| Message ID | 1469775013-239038-1-git-send-email-agraf@suse.de |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
On 07/28/2016 11:50 PM, Alexander Graf wrote: > We create 2 sets of page tables: One for normal operation, one for > emergency (used while modifying the former). > > Because the page tables grow dynamically, we have code that checks > for overflow. Unfortunately we didn't adjust the available space > variable while creating the emergency tables, so potentially someone > might run into an overflow there (not seen in real world yet though!). > > Fix it by properly adjusting the size as well as the base offset in > emergency page table creation. > > Reported-by: York Sun <york.sun@nxp.com> > Signed-off-by: Alexander Graf <agraf@suse.de> > --- > arch/arm/cpu/armv8/cache_v8.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/arm/cpu/armv8/cache_v8.c b/arch/arm/cpu/armv8/cache_v8.c > index ac909a1..8a82bba 100644 > --- a/arch/arm/cpu/armv8/cache_v8.c > +++ b/arch/arm/cpu/armv8/cache_v8.c > @@ -380,6 +380,7 @@ void setup_pgtables(void) > static void setup_all_pgtables(void) > { > u64 tlb_addr = gd->arch.tlb_addr; > + u64 tlb_size = gd->arch.tlb_size; > > /* Reset the fill ptr */ > gd->arch.tlb_fillptr = tlb_addr; > @@ -388,10 +389,13 @@ static void setup_all_pgtables(void) > setup_pgtables(); > > /* Create emergency page tables */ > + gd->arch.tlb_size -= ((uintptr_t)gd->arch.tlb_fillptr - > + (uintptr_t)gd->arch.tlb_addr); nitpik. The parentheses are not necessary. > gd->arch.tlb_addr = gd->arch.tlb_fillptr; > setup_pgtables(); > gd->arch.tlb_emerg = gd->arch.tlb_addr; > gd->arch.tlb_addr = tlb_addr; > + gd->arch.tlb_size = tlb_size; > } > > /* to activate the MMU we need to set up virtual memory */ > Reviewed-by: York Sun <york.sun@nxp.com>
diff --git a/arch/arm/cpu/armv8/cache_v8.c b/arch/arm/cpu/armv8/cache_v8.c index ac909a1..8a82bba 100644 --- a/arch/arm/cpu/armv8/cache_v8.c +++ b/arch/arm/cpu/armv8/cache_v8.c @@ -380,6 +380,7 @@ void setup_pgtables(void) static void setup_all_pgtables(void) { u64 tlb_addr = gd->arch.tlb_addr; + u64 tlb_size = gd->arch.tlb_size; /* Reset the fill ptr */ gd->arch.tlb_fillptr = tlb_addr; @@ -388,10 +389,13 @@ static void setup_all_pgtables(void) setup_pgtables(); /* Create emergency page tables */ + gd->arch.tlb_size -= ((uintptr_t)gd->arch.tlb_fillptr - + (uintptr_t)gd->arch.tlb_addr); gd->arch.tlb_addr = gd->arch.tlb_fillptr; setup_pgtables(); gd->arch.tlb_emerg = gd->arch.tlb_addr; gd->arch.tlb_addr = tlb_addr; + gd->arch.tlb_size = tlb_size; } /* to activate the MMU we need to set up virtual memory */
We create 2 sets of page tables: One for normal operation, one for emergency (used while modifying the former). Because the page tables grow dynamically, we have code that checks for overflow. Unfortunately we didn't adjust the available space variable while creating the emergency tables, so potentially someone might run into an overflow there (not seen in real world yet though!). Fix it by properly adjusting the size as well as the base offset in emergency page table creation. Reported-by: York Sun <york.sun@nxp.com> Signed-off-by: Alexander Graf <agraf@suse.de> --- arch/arm/cpu/armv8/cache_v8.c | 4 ++++ 1 file changed, 4 insertions(+)