Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp394804imm; Wed, 11 Jul 2018 04:31:17 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeq3LQecGzi4gKk73tX04bbzVWYV2hKb1ioEUrRu7xtiINszmbWxUn6Wa72iw+qNNaTZn5u X-Received: by 2002:a63:175b:: with SMTP id 27-v6mr22971833pgx.31.1531308677731; Wed, 11 Jul 2018 04:31:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531308677; cv=none; d=google.com; s=arc-20160816; b=z1jGu3XzHlBeWiaJizjerF/Rr1inaboJqG60VgzddL8RtIXaNhmdMy9AE5gHwmIGSb 3J68Z8AW+9bl/SNaMe2swLjDFbEva1YM7z03PqUV0BUD1ueaeqXI5mR45SjUM1B4/DDD wZoDL+HAR2TjK47HSGkwkyNvPp0GOcO9mrRZw96k9XCyB44sTJ8xILMJYMtowgTRAyD2 jShsNMeTTn4ZLORI2QL6MRwGz3KCUGZhge4WptyT+R9aE9MKkRTB/Nz7560fK1xEqJC/ wwvTNWJWdiyQZszKD5yOX8YXabpHuoGoy4XRyjB0jVWdMVpJfz6XMAimAtaUxCTOfDbv omwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=KIBsnwEP+43vhTh1Iluta+0HkmzOIXd2V1RUuYnU6lM=; b=NS6mXpWr27MKzwm7D6SwoleU+RTKRGbcX1UDE9mQgfnaTSEyOCQXcXMwQdX7mkKIPx ZTCeR8S/J8FLoLQ/ywpt3FsayVdw1Kxwjb7qSlKHQwdUu3UhiAJqKNXZasSFCGpggRXw i+pjcL82QjNicjhVS1CszXIDQz0R96I6Ow3mirzp3uofCJSMOPwP1yjeUHjybtF29k4+ RyUNl8Vy4QUyhyJzTg4mvaq+SB/OkaND2Z2v+evnIbFDaoVR7aX9/Wym4pavSXSoSJpu +c6Kb4MGW5ziaHC37lWs4om78C1QVxPxyvwo1a+KEwraOXYvCpimyckPy4PAl7KgcYDr dQgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=YJPK2dVi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 97-v6si19427199pla.155.2018.07.11.04.31.02; Wed, 11 Jul 2018 04:31:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=YJPK2dVi; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733006AbeGKLeK (ORCPT + 99 others); Wed, 11 Jul 2018 07:34:10 -0400 Received: from 8bytes.org ([81.169.241.247]:37844 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732981AbeGKLeJ (ORCPT ); Wed, 11 Jul 2018 07:34:09 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id CFA61AF1; Wed, 11 Jul 2018 13:30:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1531308605; bh=ZUviePOIgsE5gr4utevp7AAlceBk2UMlvJXiUAzZDAo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YJPK2dVikT1QTf11eAOH6cpGO/plvjWVTnhAhHQRXXRmN8fic3Xm3fxwOSuiCTKUV kIrW0RN8Uktoee7yFRs6qi8LRYOi3Ropmi4Nc45NzBaYPugye9wv6qk7vZ8mhYW2qC Uw0Zmm3G58VBApBlM6yTZduxMKepwhNBj5aMkaT4+2z/Q8c07V3SHaQV8Ip4oOQABd N+vlAksWg/ok5Fnw/rkAUgMkKzMzAsXp3+puj8KkJ4Fv0RweVvSxJKSO9qxrrIrXBZ jDa1tyZQTdJMdu1VfduC83myP5G1/ys0sl4A0ZSqEZ+NDT3Zesfv1XmGe0B9MFoqj1 h7FTpxh3pP4pQ== From: Joerg Roedel To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Greg KH , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , Pavel Machek , "David H . Gutteridge" , jroedel@suse.de, joro@8bytes.org Subject: [PATCH 24/39] x86/mm/pti: Add an overflow check to pti_clone_pmds() Date: Wed, 11 Jul 2018 13:29:31 +0200 Message-Id: <1531308586-29340-25-git-send-email-joro@8bytes.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1531308586-29340-1-git-send-email-joro@8bytes.org> References: <1531308586-29340-1-git-send-email-joro@8bytes.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Joerg Roedel The addr counter will overflow if we clone the last PMD of the address space, resulting in an endless loop. Check for that and bail out of the loop when it happens. Signed-off-by: Joerg Roedel --- arch/x86/mm/pti.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index f512222..dc02fd4 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -297,6 +297,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) p4d_t *p4d; pud_t *pud; + /* Overflow check */ + if (addr < start) + break; + pgd = pgd_offset_k(addr); if (WARN_ON(pgd_none(*pgd))) return; -- 2.7.4