff73587c22 error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #2
[ 0.000000] RIP: 0010:kstrtoull+0x2/0x10
...
[ 0.000000] Call Trace
[ 0.000000] ? set_corruption_check+0x21/0x49
[ 0.000000] ? do_early_param+0x4d/0x82
[ 0.000000] ? parse_args+0x212/0x330
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_options+0x20/0x23
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_param+0x2d/0x39
[ 0.000000] ? setup_arch+0x2f7/0xbf4
[ 0.000000] ? start_kernel+0x5e/0x4c2
[ 0.000000] ? load_ucode_bsp+0x113/0x12f
[ 0.000000] ? secondary_startup_64+0xa5/0xb0
This patch adds checks to prevent the panic.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: gregkh@linuxfoundation.org
Cc: kstewart@linuxfoundation.org
Cc: pombredanne@nexb.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1534260823-87917-1-git-send-email-zhe.he@windriver.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
183 lines
4.2 KiB
C
183 lines
4.2 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <linux/init.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/kthread.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/memblock.h>
|
|
|
|
#include <asm/proto.h>
|
|
|
|
/*
|
|
* Some BIOSes seem to corrupt the low 64k of memory during events
|
|
* like suspend/resume and unplugging an HDMI cable. Reserve all
|
|
* remaining free memory in that area and fill it with a distinct
|
|
* pattern.
|
|
*/
|
|
#define MAX_SCAN_AREAS 8
|
|
|
|
static int __read_mostly memory_corruption_check = -1;
|
|
|
|
static unsigned __read_mostly corruption_check_size = 64*1024;
|
|
static unsigned __read_mostly corruption_check_period = 60; /* seconds */
|
|
|
|
static struct scan_area {
|
|
u64 addr;
|
|
u64 size;
|
|
} scan_areas[MAX_SCAN_AREAS];
|
|
static int num_scan_areas;
|
|
|
|
static __init int set_corruption_check(char *arg)
|
|
{
|
|
ssize_t ret;
|
|
unsigned long val;
|
|
|
|
if (!arg) {
|
|
pr_err("memory_corruption_check config string not provided\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
ret = kstrtoul(arg, 10, &val);
|
|
if (ret)
|
|
return ret;
|
|
|
|
memory_corruption_check = val;
|
|
return 0;
|
|
}
|
|
early_param("memory_corruption_check", set_corruption_check);
|
|
|
|
static __init int set_corruption_check_period(char *arg)
|
|
{
|
|
ssize_t ret;
|
|
unsigned long val;
|
|
|
|
if (!arg) {
|
|
pr_err("memory_corruption_check_period config string not provided\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
ret = kstrtoul(arg, 10, &val);
|
|
if (ret)
|
|
return ret;
|
|
|
|
corruption_check_period = val;
|
|
return 0;
|
|
}
|
|
early_param("memory_corruption_check_period", set_corruption_check_period);
|
|
|
|
static __init int set_corruption_check_size(char *arg)
|
|
{
|
|
char *end;
|
|
unsigned size;
|
|
|
|
if (!arg) {
|
|
pr_err("memory_corruption_check_size config string not provided\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
size = memparse(arg, &end);
|
|
|
|
if (*end == '\0')
|
|
corruption_check_size = size;
|
|
|
|
return (size == corruption_check_size) ? 0 : -EINVAL;
|
|
}
|
|
early_param("memory_corruption_check_size", set_corruption_check_size);
|
|
|
|
|
|
void __init setup_bios_corruption_check(void)
|
|
{
|
|
phys_addr_t start, end;
|
|
u64 i;
|
|
|
|
if (memory_corruption_check == -1) {
|
|
memory_corruption_check =
|
|
#ifdef CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
|
|
1
|
|
#else
|
|
0
|
|
#endif
|
|
;
|
|
}
|
|
|
|
if (corruption_check_size == 0)
|
|
memory_corruption_check = 0;
|
|
|
|
if (!memory_corruption_check)
|
|
return;
|
|
|
|
corruption_check_size = round_up(corruption_check_size, PAGE_SIZE);
|
|
|
|
for_each_free_mem_range(i, NUMA_NO_NODE, MEMBLOCK_NONE, &start, &end,
|
|
NULL) {
|
|
start = clamp_t(phys_addr_t, round_up(start, PAGE_SIZE),
|
|
PAGE_SIZE, corruption_check_size);
|
|
end = clamp_t(phys_addr_t, round_down(end, PAGE_SIZE),
|
|
PAGE_SIZE, corruption_check_size);
|
|
if (start >= end)
|
|
continue;
|
|
|
|
memblock_reserve(start, end - start);
|
|
scan_areas[num_scan_areas].addr = start;
|
|
scan_areas[num_scan_areas].size = end - start;
|
|
|
|
/* Assume we've already mapped this early memory */
|
|
memset(__va(start), 0, end - start);
|
|
|
|
if (++num_scan_areas >= MAX_SCAN_AREAS)
|
|
break;
|
|
}
|
|
|
|
if (num_scan_areas)
|
|
printk(KERN_INFO "Scanning %d areas for low memory corruption\n", num_scan_areas);
|
|
}
|
|
|
|
|
|
void check_for_bios_corruption(void)
|
|
{
|
|
int i;
|
|
int corruption = 0;
|
|
|
|
if (!memory_corruption_check)
|
|
return;
|
|
|
|
for (i = 0; i < num_scan_areas; i++) {
|
|
unsigned long *addr = __va(scan_areas[i].addr);
|
|
unsigned long size = scan_areas[i].size;
|
|
|
|
for (; size; addr++, size -= sizeof(unsigned long)) {
|
|
if (!*addr)
|
|
continue;
|
|
printk(KERN_ERR "Corrupted low memory at %p (%lx phys) = %08lx\n",
|
|
addr, __pa(addr), *addr);
|
|
corruption = 1;
|
|
*addr = 0;
|
|
}
|
|
}
|
|
|
|
WARN_ONCE(corruption, KERN_ERR "Memory corruption detected in low memory\n");
|
|
}
|
|
|
|
static void check_corruption(struct work_struct *dummy);
|
|
static DECLARE_DELAYED_WORK(bios_check_work, check_corruption);
|
|
|
|
static void check_corruption(struct work_struct *dummy)
|
|
{
|
|
check_for_bios_corruption();
|
|
schedule_delayed_work(&bios_check_work,
|
|
round_jiffies_relative(corruption_check_period*HZ));
|
|
}
|
|
|
|
static int start_periodic_check_for_corruption(void)
|
|
{
|
|
if (!num_scan_areas || !memory_corruption_check || corruption_check_period == 0)
|
|
return 0;
|
|
|
|
printk(KERN_INFO "Scanning for low memory corruption every %d seconds\n",
|
|
corruption_check_period);
|
|
|
|
/* First time we run the checks right away */
|
|
schedule_delayed_work(&bios_check_work, 0);
|
|
return 0;
|
|
}
|
|
device_initcall(start_periodic_check_for_corruption);
|
|
|