x86/e820: Fix very large 'size' handling boundary condition

The (start, size) tuple represents a range [start, start + size - 1],
which means "start" and "start + size - 1" should be compared to see
whether the range overflows.

For example, a range with (start, size):

	(0xffffffff fffffff0, 0x00000000 00000010)

represents

	[0xffffffff fffffff0, 0xffffffff ffffffff]

... would be judged overflow in the original code, while actually it is not.

This patch fixes this and makes sure it still works when size is zero.

Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yinghai@kernel.org
Link: http://lkml.kernel.org/r/1471657213-31817-1-git-send-email-richard.weiyang@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>

diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
index 621b501f89351146b84b090b7160166bb9d5907e..871f1863457dccdf2fdcdf310aae774ab1b3c9d2 100644 (file)
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -388,11 +388,11 @@ static int __init __append_e820_map(struct e820entry *biosmap, int nr_map)
        while (nr_map) {
                u64 start = biosmap->addr;
                u64 size = biosmap->size;
-               u64 end = start + size;
+               u64 end = start + size - 1;
                u32 type = biosmap->type;
 
                /* Overflow in 64 bits? Ignore the memory map. */
-               if (start > end)
+               if (start > end && likely(size))
                        return -1;
 
                e820_add_region(start, size, type);