summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAndi Kleen <ak@linux.intel.com>2018-06-14 00:48:28 +0200
committerThomas Gleixner <tglx@linutronix.de>2018-06-20 19:10:01 +0200
commit377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb (patch)
tree05848bf81eb28216c7a95870d8658d6f0151cccf /include
parentx86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (diff)
downloadlinux-377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb.tar.xz
linux-377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb.zip
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
For the L1TF workaround its necessary to limit the swap file size to below MAX_PA/2, so that the higher bits of the swap offset inverted never point to valid memory. Add a mechanism for the architecture to override the swap file size check in swapfile.c and add a x86 specific max swapfile check function that enforces that limit. The check is only enabled if the CPU is vulnerable to L1TF. In VMs with 42bit MAX_PA the typical limit is 2TB now, on a native system with 46bit PA it is 32TB. The limit is only per individual swap file, so it's always possible to exceed these limits with multiple swap files or partitions. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Dave Hansen <dave.hansen@intel.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/swapfile.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/swapfile.h b/include/linux/swapfile.h
index 06bd7b096167..e06febf62978 100644
--- a/include/linux/swapfile.h
+++ b/include/linux/swapfile.h
@@ -10,5 +10,7 @@ extern spinlock_t swap_lock;
extern struct plist_head swap_active_head;
extern struct swap_info_struct *swap_info[];
extern int try_to_unuse(unsigned int, bool, unsigned long);
+extern unsigned long generic_max_swapfile_size(void);
+extern unsigned long max_swapfile_size(void);
#endif /* _LINUX_SWAPFILE_H */