• David Daney's avatar
    MIPS: Check for accesses beyond the end of the PGD. · 1ec56329
    David Daney authored
    For some combinations of PAGE_SIZE and vmbits, it is possible to have
    userspace access that are beyond what is covered by the PGD, but within
    vmbits.  Such an access would cause the TLB refill handler to load garbage
    values for PMD and PTE potentially giving userspace access to parts of the
    physical address space to which it is not entitled.
    
    In the TLB refill hot path, we add a single dsrl instruction so we can
    check if any bits outside of the range covered by the PGD are set.  In
    the vmalloc side we then separate the bad case from the normal vmalloc
    case and call tlb_do_page_fault_0 if warranted.  This slows us down a
    bit, but has the benefit of yielding deterministic behavior.
    
    [Ralf: Fixed build error for 32-bit kernels.]
    [Ralf: Folded lmo commit c8c0e22b2aa3982852b44279638ef37f9aa31b7d into this
     commit.]
    Signed-off-by: default avatarDavid Daney <ddaney@caviumnetworks.com>
    To: linux-mips@linux-mips.org
    Patchwork: http://patchwork.linux-mips.org/patch/1152/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
    
    ---
    1ec56329
tlbex.c 43.8 KB