-
The implementation of map_range() creates the requested mapping by walking the page tables, iterating over multiple PTEs and/or descending into existing table mappings as needed. When doing so, it assumes any pre-existing valid PTE to be a table mapping. This assumption is wrong if the platform code attempts to successively map two overlapping ranges where the latter intersects a block mapping created for the former. As a result, map_range() treats the existing block mapping as a table mapping and descends into it i.e. starts interpreting the previously-mapped range as an array of PTEs, writing to them and potentially even descending further (extra fun with MMIO ranges!). Instead, pass any valid non-table mapping to split_block(), which ensures that it actually was a block mapping (calls panic() otherwise) before splitting it. Fixes: 41e2787f ("arm64: Reduce add_map() complexity") Signed-off-by:
Pierre-Clément Tosi <ptosi@google.com> Tested-by: Fa...
4b36f012
