Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751824AbeAPQvD (ORCPT + 1 other); Tue, 16 Jan 2018 11:51:03 -0500 Received: from 8bytes.org ([81.169.241.247]:54792 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751390AbeAPQse (ORCPT ); Tue, 16 Jan 2018 11:48:34 -0500 From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 13/16] x86/mm/pti: Add an overflow check to pti_clone_pmds() Date: Tue, 16 Jan 2018 17:36:56 +0100 Message-Id: <1516120619-1159-14-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516120619-1159-1-git-send-email-joro@8bytes.org> References: <1516120619-1159-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: From: Joerg Roedel The addr counter will overflow if we clone the last PMD of the address space, resulting in an endless loop. Check for that and bail out of the loop when it happens. Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index a561b5625d6c..faea5faeddc5 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -293,6 +293,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) p4d_t *p4d; pud_t *pud; + /* Overflow check */ + if (addr < start) + break; + pgd = pgd_offset_k(addr); if (WARN_ON(pgd_none(*pgd))) return; -- 2.13.6