From: Vincenzo Frascino <vincenzo.frascino@arm.com>

Date: Mon, 1 Apr 2019 12:30:14 +0100

Subject: arm64: compat: Reduce address limit

Git-commit: d263119387de9975d2acba1dfd3392f7c5979c18

Patch-mainline: v5.2-rc1

References: git-fixes

Currently, compat tasks running on arm64 can allocate memory up to

TASK_SIZE_32 (UL(0x100000000)).

This means that mmap() allocations, if we treat them as returning an

array, are not compliant with the sections 6.5.8 of the C standard

(C99) which states that: "If the expression P points to an element of

an array object and the expression Q points to the last element of the

same array object, the pointer expression Q+1 compares greater than P".

Redefine TASK_SIZE_32 to address the issue.

Cc: Catalin Marinas <catalin.marinas@arm.com>

Cc: Will Deacon <will.deacon@arm.com>

Cc: Jann Horn <jannh@google.com>

Cc: <stable@vger.kernel.org>

Reported-by: Jann Horn <jannh@google.com>

Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>

[will: fixed typo in comment]

Signed-off-by: Will Deacon <will.deacon@arm.com>

Acked-by: Ivan T. Ivanov <iivanov@suse.de>

---

 arch/arm64/include/asm/processor.h |    8 ++++++++

 1 file changed, 8 insertions(+)

--- a/arch/arm64/include/asm/processor.h

+++ b/arch/arm64/include/asm/processor.h

@@ -51,7 +51,15 @@

  * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area.

  */

 #ifdef CONFIG_COMPAT

+#ifdef CONFIG_ARM64_64K_PAGES

+/*

+ * With CONFIG_ARM64_64K_PAGES enabled, the last page is occupied

+ * by the compat vectors page.

+ */

 #define TASK_SIZE_32		UL(0x100000000)

+#else

+#define TASK_SIZE_32		(UL(0x100000000) - PAGE_SIZE)

+#endif /* CONFIG_ARM64_64K_PAGES */

 #define TASK_SIZE		(test_thread_flag(TIF_32BIT) ? \

 				TASK_SIZE_32 : TASK_SIZE_64)

 #define TASK_SIZE_OF(tsk)	(test_tsk_thread_flag(tsk, TIF_32BIT) ? \