Commit 3ec97965 authored Aug 20, 2016 by Wei Yang Committed by Ingo Molnar Sep 08, 2016

x86/e820: Fix very large 'size' handling boundary condition



The (start, size) tuple represents a range [start, start + size - 1],
which means "start" and "start + size - 1" should be compared to see
whether the range overflows.

For example, a range with (start, size):

	(0xffffffff fffffff0, 0x00000000 00000010)

represents

	[0xffffffff fffffff0, 0xffffffff ffffffff]

... would be judged overflow in the original code, while actually it is not.

This patch fixes this and makes sure it still works when size is zero.

Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yinghai@kernel.org
Link: http://lkml.kernel.org/r/1471657213-31817-1-git-send-email-richard.weiyang@gmail.com


Signed-off-by: Ingo Molnar <mingo@kernel.org>

parent d71f0586

arch/x86/kernel/e820.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -388,11 +388,11 @@ static int __init __append_e820_map(struct e820entry *biosmap, int nr_map)
		while (nr_map) {
		u64 start = biosmap->addr;
		u64 size = biosmap->size;
		u64 end = start + size;
		u64 end = start + size - 1;
		u32 type = biosmap->type;

		/* Overflow in 64 bits? Ignore the memory map. */
		if (start > end)
		if (start > end && likely(size))
		return -1;

		e820_add_region(start, size, type);

Admin message