Received: by 10.192.165.148 with SMTP id m20csp3581095imm; Mon, 23 Apr 2018 08:53:00 -0700 (PDT) X-Google-Smtp-Source: AIpwx49T/ddttMiEK4gWjrsyHvO395zkJet8OHwT1phqgta/5Pn6cy+Y2wP/UxAiyB+i+e20u/7I X-Received: by 2002:a17:902:4303:: with SMTP id i3-v6mr22087164pld.394.1524498780334; Mon, 23 Apr 2018 08:53:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524498780; cv=none; d=google.com; s=arc-20160816; b=mdwmvPqB0TzWyxqwWHPZogHUv1kVFtS7/swew6ivn8xpl/lxMGk6glaNC/nLHCGBlZ 3VeGVYl8IUOKAcbqqihRyK90djb4ev+BMlLMkfKBA7Pnxrl5q6GPdAP2XxYAdJp7ggAP hhoDirqBOko/aOMCx/V//AIxbZM9hNHphlJelgt9HLaP6CPc2qYEribYsk7O/DN//6VR gYdvjRBlbl3mUws6FHaD/hzmttnHrZFouO5BM4mBsl/1ueRwoUAmabGE90lXaQilxKjk pD1uqUFie609h4yJ+p0CC/B10nztUZCaHOC4yFAD3T1siK+UKiicLn/xga64MIudqtUO vcjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=02ZYST3vL3TajOm1Vb8AN5LojMZtoSkZRi5vbIS2byQ=; b=PwLdVVm/6Ausgn1y2qsX1Jqd/A+vJcTIV1fCqFRJAS0RE+SqAFq9Li5G0PMy3Ph9Zi HVPYIBqsa4hugGVbCJ+jUnoO1xXxjeWgwtZ0R8+F/Kg5ugZtPOQ5L+/Ys9rAlGKCEdIS 6dmTTNL5AaPmn4/MTFb0ecunJrevB8LE9AwJrqVbQOgA3uBjLvAfMl7rDNUwy1kxjhfn nkUQHOvio9YwHO37zR16uPTDDC3tdshQGwc+qDQdXqUXT8WB7azC+d3+Z4v83dTeTsI3 cmhjvoQKLb/UByoCFMJ/7r9j1BWMije1ZxcUgR3EHYqGl9PGuLMdcAtZFgo5ERDdHoYn JqvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=Q911HJj8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n2si10021704pgs.500.2018.04.23.08.52.45; Mon, 23 Apr 2018 08:53:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=Q911HJj8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932205AbeDWPvE (ORCPT + 99 others); Mon, 23 Apr 2018 11:51:04 -0400 Received: from 8bytes.org ([81.169.241.247]:60748 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754992AbeDWPsB (ORCPT ); Mon, 23 Apr 2018 11:48:01 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id A66AFA6C; Mon, 23 Apr 2018 17:47:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1524498468; bh=xn5pNPiTRCyYPTTAMp1aA8vj8W7yd3mAgFqUBkGzR9c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q911HJj8TpH+9P9eYMYLFggaU1UgqOCyKC2pATXzpVO8QZtsd9V0sWugxbIuVtYwC U3ApQuLoB+Pm2HRo6BjOjqbFi6qRb3iIk/CZTlw+c/huy1xyuVHas8iJr3P5HSr6TY L2yUSe+2+jMEt+MZ/3aJQY92awHeRkMv1VPwxVvzQeVb8qjNGdNsu/qKpqBjMqcKXL NV2ys/n4Xr9PVzy8lWrJfeuH7nGIbAzuXS5hIfepnx+XGh5tN2+Dydt9/kmKgkp6Tx jSGdbjpQxHnJ8PIci0mp9dvDcCmrbS8xaQaUPHcnT4JRdfh+Otq0bmlITzfWXsQQbp obAwsmJT97gKQ== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , "David H . Gutteridge" , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 24/37] x86/mm/pti: Add an overflow check to pti_clone_pmds() Date: Mon, 23 Apr 2018 17:47:27 +0200 Message-Id: <1524498460-25530-25-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1524498460-25530-1-git-send-email-joro@8bytes.org> References: <1524498460-25530-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The addr counter will overflow if we clone the last PMD of the address space, resulting in an endless loop. Check for that and bail out of the loop when it happens. Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 9bea9c3..f967b51 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -297,6 +297,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) p4d_t *p4d; pud_t *pud; + /* Overflow check */ + if (addr < start) + break; + pgd = pgd_offset_k(addr); if (WARN_ON(pgd_none(*pgd))) return; -- 2.7.4