[PATCH 24/39] x86/mm/pti: Add an overflow check to pti_clone_pmds()

From: Joerg Roedel
Date: Wed Jul 18 2018 - 05:43:27 EST

Next message: Joerg Roedel: "[PATCH 22/39] x86/mm/pae: Populate the user page-table with user pgd's"
Previous message: Joerg Roedel: "[PATCH 16/39] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled"
In reply to: tip-bot for Joerg Roedel: "[tip:x86/pti] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled"
Next in thread: tip-bot for Joerg Roedel: "[tip:x86/pti] x86/mm/pti: Add an overflow check to pti_clone_pmds()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joerg Roedel <jroedel@xxxxxxx>

The addr counter will overflow if we clone the last PMD of
the address space, resulting in an endless loop.

Check for that and bail out of the loop when it happens.

Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
---
arch/x86/mm/pti.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index f512222..dc02fd4 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -297,6 +297,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear)
p4d_t *p4d;
pud_t *pud;

+ /* Overflow check */
+ if (addr < start)
+ break;
+
pgd = pgd_offset_k(addr);
if (WARN_ON(pgd_none(*pgd)))
return;
--
2.7.4

Next message: Joerg Roedel: "[PATCH 22/39] x86/mm/pae: Populate the user page-table with user pgd's"
Previous message: Joerg Roedel: "[PATCH 16/39] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled"
In reply to: tip-bot for Joerg Roedel: "[tip:x86/pti] x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled"
Next in thread: tip-bot for Joerg Roedel: "[tip:x86/pti] x86/mm/pti: Add an overflow check to pti_clone_pmds()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]