From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg KH <gregkh@linuxfoundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Russell King <rmk+kernel@arm.linux.org.uk>
Subject: [ 04/46] ARM: 7487/1: mm: avoid setting nG bit for user mappings that arent present
Date: Wed, 12 Sep 2012 16:38:54 -0700 [thread overview]
Message-ID: <20120912233818.129132756@linuxfoundation.org> (raw)
In-Reply-To: <20120912233817.662663809@linuxfoundation.org>
From: Greg KH <gregkh@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will.deacon@arm.com>
commit 47f1204329237a0f8655f5a9f14a38ac81946ca1 upstream.
Swap entries are encoding in ptes such that !pte_present(pte) and
pte_file(pte). The remaining bits of the descriptor are used to identify
the swapfile and offset within it to the swap entry.
When writing such a pte for a user virtual address, set_pte_at
unconditionally sets the nG bit, which (in the case of LPAE) will
corrupt the swapfile offset and lead to a BUG:
[ 140.494067] swap_free: Unused swap offset entry 000763b4
[ 140.509989] BUG: Bad page map in process rs:main Q:Reg pte:0ec76800 pmd:8f92e003
This patch fixes the problem by only setting the nG bit for user
mappings that are actually present.
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/pgtable.h | 34 ++++++++++++++++++----------------
arch/arm/mm/flush.c | 2 --
2 files changed, 18 insertions(+), 18 deletions(-)
--- a/arch/arm/include/asm/pgtable.h
+++ b/arch/arm/include/asm/pgtable.h
@@ -360,6 +360,18 @@ static inline pte_t *pmd_page_vaddr(pmd_
#define set_pte_ext(ptep,pte,ext) cpu_set_pte_ext(ptep,pte,ext)
#define pte_clear(mm,addr,ptep) set_pte_ext(ptep, __pte(0), 0)
+#define pte_none(pte) (!pte_val(pte))
+#define pte_present(pte) (pte_val(pte) & L_PTE_PRESENT)
+#define pte_write(pte) (!(pte_val(pte) & L_PTE_RDONLY))
+#define pte_dirty(pte) (pte_val(pte) & L_PTE_DIRTY)
+#define pte_young(pte) (pte_val(pte) & L_PTE_YOUNG)
+#define pte_exec(pte) (!(pte_val(pte) & L_PTE_XN))
+#define pte_special(pte) (0)
+
+#define pte_present_user(pte) \
+ ((pte_val(pte) & (L_PTE_PRESENT | L_PTE_USER)) == \
+ (L_PTE_PRESENT | L_PTE_USER))
+
#if __LINUX_ARM_ARCH__ < 6
static inline void __sync_icache_dcache(pte_t pteval)
{
@@ -371,25 +383,15 @@ extern void __sync_icache_dcache(pte_t p
static inline void set_pte_at(struct mm_struct *mm, unsigned long addr,
pte_t *ptep, pte_t pteval)
{
- if (addr >= TASK_SIZE)
- set_pte_ext(ptep, pteval, 0);
- else {
+ unsigned long ext = 0;
+
+ if (addr < TASK_SIZE && pte_present_user(pteval)) {
__sync_icache_dcache(pteval);
- set_pte_ext(ptep, pteval, PTE_EXT_NG);
+ ext |= PTE_EXT_NG;
}
-}
-#define pte_none(pte) (!pte_val(pte))
-#define pte_present(pte) (pte_val(pte) & L_PTE_PRESENT)
-#define pte_write(pte) (!(pte_val(pte) & L_PTE_RDONLY))
-#define pte_dirty(pte) (pte_val(pte) & L_PTE_DIRTY)
-#define pte_young(pte) (pte_val(pte) & L_PTE_YOUNG)
-#define pte_exec(pte) (!(pte_val(pte) & L_PTE_XN))
-#define pte_special(pte) (0)
-
-#define pte_present_user(pte) \
- ((pte_val(pte) & (L_PTE_PRESENT | L_PTE_USER)) == \
- (L_PTE_PRESENT | L_PTE_USER))
+ set_pte_ext(ptep, pteval, ext);
+}
#define PTE_BIT_FUNC(fn,op) \
static inline pte_t pte_##fn(pte_t pte) { pte_val(pte) op; return pte; }
--- a/arch/arm/mm/flush.c
+++ b/arch/arm/mm/flush.c
@@ -236,8 +236,6 @@ void __sync_icache_dcache(pte_t pteval)
struct page *page;
struct address_space *mapping;
- if (!pte_present_user(pteval))
- return;
if (cache_is_vipt_nonaliasing() && !pte_exec(pteval))
/* only flush non-aliasing VIPT caches for exec mappings */
return;
next prev parent reply other threads:[~2012-09-12 23:43 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 23:38 [ 00/46] 3.0.43-stable review Greg Kroah-Hartman
2012-09-12 23:38 ` [ 01/46] USB: vt6656: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:38 ` [ 02/46] USB: emi62: " Greg Kroah-Hartman
2012-09-12 23:38 ` [ 03/46] ALSA: hda - fix Copyright debug message Greg Kroah-Hartman
2012-09-12 23:38 ` Greg Kroah-Hartman [this message]
2012-09-12 23:38 ` [ 05/46] ARM: 7488/1: mm: use 5 bits for swapfile type encoding Greg Kroah-Hartman
2012-09-12 23:38 ` [ 06/46] ARM: 7489/1: errata: fix workaround for erratum #720789 on UP systems Greg Kroah-Hartman
2012-09-12 23:38 ` [ 07/46] ARM: S3C24XX: Fix s3c2410_dma_enqueue parameters Greg Kroah-Hartman
2012-09-12 23:38 ` [ 08/46] ARM: imx: select CPU_FREQ_TABLE when needed Greg Kroah-Hartman
2012-09-12 23:38 ` [ 09/46] ASoC: wm9712: Fix microphone source selection Greg Kroah-Hartman
2012-09-12 23:39 ` [ 10/46] vfs: missed source of ->f_pos races Greg Kroah-Hartman
2012-09-12 23:39 ` [ 11/46] vfs: canonicalize create mode in build_open_flags() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 12/46] alpha: Dont export SOCK_NONBLOCK to user space Greg Kroah-Hartman
2012-09-12 23:39 ` [ 13/46] USB: winbond: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 14/46] mm: hugetlbfs: correctly populate shared pmd Greg Kroah-Hartman
2012-09-12 23:39 ` [ 15/46] NFSv3: Ensure that do_proc_get_root() reports errors correctly Greg Kroah-Hartman
2012-09-12 23:39 ` [ 16/46] NFSv4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done Greg Kroah-Hartman
2012-09-16 16:33 ` Ben Hutchings
2012-09-16 16:37 ` Greg Kroah-Hartman
2012-09-17 13:05 ` Myklebust, Trond
2012-09-19 9:49 ` Boaz Harrosh
2012-09-12 23:39 ` [ 17/46] NFS: Alias the nfs module to nfs4 Greg Kroah-Hartman
2012-09-12 23:39 ` [ 18/46] audit: dont free_chunk() after fsnotify_add_mark() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 19/46] audit: fix refcounting in audit-tree Greg Kroah-Hartman
2012-09-12 23:39 ` [ 20/46] svcrpc: fix BUG() in svc_tcp_clear_pages Greg Kroah-Hartman
2012-09-12 23:39 ` [ 21/46] svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping Greg Kroah-Hartman
2012-09-12 23:39 ` [ 22/46] svcrpc: sends on closed socket should stop immediately Greg Kroah-Hartman
2012-09-12 23:39 ` [ 23/46] cciss: fix incorrect scsi status reporting Greg Kroah-Hartman
2012-09-12 23:39 ` [ 24/46] ACPI: export symbol acpi_get_table_with_size Greg Kroah-Hartman
2012-09-15 0:22 ` Ben Hutchings
2012-09-15 3:13 ` Greg Kroah-Hartman
2012-09-12 23:39 ` [ 25/46] ath9k: fix decrypt_error initialization in ath_rx_tasklet() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 26/46] PCI: EHCI: Fix crash during hibernation on ASUS computers Greg Kroah-Hartman
2012-09-12 23:39 ` [ 27/46] block: replace __getblk_slow misfix by grow_dev_page fix Greg Kroah-Hartman
2012-09-12 23:39 ` [ 28/46] USB: spca506: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 29/46] USB: p54usb: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 30/46] USB: rtl8187: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 31/46] USB: smsusb: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 32/46] USB: CDC ACM: Fix NULL pointer dereference Greg Kroah-Hartman
2012-09-12 23:39 ` [ 33/46] powerpc: Fix DSCR inheritance in copy_thread() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 34/46] powerpc: Restore correct DSCR in context switch Greg Kroah-Hartman
2012-09-12 23:39 ` [ 35/46] Remove user-triggerable BUG from mpol_to_str Greg Kroah-Hartman
2012-09-12 23:39 ` [ 36/46] SCSI: megaraid_sas: Move poll_aen_lock initializer Greg Kroah-Hartman
2012-09-12 23:39 ` [ 37/46] SCSI: mpt2sas: Fix for Driver oops, when loading driver with max_queue_depth command line option to a very small value Greg Kroah-Hartman
2012-09-12 23:39 ` [ 38/46] SCSI: Fix Device not ready issue on mpt2sas Greg Kroah-Hartman
2012-09-12 23:39 ` [ 39/46] udf: Fix data corruption for files in ICB Greg Kroah-Hartman
2012-09-12 23:39 ` [ 40/46] ext3: Fix fdatasync() for files with only i_size changes Greg Kroah-Hartman
2012-09-12 23:39 ` [ 41/46] fuse: fix retrieve length Greg Kroah-Hartman
2012-09-12 23:39 ` [ 42/46] Input: i8042 - add Gigabyte T1005 series netbooks to noloop table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 43/46] drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot Greg Kroah-Hartman
2012-09-12 23:39 ` [ 44/46] PARISC: Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts Greg Kroah-Hartman
2012-09-12 23:39 ` [ 45/46] dccp: check ccid before dereferencing Greg Kroah-Hartman
2012-09-12 23:39 ` [ 46/46] hwmon: (asus_atk0110) Add quirk for Asus M5A78L Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120912233818.129132756@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.