git.hungrycats.org Git - linux/commit

author	Andi Kleen <ak@linux.intel.com>
	Wed, 13 Jun 2018 22:48:28 +0000 (15:48 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Aug 2018 16:11:00 +0000 (18:11 +0200)
commit	ad71fbdf4f0e0fcd76454e2dcbeac8af4c3b7763
tree	b9f0db73fe542f1030c6eb377e97b00bc84b662c	tree \| snapshot
parent	4880e94df0dc52f8d360293f3f4411348d9970f6	commit \| diff

x86/speculation/l1tf: Limit swap file size to MAX_PA/2

commit 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb upstream

For the L1TF workaround its necessary to limit the swap file size to below
MAX_PA/2, so that the higher bits of the swap offset inverted never point
to valid memory.

Add a mechanism for the architecture to override the swap file size check
in swapfile.c and add a x86 specific max swapfile check function that
enforces that limit.

The check is only enabled if the CPU is vulnerable to L1TF.

In VMs with 42bit MAX_PA the typical limit is 2TB now, on a native system
with 46bit PA it is 32TB. The limit is only per individual swap file, so
it's always possible to exceed these limits with multiple swap files or
partitions.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/x86/mm/init.c		diff \| blob \| history
include/linux/swapfile.h		diff \| blob \| history
mm/swapfile.c		diff \| blob \| history