[PATCH 13/16] x86/mm/pti: Add an overflow check to pti_clone_pmds()

From: Joerg Roedel
Date: Tue Jan 16 2018 - 11:51:33 EST

Next message: Noralf TrÃnnes: "Re: [PATCH v16 02/10] drm/tinydrm: Convert tinydrm_enable/disable_backlight to backlight_enable/disable"
Previous message: Joerg Roedel: "[RFC PATCH 00/16] PTI support for x86-32"
In reply to: Thomas Gleixner: "Re: [PATCH 01/16] x86/entry/32: Rename TSS_sysenter_sp0 to TSS_sysenter_stack"
Next in thread: Joerg Roedel: "[PATCH 07/16] x86/mm: Move two more functions from pgtable_64.h to pgtable.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joerg Roedel <jroedel@xxxxxxx>

The addr counter will overflow if we clone the last PMD of
the address space, resulting in an endless loop.

Check for that and bail out of the loop when it happens.

Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
---
arch/x86/mm/pti.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index a561b5625d6c..faea5faeddc5 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -293,6 +293,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear)
p4d_t *p4d;
pud_t *pud;

+ /* Overflow check */
+ if (addr < start)
+ break;
+
pgd = pgd_offset_k(addr);
if (WARN_ON(pgd_none(*pgd)))
return;
--
2.13.6

Next message: Noralf TrÃnnes: "Re: [PATCH v16 02/10] drm/tinydrm: Convert tinydrm_enable/disable_backlight to backlight_enable/disable"
Previous message: Joerg Roedel: "[RFC PATCH 00/16] PTI support for x86-32"
In reply to: Thomas Gleixner: "Re: [PATCH 01/16] x86/entry/32: Rename TSS_sysenter_sp0 to TSS_sysenter_stack"
Next in thread: Joerg Roedel: "[PATCH 07/16] x86/mm: Move two more functions from pgtable_64.h to pgtable.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]