On Wed, Oct 30, 2024 at 12:47:12PM +0100, Borislav Petkov wrote:
> On Wed, Oct 16, 2024 at 02:14:55PM +0300, Kirill A. Shutemov wrote:
> > Calculation of 'next' virtual address doesn't protect against wrapping
> > to zero. It can result in page table corruption and hang. The
> > problematic case is possible if user sets high x86_mapping_info::offset.
> >
> > The wrapping to zero only occurs if the top PGD entry is accessed.
> > There are no such users in the upstream. Only hibernate_64.c uses
> > x86_mapping_info::offset, and it operates on the direct mapping range,
> > which is not the top PGD entry.
> >
> > Replace manual 'next' calculation with p?d_addr_end() which handles
> > wrapping correctly.
>
> So this is a fix for a theoretical issue as it cannot happen currently?
Right.
> Can we call that out in the commit message so that the stable AI doesn't pick
> it up?
Do we have magic words for that?
I tried to express that in the second paragraph: "no such users in the
upstream".
> And which commit is it fixing?
>
> aece27851d44 ("x86, 64bit, mm: Add generic kernel/ident mapping helper")
> perhaps?
This one is closer:
e4630fdd4763 ("x86/power/64: Always create temporary identity mapping correctly")
It adds x86_mapping_info::offset.
--
Kiryl Shutsemau / Kirill A. Shutemov
