From: Joerg Roedel <jroe...@suse.de> [ Upstream commit 935232ce28dfabff1171e5a7113b2d865fa9ee63 ]
The addr counter will overflow if the last PMD of the address space is cloned, resulting in an endless loop. Check for that and bail out of the loop when it happens. Signed-off-by: Joerg Roedel <jroe...@suse.de> Signed-off-by: Thomas Gleixner <t...@linutronix.de> Tested-by: Pavel Machek <pa...@ucw.cz> Cc: "H . Peter Anvin" <h...@zytor.com> Cc: linux...@kvack.org Cc: Linus Torvalds <torva...@linux-foundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Dave Hansen <dave.han...@intel.com> Cc: Josh Poimboeuf <jpoim...@redhat.com> Cc: Juergen Gross <jgr...@suse.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc: Borislav Petkov <b...@alien8.de> Cc: Jiri Kosina <jkos...@suse.cz> Cc: Boris Ostrovsky <boris.ostrov...@oracle.com> Cc: Brian Gerst <brge...@gmail.com> Cc: David Laight <david.lai...@aculab.com> Cc: Denys Vlasenko <dvlas...@redhat.com> Cc: Eduardo Valentin <edu...@amazon.com> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Will Deacon <will.dea...@arm.com> Cc: aligu...@amazon.com Cc: daniel.gr...@iaik.tugraz.at Cc: hu...@google.com Cc: keesc...@google.com Cc: Andrea Arcangeli <aarca...@redhat.com> Cc: Waiman Long <ll...@redhat.com> Cc: "David H . Gutteridge" <dhgutteri...@sympatico.ca> Cc: j...@8bytes.org Link: https://lkml.kernel.org/r/1531906876-13451-25-git-send-email-j...@8bytes.org Signed-off-by: Sasha Levin <alexander.le...@microsoft.com> --- arch/x86/mm/pti.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 7786ab306225..b07e3ffc5ac5 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -291,6 +291,10 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) p4d_t *p4d; pud_t *pud; + /* Overflow check */ + if (addr < start) + break; + pgd = pgd_offset_k(addr); if (WARN_ON(pgd_none(*pgd))) return; -- 2.17.1