[tip:x86/pti] x86/mm/pti: Add an overflow check to pti_clone_pmds()
From: tip-bot for Joerg Roedel
Date: Thu Jul 19 2018 - 19:32:07 EST
Commit-ID: 935232ce28dfabff1171e5a7113b2d865fa9ee63
Gitweb: https://git.kernel.org/tip/935232ce28dfabff1171e5a7113b2d865fa9ee63
Author: Joerg Roedel <jroedel@xxxxxxx>
AuthorDate: Wed, 18 Jul 2018 11:41:01 +0200
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitDate: Fri, 20 Jul 2018 01:11:43 +0200
x86/mm/pti: Add an overflow check to pti_clone_pmds()
The addr counter will overflow if the last PMD of the address space is
cloned, resulting in an endless loop.
Check for that and bail out of the loop when it happens.
Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Tested-by: Pavel Machek <pavel@xxxxxx>
Cc: "H . Peter Anvin" <hpa@xxxxxxxxx>
Cc: linux-mm@xxxxxxxxx
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
Cc: Juergen Gross <jgross@xxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Jiri Kosina <jkosina@xxxxxxx>
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Cc: Brian Gerst <brgerst@xxxxxxxxx>
Cc: David Laight <David.Laight@xxxxxxxxxx>
Cc: Denys Vlasenko <dvlasenk@xxxxxxxxxx>
Cc: Eduardo Valentin <eduval@xxxxxxxxxx>
Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Cc: aliguori@xxxxxxxxxx
Cc: daniel.gruss@xxxxxxxxxxxxxx
Cc: hughd@xxxxxxxxxx
Cc: keescook@xxxxxxxxxx
Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
Cc: Waiman Long <llong@xxxxxxxxxx>
Cc: "David H . Gutteridge" <dhgutteridge@xxxxxxxxxxxx>
Cc: joro@xxxxxxxxxx
Link: https://lkml.kernel.org/r/1531906876-13451-25-git-send-email-joro@xxxxxxxxxx
---
arch/x86/mm/pti.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 71fba17c9d7c..79217868dd13 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -297,6 +297,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear)
p4d_t *p4d;
pud_t *pud;
+ /* Overflow check */
+ if (addr < start)
+ break;
+
pgd = pgd_offset_k(addr);
if (WARN_ON(pgd_none(*pgd)))
return;