www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
	Wed, 16 Oct 2024 11:14:55 +0000 (14:14 +0300)
committer	Ingo Molnar <mingo@kernel.org>
	Wed, 19 Mar 2025 10:12:29 +0000 (11:12 +0100)
commit	f666c92090a41ac5524dade63ff96b3adcf8c2ab
tree	59f38aab723df4180daf50d1ab224bc0ee2c4132	tree
parent	775d37d8f01ea1349be8bd7cc8651b51814c48df	commit \| diff

x86/mm/ident_map: Fix theoretical virtual address overflow to zero

The current calculation of the 'next' virtual address in the
page table initialization functions in arch/x86/mm/ident_map.c
doesn't protect against wrapping to zero.

This is a theoretical issue that cannot happen currently,
the problematic case is possible only if the user sets a
high enough x86_mapping_info::offset value - which no
current code in the upstream kernel does.

( The wrapping to zero only occurs if the top PGD entry is accessed.
  There are no such users upstream. Only hibernate_64.c uses
  x86_mapping_info::offset, and it operates on the direct mapping
  range, which is not the top PGD entry. )

Should such an overflow happen, it can result in page table
corruption and a hang.

To future-proof this code, replace the manual 'next' calculation
with p?d_addr_end() which handles wrapping correctly.

[ Backporter's note: there's no need to backport this patch. ]

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/20241016111458.846228-2-kirill.shutemov@linux.intel.com