x86/cpu_entry_area: Prevent wraparound in setup_cpu_entry_area_ptes() on 32bit
authorThomas Gleixner <tglx@linutronix.de>
Sat, 23 Dec 2017 18:45:11 +0000 (19:45 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 29 Dec 2017 16:53:45 +0000 (17:53 +0100)
commit f6c4fd506cb626e4346aa81688f255e593a7c5a0 upstream.

The loop which populates the CPU entry area PMDs can wrap around on 32bit
machines when the number of CPUs is small.

It worked wonderful for NR_CPUS=64 for whatever reason and the moron who
wrote that code did not bother to test it with !SMP.

Check for the wraparound to fix it.

Fixes: 92a0f81d8957 ("x86/cpu_entry_area: Move it out of the fixmap")
Reported-by: kernel test robot <fengguang.wu@intel.com>
Signed-off-by: Thomas "Feels stupid" Gleixner <tglx@linutronix.de>
Tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/mm/cpu_entry_area.c

index 21e8b595cbb12d6be0d39e502d1f0a26090454a2..fe814fd5e0140fbf7c4c1aacccc7993e89febbac 100644 (file)
@@ -122,7 +122,8 @@ static __init void setup_cpu_entry_area_ptes(void)
        start = CPU_ENTRY_AREA_BASE;
        end = start + CPU_ENTRY_AREA_MAP_SIZE;
 
-       for (; start < end; start += PMD_SIZE)
+       /* Careful here: start + PMD_SIZE might wrap around */
+       for (; start < end && start >= CPU_ENTRY_AREA_BASE; start += PMD_SIZE)
                populate_extra_pte(start);
 #endif
 }