From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Jiang Biao <jiang.biao2@zte.com.cn>,
Thomas Gleixner <tglx@linutronix.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"luto@kernel.org" <luto@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"albcamus@gmail.com" <albcamus@gmail.com>,
"zhong.weidong@zte.com.cn" <zhong.weidong@zte.com.cn>,
Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.14 65/67] x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
Date: Fri, 7 Sep 2018 00:38:07 +0000 [thread overview]
Message-ID: <20180907003716.57737-65-alexander.levin@microsoft.com> (raw)
In-Reply-To: <20180907003716.57737-1-alexander.levin@microsoft.com>
From: Jiang Biao <jiang.biao2@zte.com.cn>
[ Upstream commit b2b7d986a89b6c94b1331a909de1217214fb08c1 ]
pti_user_pagetable_walk_p4d() can return NULL, so the return value should
be checked to prevent a NULL pointer dereference.
Add the check and a warning when the P4D allocation fails.
Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: dave.hansen@linux.intel.com
Cc: luto@kernel.org
Cc: hpa@zytor.com
Cc: albcamus@gmail.com
Cc: zhong.weidong@zte.com.cn
Link: https://lkml.kernel.org/r/1532045192-49622-1-git-send-email-jiang.biao2@zte.com.cn
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/x86/mm/pti.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index d6f11accd37a..63afd15b32a5 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -162,7 +162,7 @@ static __init p4d_t *pti_user_pagetable_walk_p4d(unsigned long address)
if (pgd_none(*pgd)) {
unsigned long new_p4d_page = __get_free_page(gfp);
- if (!new_p4d_page)
+ if (WARN_ON_ONCE(!new_p4d_page))
return NULL;
set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(new_p4d_page)));
@@ -181,9 +181,13 @@ static __init p4d_t *pti_user_pagetable_walk_p4d(unsigned long address)
static __init pmd_t *pti_user_pagetable_walk_pmd(unsigned long address)
{
gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
- p4d_t *p4d = pti_user_pagetable_walk_p4d(address);
+ p4d_t *p4d;
pud_t *pud;
+ p4d = pti_user_pagetable_walk_p4d(address);
+ if (!p4d)
+ return NULL;
+
BUILD_BUG_ON(p4d_large(*p4d) != 0);
if (p4d_none(*p4d)) {
unsigned long new_pud_page = __get_free_page(gfp);
@@ -319,6 +323,9 @@ static void __init pti_clone_p4d(unsigned long addr)
pgd_t *kernel_pgd;
user_p4d = pti_user_pagetable_walk_p4d(addr);
+ if (!user_p4d)
+ return;
+
kernel_pgd = pgd_offset_k(addr);
kernel_p4d = p4d_offset(kernel_pgd, addr);
*user_p4d = *kernel_p4d;
--
2.17.1
next prev parent reply other threads:[~2018-09-07 0:40 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-07 0:37 [PATCH AUTOSEL 4.14 01/67] usb: dwc3: change stream event enable bit back to 13 Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 03/67] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 02/67] usb: usbtest: use irqsave() in USB's complete callback Sasha Levin
2018-09-07 5:43 ` Greg Kroah-Hartman
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 04/67] iommu/arm-smmu: Error out only if not enough context interrupts Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 05/67] iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 06/67] ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 07/67] ALSA: msnd: Fix the default sample sizes Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 08/67] ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 09/67] xfrm: fix 'passing zero to ERR_PTR()' warning Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 11/67] gfs2: Special-case rindex for gfs2_grow Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 10/67] amd-xgbe: use dma_mapping_error to check map errors Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 12/67] clk: imx6ul: fix missing of_node_put() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 13/67] clk: core: Potentially free connection id Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 14/67] clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 15/67] kbuild: add .DELETE_ON_ERROR special target Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 16/67] media: tw686x: Fix oops on buffer alloc failure Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 17/67] dmaengine: pl330: fix irq race with terminate_all Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 18/67] MIPS: ath79: fix system restart Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 19/67] media: videobuf2-core: check for q->error in vb2_core_qbuf() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 21/67] block: allow max_discard_segments to be stacked Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 20/67] IB/rxe: Drop QP0 silently Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 22/67] IB/ipoib: Fix error return code in ipoib_dev_init() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 24/67] media: ov5645: Supported external clock is 24MHz Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 23/67] mtd/maps: fix solutionengine.c printk format warnings Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 25/67] perf test: Fix subtest number when showing results Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 27/67] ARM: exynos: Define EINT_WAKEUP_MASK registers for S5Pv210 and Exynos5433 Sasha Levin
2018-09-07 6:33 ` Krzysztof Kozlowski
2018-09-12 17:44 ` Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 26/67] gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 28/67] perf tools: Synthesize GROUP_DESC feature in pipe mode Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 29/67] iio: ad9523: Fix displayed phase Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 31/67] fbdev: omapfb: off by one in omapfb_register_client() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 30/67] iio: sca3000: Fix missing return in switch Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 32/67] perf tools: Fix struct comm_str removal crash Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 33/67] video: goldfishfb: fix memory leak on driver remove Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 34/67] fbdev/via: fix defined but not used warning Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 35/67] perf powerpc: Fix callchain ip filtering when return address is in a register Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 36/67] video: fbdev: pxafb: clear allocated memory for video modes Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 37/67] fbdev: Distinguish between interlaced and progressive modes Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 38/67] ARM: exynos: Clear global variable on init error path Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 39/67] perf powerpc: Fix callchain ip filtering Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 40/67] nvme-rdma: unquiesce queues when deleting the controller Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 42/67] powerpc/powernv: opal_put_chars partial write fix Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 41/67] KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 43/67] staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 44/67] staging: bcm2835-camera: handle wait_for_completion_timeout return properly Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 45/67] ASoC: rt5514: Fix the issue of the delay volume applied Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 46/67] MIPS: jz4740: Bump zload address Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 47/67] mac80211: restrict delayed tailroom needed decrement Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 48/67] Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 49/67] wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 50/67] arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 51/67] reset: imx7: Fix always writing bits as 0 Sasha Levin
2018-09-07 0:37 ` [PATCH AUTOSEL 4.14 52/67] efi/arm: preserve early mapping of UEFI memory map longer for BGRT Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 54/67] xen-netfront: fix queue name setting Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 53/67] nfp: avoid buffer leak when FW communication fails Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 55/67] arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 56/67] ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 57/67] s390/qeth: fix race in used-buffer accounting Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 59/67] platform/x86: toshiba_acpi: Fix defined but not used build warnings Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 58/67] s390/qeth: reset layer2 attribute on layer switch Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 60/67] KVM: arm/arm64: Fix vgic init race Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 62/67] i2c: aspeed: Fix initial values of master and slave state Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 61/67] drivers/base: stop new probing during shutdown Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 63/67] dmaengine: mv_xor_v2: kill the tasklets upon exit Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 64/67] crypto: sharah - Unregister correct algorithms for SAHARA 3 Sasha Levin
2018-09-07 0:38 ` Sasha Levin [this message]
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 66/67] x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Sasha Levin
2018-09-07 0:38 ` [PATCH AUTOSEL 4.14 67/67] x86/mm/pti: Add an overflow check to pti_clone_pmds() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180907003716.57737-65-alexander.levin@microsoft.com \
--to=alexander.levin@microsoft.com \
--cc=albcamus@gmail.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jiang.biao2@zte.com.cn \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=zhong.weidong@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).