x86/speculation/l1tf: Extend 64bit swap file size limit

The previous patch has limited swap file size so that large offsets cannot
clear bits above MAX_PA/2 in the pte and interfere with L1TF mitigation.

It assumed that offsets are encoded starting with bit 12, same as pfn. But
on x86_64, offsets are encoded starting with bit 9.

Thus the limit can be raised by 3 bits. That means 16TB with 42bit MAX_PA
and 256TB with 46bit MAX_PA.

Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Orabug: 28220674
CVE: CVE-2018-3620

(cherry picked from commit 1a7ed1ba4bba6c075d5ad61bb75e3fbc870840d6)

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 9880dc4d7dfd27f3a369d6f918e05d23f83ac177..4dc599f536cf7db4b195be518bd70d86d3d3f72c 100644 (file)
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -777,7 +777,15 @@ unsigned long max_swapfile_size(void)
 
        if (boot_cpu_has_bug(X86_BUG_L1TF)) {
                /* Limit the swap file size to MAX_PA/2 for L1TF workaround */
-               pages = min_t(unsigned long, l1tf_pfn_limit() + 1, pages);
+               unsigned long l1tf_limit = l1tf_pfn_limit() + 1;
+               /*
+                * We encode swap offsets also with 3 bits below those for pfn
+                * which makes the usable limit higher.
+                */
+#ifdef CONFIG_X86_64
+               l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT;
+#endif
+               pages = min_t(unsigned long, l1tf_limit, pages);
        }
        return pages;
 }