• Kirill A. Shutemov's avatar
    x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border · 1e0f25db
    Kirill A. Shutemov authored
    In case of 5-level paging, the kernel does not place any mapping above
    47-bit, unless userspace explicitly asks for it.
    
    Userspace can request an allocation from the full address space by
    specifying the mmap address hint above 47-bit.
    
    Nicholas noticed that the current implementation violates this interface:
    
      If user space requests a mapping at the end of the 47-bit address space
      with a length which causes the mapping to cross the 47-bit border
      (DEFAULT_MAP_WINDOW), then the vma is partially in the address space
      below and above.
    
    Sanity check the mmap address hint so that start and end of the resulting
    vma are on the same side of the 47-bit border. If that's not the case fall
    back to the code path which ignores the address hint and allocate from the
    regular address space below 47-bit.
    
    To make the checks consistent, mask out the address hints lower bits
    (either PAGE_MASK or huge_page_mask()) instead of using ALIGN() which can
    push them up to the next boundary.
    
    [ tglx: Moved the address check to a function and massaged comment and
      	changelog ]
    Reported-by: default avatarNicholas Piggin <npiggin@gmail.com>
    Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: linux-mm@kvack.org
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Link: https://lkml.kernel.org/r/20171115143607.81541-1-kirill.shutemov@linux.intel.com
    1e0f25db
sys_x86_64.c 6.04 KB