• Zhang Yanfei's avatar
    x86-64, init: Fix a possible wraparound bug in switchover in head_64.S · e9d0626e
    Zhang Yanfei authored
    In head_64.S, a switchover has been used to handle kernel crossing
    1G, 512G boundaries.
    
    And commit 8170e6be
        x86, 64bit: Use a #PF handler to materialize early mappings on demand
    said:
        During the switchover in head_64.S, before #PF handler is available,
        we use three pages to handle kernel crossing 1G, 512G boundaries with
        sharing page by playing games with page aliasing: the same page is
        mapped twice in the higher-level tables with appropriate wraparound.
    
    But from the switchover code, when we set up the PUD table:
    114         addq    $4096, %rdx
    115         movq    %rdi, %rax
    116         shrq    $PUD_SHIFT, %rax
    117         andl    $(PTRS_PER_PUD-1), %eax
    118         movq    %rdx, (4096+0)(%rbx,%rax,8)
    119         movq    %rdx, (4096+8)(%rbx,%rax,8)
    
    It seems line 119 has a potential bug there. For example,
    if the kernel is loaded at physical address 511G+1008M, that is
        000000000 111111111 111111000 000000000000000000000
    and the kernel _end is 512G+2M, that is
        000000001 000000000 000000001 000000000000000000000
    So in this example, when using the 2nd page to setup PUD (line 114~119),
    rax is 511.
    In line 118, we put rdx which is the address of the PMD page (the 3rd page)
    into entry 511 of the PUD table. But in line 119, the entry we calculate from
    (4096+8)(%rbx,%rax,8) has exceeded the PUD page. IMO, the entry in line
    119 should be wraparound into entry 0 of the PUD table.
    
    The patch fixes the bug.
    Signed-off-by: default avatarZhang Yanfei <zhangyanfei@cn.fujitsu.com>
    Link: http://lkml.kernel.org/r/5191DE5A.3020302@cn.fujitsu.comSigned-off-by: default avatarYinghai Lu <yinghai@kernel.org>
    Cc: <stable@vger.kernel.org> v3.9
    Signed-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
    e9d0626e
head_64.S 13 KB