* Re: Please include commit 90481622d7 in 3.3-stable [not found] <20120510095837.GB16271@bloggs.ozlabs.ibm.com> @ 2012-05-12 8:34 ` Ben Hutchings 2012-05-26 21:37 ` Ben Hutchings 0 siblings, 1 reply; 3+ messages in thread From: Ben Hutchings @ 2012-05-12 8:34 UTC (permalink / raw) To: Paul Mackerras, Hillf Danton, KAMEZAWA Hiroyuki, David Gibson Cc: stable, Andrew Morton, linux-mm [-- Attachment #1: Type: text/plain, Size: 1506 bytes --] On Thu, 2012-05-10 at 19:58 +1000, Paul Mackerras wrote: > Please include commit 90481622d7 ("hugepages: fix use after free bug > in "quota" handling") from Linus' tree in the next 3.3 stable release. > It applies without fuzz, though with offsets. > > It fixes a use-after-free bug in the huge page code that we are > hitting when using KVM on IBM Power machines with large pages backing > the guests, though it can in principle be hit in other ways also. > Since it's a use-after-free bug, it tends to result in an immediate > kernel crash if you have slab debug turned on, or occasional > hard-to-debug memory corruption if you don't. > > The bug is also present in earlier kernels, and the patch should > apply at least to 3.2. It would be good if it can be applied to > earlier kernels also. I tried cherry-picking this on top of 3.2.17, but there was a conflict in unmap_ref_private(). It looks like all of these belong in 3.2.y as well: 1e16a53 mm/hugetlb.c: fix virtual address handling in hugetlb fault 0c176d5 mm: hugetlb: fix pgoff computation when unmapping page from vma ea5768c mm/hugetlb.c: avoid bogus counter of surplus huge page 409eb8c mm/hugetlb.c: undo change to page mapcount in fault handler cd2934a flush_tlb_range() needs ->page_table_lock when ->mmap_sem is not held Ben. -- Ben Hutchings Experience is directly proportional to the value of equipment destroyed. - Carolyn Scheppner [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 828 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Please include commit 90481622d7 in 3.3-stable 2012-05-12 8:34 ` Please include commit 90481622d7 in 3.3-stable Ben Hutchings @ 2012-05-26 21:37 ` Ben Hutchings 2012-05-29 5:46 ` Paul Mackerras 0 siblings, 1 reply; 3+ messages in thread From: Ben Hutchings @ 2012-05-26 21:37 UTC (permalink / raw) To: Paul Mackerras Cc: Hillf Danton, KAMEZAWA Hiroyuki, David Gibson, stable, Andrew Morton, linux-mm [-- Attachment #1: Type: text/plain, Size: 1621 bytes --] On Sat, 2012-05-12 at 09:34 +0100, Ben Hutchings wrote: > On Thu, 2012-05-10 at 19:58 +1000, Paul Mackerras wrote: > > Please include commit 90481622d7 ("hugepages: fix use after free bug > > in "quota" handling") from Linus' tree in the next 3.3 stable release. > > It applies without fuzz, though with offsets. > > > > It fixes a use-after-free bug in the huge page code that we are > > hitting when using KVM on IBM Power machines with large pages backing > > the guests, though it can in principle be hit in other ways also. > > Since it's a use-after-free bug, it tends to result in an immediate > > kernel crash if you have slab debug turned on, or occasional > > hard-to-debug memory corruption if you don't. > > > > The bug is also present in earlier kernels, and the patch should > > apply at least to 3.2. It would be good if it can be applied to > > earlier kernels also. > > I tried cherry-picking this on top of 3.2.17, but there was a conflict > in unmap_ref_private(). It looks like all of these belong in 3.2.y as > well: > > 1e16a53 mm/hugetlb.c: fix virtual address handling in hugetlb fault > 0c176d5 mm: hugetlb: fix pgoff computation when unmapping page from vma > ea5768c mm/hugetlb.c: avoid bogus counter of surplus huge page > 409eb8c mm/hugetlb.c: undo change to page mapcount in fault handler > cd2934a flush_tlb_range() needs ->page_table_lock when ->mmap_sem is not held Sorry, I didn't make myself clear. I'm asking for confirmation: should these all be applied to 3.2.y? Ben. -- Ben Hutchings You can't have everything. Where would you put it? [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 828 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Please include commit 90481622d7 in 3.3-stable 2012-05-26 21:37 ` Ben Hutchings @ 2012-05-29 5:46 ` Paul Mackerras 0 siblings, 0 replies; 3+ messages in thread From: Paul Mackerras @ 2012-05-29 5:46 UTC (permalink / raw) To: Ben Hutchings Cc: Hillf Danton, KAMEZAWA Hiroyuki, David Gibson, stable, Andrew Morton, linux-mm On Sat, May 26, 2012 at 10:37:40PM +0100, Ben Hutchings wrote: > On Sat, 2012-05-12 at 09:34 +0100, Ben Hutchings wrote: > > I tried cherry-picking this on top of 3.2.17, but there was a conflict > > in unmap_ref_private(). It looks like all of these belong in 3.2.y as > > well: > > > > 1e16a53 mm/hugetlb.c: fix virtual address handling in hugetlb fault > > 0c176d5 mm: hugetlb: fix pgoff computation when unmapping page from vma > > ea5768c mm/hugetlb.c: avoid bogus counter of surplus huge page > > 409eb8c mm/hugetlb.c: undo change to page mapcount in fault handler > > cd2934a flush_tlb_range() needs ->page_table_lock when ->mmap_sem is not held > > Sorry, I didn't make myself clear. I'm asking for confirmation: should > these all be applied to 3.2.y? I think yes, probably, but I'm not enough of an expert on the hugetlbfs code to say for sure. David Gibson is on leave at the moment and so may not be in a position to reply. Perhaps one of hugetlbfs experts on cc could reply? Paul. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-05-29 5:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20120510095837.GB16271@bloggs.ozlabs.ibm.com>
2012-05-12 8:34 ` Please include commit 90481622d7 in 3.3-stable Ben Hutchings
2012-05-26 21:37 ` Ben Hutchings
2012-05-29 5:46 ` Paul Mackerras
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).