diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2017-12-23 19:45:11 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-12-29 17:53:45 +0100 |
| commit | 752d01704ad18371fa6d15ef16f5dea7972be821 (patch) | |
| tree | 88a5c3bb173c3d9d3bcfcdebdea06b18902c252a | |
| parent | 763f7eaf606281ccfaa2f95445219f797697ed70 (diff) | |
| download | linux-stable-752d01704ad18371fa6d15ef16f5dea7972be821.tar.gz linux-stable-752d01704ad18371fa6d15ef16f5dea7972be821.tar.bz2 linux-stable-752d01704ad18371fa6d15ef16f5dea7972be821.zip | |
x86/cpu_entry_area: Prevent wraparound in setup_cpu_entry_area_ptes() on 32bit
commit f6c4fd506cb626e4346aa81688f255e593a7c5a0 upstream.
The loop which populates the CPU entry area PMDs can wrap around on 32bit
machines when the number of CPUs is small.
It worked wonderful for NR_CPUS=64 for whatever reason and the moron who
wrote that code did not bother to test it with !SMP.
Check for the wraparound to fix it.
Fixes: 92a0f81d8957 ("x86/cpu_entry_area: Move it out of the fixmap")
Reported-by: kernel test robot <fengguang.wu@intel.com>
Signed-off-by: Thomas "Feels stupid" Gleixner <tglx@linutronix.de>
Tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | arch/x86/mm/cpu_entry_area.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c index 21e8b595cbb1..fe814fd5e014 100644 --- a/arch/x86/mm/cpu_entry_area.c +++ b/arch/x86/mm/cpu_entry_area.c @@ -122,7 +122,8 @@ static __init void setup_cpu_entry_area_ptes(void) start = CPU_ENTRY_AREA_BASE; end = start + CPU_ENTRY_AREA_MAP_SIZE; - for (; start < end; start += PMD_SIZE) + /* Careful here: start + PMD_SIZE might wrap around */ + for (; start < end && start >= CPU_ENTRY_AREA_BASE; start += PMD_SIZE) populate_extra_pte(start); #endif } |