From: Chris Wright <chrisw@osdl.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
ak@suse.de
Subject: [patch 15/16] x86_64: When checking vmalloc mappings don't use pte_page
Date: Mon, 23 May 2005 16:31:36 -0700 [thread overview]
Message-ID: <20050523233136.GA27549@shell0.pdx.osdl.net> (raw)
In-Reply-To: <20050523231529.GL27549@shell0.pdx.osdl.net>
[PATCH] x86_64: When checking vmalloc mappings don't use pte_page
The PTEs can point to ioremap mappings too, and these are often outside
mem_map. The NUMA hash page lookup functions cannot handle out of bounds
accesses properly.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
fault.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
Index: release-2.6.11/arch/x86_64/mm/fault.c
===================================================================
--- release-2.6.11.orig/arch/x86_64/mm/fault.c
+++ release-2.6.11/arch/x86_64/mm/fault.c
@@ -236,6 +236,8 @@ static noinline void pgtable_bad(unsigne
/*
* Handle a fault on the vmalloc or module mapping area
+ *
+ * This assumes no large pages in there.
*/
static int vmalloc_fault(unsigned long address)
{
@@ -274,7 +276,10 @@ static int vmalloc_fault(unsigned long a
if (!pte_present(*pte_ref))
return -1;
pte = pte_offset_kernel(pmd, address);
- if (!pte_present(*pte) || pte_page(*pte) != pte_page(*pte_ref))
+ /* Don't use pte_page here, because the mappings can point
+ outside mem_map, and the NUMA hash lookup cannot handle
+ that. */
+ if (!pte_present(*pte) || pte_pfn(*pte) != pte_pfn(*pte_ref))
BUG();
__flush_tlb_all();
return 0;
@@ -348,7 +353,9 @@ asmlinkage void do_page_fault(struct pt_
* protection error (error_code & 1) == 0.
*/
if (unlikely(address >= TASK_SIZE)) {
- if (!(error_code & 5)) {
+ if (!(error_code & 5) &&
+ ((address >= VMALLOC_START && address < VMALLOC_END) ||
+ (address >= MODULES_VADDR && address < MODULES_END))) {
if (vmalloc_fault(address) < 0)
goto bad_area_nosemaphore;
return;
next prev parent reply other threads:[~2005-05-23 23:45 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-23 23:15 [00/16] -stable review Chris Wright
2005-05-23 23:17 ` [patch 01/16] Fix get_unmapped_area sanity tests Chris Wright
2005-05-23 23:18 ` [patch 02/16] 3c59x: only put the device into D3 when we're actually using WOL Chris Wright
2005-05-25 17:30 ` Daniel Ritz
2005-05-23 23:19 ` [patch 03/16] [EBTABLES]: Fix smp race Chris Wright
2005-05-23 23:20 ` [patch 04/16] ext3: fix race between ext3 make block reservation and reservation window discard Chris Wright
2005-05-30 13:28 ` Rodrigo Steinmüller Wanderley
2005-05-31 6:23 ` Mingming Cao
2005-05-23 23:21 ` [patch 05/16] PPC64: Fix LPAR IOMMU setup code for p630 Chris Wright
2005-05-23 23:22 ` [patch 06/16] Fix matroxfb on big-endian hardware Chris Wright
2005-05-23 23:50 ` Al Viro
2005-05-24 1:17 ` Chris Wright
2005-05-24 10:15 ` Petr Vandrovec
2005-05-23 23:24 ` [patch 07/16] ide-disk: Fix LBA8 DMA Chris Wright
2005-05-23 23:25 ` [patch 08/16] [ROSE]: Fix minor security hole Chris Wright
2005-05-23 23:26 ` [patch 09/16] usbaudio: prevent oops & dead keyboard on usb unplugging Chris Wright
2005-05-23 23:27 ` [patch 10/16] usbusx2y: " Chris Wright
2005-05-23 23:28 ` [patch 11/16] USB: fix bug in visor driver with throttle/unthrottle causing oopses Chris Wright
2005-05-23 23:29 ` [patch 12/16] x86_64: check if ptrace RIP is canonical Chris Wright
2005-05-23 23:30 ` [patch 13/16] x86_64: Fix canonical checking for segment registers in ptrace Chris Wright
2005-05-23 23:30 ` [patch 14/16] x86_64: Add a guard page at the end of the 47bit address space Chris Wright
2005-05-23 23:31 ` Chris Wright [this message]
2005-05-23 23:32 ` [patch 16/16] x86_64: Don't look up struct page pointer of physical address in iounmap Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050523233136.GA27549@shell0.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.