Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2502541imm; Mon, 24 Sep 2018 05:33:52 -0700 (PDT) X-Google-Smtp-Source: ACcGV62Zxy4BgF+ez7JzGvu1uU8cN6sPrqeYWqaYmFDm7lWSGLVFW+ktX1ILmQNc0WQx7ReC7rN5 X-Received: by 2002:a62:2d4:: with SMTP id 203-v6mr8869783pfc.100.1537792432133; Mon, 24 Sep 2018 05:33:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537792432; cv=none; d=google.com; s=arc-20160816; b=0vCxI0P11yKcbeRysZT9sPpwFf6IJkER7/TEtntz79auNPuT1Gxj1k+mlKRlDvD5ke oDSIvUcUe852+LenZtoe82EA6IojFL+s9k6b2eYSPSuloGui+ZyG/yxuHGqAhvYPFC4j XTKwFXSUHab8bU4dNiIuhrDqtNGgphU3d+lKry3d4JWtOifgxeq3M0rrYKLli/IuDYTN PnMEVn+nYB0SfHocMmjx4MB8ySstWQmctyuPlZP8Zw8As9ewFuqmC0cHMOBER6WusTkf HvTGgB0CNqhqplGK6E2iE0fg/SXNjZvCT/Ia+FXPAlSQStOI6Qh+s8aKqQ1jWi3SiMcY H8Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=5LMaYms4ckNSVhzzMDcK3TWfvGO6y9FC1eL+CT/nMYY=; b=Yx+UegOy8IWbAihpglkXcDnE1Zbzi8hL8vbQQYg0EH430E9LW11MTw1EofoZZed19D +1f7ld4vniFkiC811N5bArnAwBJo8Adn/C6d94ttuFrmwDRQtiO6men866EkB63opHAV wRQraepguc7WsNv8wlA7Y5pq7lJSydvJ/OZ8LDw+4WXfePJ5duqwRhdtej4GFd1DyN17 CVUInhA/eNw7XoJ3xbSNqKTea7Q8osNArk34M3gi6ZJdPqPD+k57Y7l3x3b4sA2zYP9c 4pFgXgPh0J1YgdgpmtNZSGXTP3++mgQHRGPeBzY+1mvM3HT/br9AFuAzM+rjJmF42QTC jUQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d71-v6si19609467pfg.115.2018.09.24.05.33.36; Mon, 24 Sep 2018 05:33:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388198AbeIXSeh (ORCPT + 99 others); Mon, 24 Sep 2018 14:34:37 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:58270 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729816AbeIXSeh (ORCPT ); Mon, 24 Sep 2018 14:34:37 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id D0A4C1099; Mon, 24 Sep 2018 12:32:40 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Joerg Roedel , Thomas Gleixner , Pavel Machek , "H . Peter Anvin" , linux-mm@kvack.org, Linus Torvalds , Andy Lutomirski , Dave Hansen , Josh Poimboeuf , Juergen Gross , Peter Zijlstra , Borislav Petkov , Jiri Kosina , Boris Ostrovsky , Brian Gerst , David Laight , Denys Vlasenko , Eduardo Valentin , Will Deacon , aliguori@amazon.com, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, Andrea Arcangeli , Waiman Long , "David H . Gutteridge" , joro@8bytes.org, Sasha Levin Subject: [PATCH 4.18 096/235] x86/mm/pti: Add an overflow check to pti_clone_pmds() Date: Mon, 24 Sep 2018 13:51:22 +0200 Message-Id: <20180924113114.858873958@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180924113103.999624566@linuxfoundation.org> References: <20180924113103.999624566@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Joerg Roedel [ Upstream commit 935232ce28dfabff1171e5a7113b2d865fa9ee63 ] The addr counter will overflow if the last PMD of the address space is cloned, resulting in an endless loop. Check for that and bail out of the loop when it happens. Signed-off-by: Joerg Roedel Signed-off-by: Thomas Gleixner Tested-by: Pavel Machek Cc: "H . Peter Anvin" Cc: linux-mm@kvack.org Cc: Linus Torvalds Cc: Andy Lutomirski Cc: Dave Hansen Cc: Josh Poimboeuf Cc: Juergen Gross Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Jiri Kosina Cc: Boris Ostrovsky Cc: Brian Gerst Cc: David Laight Cc: Denys Vlasenko Cc: Eduardo Valentin Cc: Greg KH Cc: Will Deacon Cc: aliguori@amazon.com Cc: daniel.gruss@iaik.tugraz.at Cc: hughd@google.com Cc: keescook@google.com Cc: Andrea Arcangeli Cc: Waiman Long Cc: "David H . Gutteridge" Cc: joro@8bytes.org Link: https://lkml.kernel.org/r/1531906876-13451-25-git-send-email-joro@8bytes.org Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- arch/x86/mm/pti.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -306,6 +306,10 @@ pti_clone_pmds(unsigned long start, unsi p4d_t *p4d; pud_t *pud; + /* Overflow check */ + if (addr < start) + break; + pgd = pgd_offset_k(addr); if (WARN_ON(pgd_none(*pgd))) return;