riscv: Fix wrong usage of lm_alias() when splitting a huge linear mapping

commit c29fc621e1a49949a14c7fa031dd4760087bfb29 upstream.

lm_alias() can only be used on kernel mappings since it explicitly uses
__pa_symbol(), so simply fix this by checking where the address belongs
to before.

Fixes: 311cd2f6e253 ("riscv: Fix set_memory_XX() and set_direct_map_XX() by splitting huge linear mappings")
Reported-by: syzbot+afb726d49f84c8d95ee1@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-riscv/000000000000620dd0060c02c5e1@google.com/
Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Link: https://lore.kernel.org/r/20231212195400.128457-1-alexghiti@rivosinc.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c
index e703a9b..01398fe 100644 (file)
--- a/arch/riscv/mm/pageattr.c
+++ b/arch/riscv/mm/pageattr.c
@@ -305,8 +305,13 @@ static int __set_memory(unsigned long addr, int numpages, pgprot_t set_mask,
                                goto unlock;
                }
        } else if (is_kernel_mapping(start) || is_linear_mapping(start)) {
-               lm_start = (unsigned long)lm_alias(start);
-               lm_end = (unsigned long)lm_alias(end);
+               if (is_kernel_mapping(start)) {
+                       lm_start = (unsigned long)lm_alias(start);
+                       lm_end = (unsigned long)lm_alias(end);
+               } else {
+                       lm_start = start;
+                       lm_end = end;
+               }
 
                ret = split_linear_mapping(lm_start, lm_end);
                if (ret)