From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Suresh Siddha <suresh.b.siddha@intel.com>,
Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>,
Ingo Molnar <mingo@elte.hu>
Subject: [patch 10/43] x86: fix page attribute corruption with cpa()
Date: Fri, 30 Jan 2009 18:42:33 -0800 [thread overview]
Message-ID: <20090131024233.GK12368@kroah.com> (raw)
In-Reply-To: <20090131024158.GA12368@kroah.com>
[-- Attachment #1: x86-fix-page-attribute-corruption-with-cpa.patch --]
[-- Type: text/plain, Size: 4263 bytes --]
2.6.28-stable review patch. If anyone has any objections, please let us know.
------------------
From: Suresh Siddha <suresh.b.siddha@intel.com>
commit a1e46212a410793d575718818e81ddc442a65283 upstream.
Impact: fix sporadic slowdowns and warning messages
This patch fixes a performance issue reported by Linus on his
Nehalem system. While Linus reverted the PAT patch (commit
58dab916dfb57328d50deb0aa9b3fc92efa248ff) which exposed the issue,
existing cpa() code can potentially still cause wrong(page attribute
corruption) behavior.
This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that
various people reported.
In 64bit kernel, kernel identity mapping might have holes depending
on the available memory and how e820 reports the address range
covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole
in the address range that is not listed by e820 entries, kernel identity
mapping will have a corresponding hole in its 1-1 identity mapping.
If cpa() happens on the kernel identity mapping which falls into these holes,
existing code fails like this:
__change_page_attr_set_clr()
__change_page_attr()
returns 0 because of if (!kpte). But doesn't
set cpa->numpages and cpa->pfn.
cpa_process_alias()
uses uninitialized cpa->pfn (random value)
which can potentially lead to changing the page
attribute of kernel text/data, kernel identity
mapping of RAM pages etc. oops!
This bug was easily exposed by another PAT patch which was doing
cpa() more often on kernel identity mapping holes (physical range between
max_low_pfn_mapped and 4GB), where in here it was setting the
cache disable attribute(PCD) for kernel identity mappings aswell.
Fix cpa() to handle the kernel identity mapping holes. Retain
the WARN() for cpa() calls to other not present address ranges
(kernel-text/data, ioremap() addresses)
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/mm/pageattr.c | 49 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 15 deletions(-)
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -534,6 +534,36 @@ out_unlock:
return 0;
}
+static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
+ int primary)
+{
+ /*
+ * Ignore all non primary paths.
+ */
+ if (!primary)
+ return 0;
+
+ /*
+ * Ignore the NULL PTE for kernel identity mapping, as it is expected
+ * to have holes.
+ * Also set numpages to '1' indicating that we processed cpa req for
+ * one virtual address page and its pfn. TBD: numpages can be set based
+ * on the initial value and the level returned by lookup_address().
+ */
+ if (within(vaddr, PAGE_OFFSET,
+ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))) {
+ cpa->numpages = 1;
+ cpa->pfn = __pa(vaddr) >> PAGE_SHIFT;
+ return 0;
+ } else {
+ WARN(1, KERN_WARNING "CPA: called for zero pte. "
+ "vaddr = %lx cpa->vaddr = %lx\n", vaddr,
+ *cpa->vaddr);
+
+ return -EFAULT;
+ }
+}
+
static int __change_page_attr(struct cpa_data *cpa, int primary)
{
unsigned long address;
@@ -549,17 +579,11 @@ static int __change_page_attr(struct cpa
repeat:
kpte = lookup_address(address, &level);
if (!kpte)
- return 0;
+ return __cpa_process_fault(cpa, address, primary);
old_pte = *kpte;
- if (!pte_val(old_pte)) {
- if (!primary)
- return 0;
- WARN(1, KERN_WARNING "CPA: called for zero pte. "
- "vaddr = %lx cpa->vaddr = %lx\n", address,
- *cpa->vaddr);
- return -EINVAL;
- }
+ if (!pte_val(old_pte))
+ return __cpa_process_fault(cpa, address, primary);
if (level == PG_LEVEL_4K) {
pte_t new_pte;
@@ -657,12 +681,7 @@ static int cpa_process_alias(struct cpa_
vaddr = *cpa->vaddr;
if (!(within(vaddr, PAGE_OFFSET,
- PAGE_OFFSET + (max_low_pfn_mapped << PAGE_SHIFT))
-#ifdef CONFIG_X86_64
- || within(vaddr, PAGE_OFFSET + (1UL<<32),
- PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))
-#endif
- )) {
+ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT)))) {
alias_cpa = *cpa;
temp_cpa_vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT);
next prev parent reply other threads:[~2009-01-31 3:02 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090131022548.656772939@mini.kroah.org>
2009-01-31 2:41 ` [patch 00/43] 2.6.28-stable review Greg KH
2009-01-31 2:42 ` [patch 01/43] ath5k: fix mesh point operation Greg KH
2009-01-31 2:42 ` [patch 02/43] mac80211: decrement ref count to netdev after launching mesh discovery Greg KH
2009-01-31 2:42 ` [patch 03/43] inotify: clean up inotify_read and fix locking problems Greg KH
2009-01-31 2:42 ` [patch 04/43] fuse: destroy bdi on umount Greg KH
2009-01-31 2:42 ` [patch 05/43] fuse: fix missing fput on error Greg KH
2009-01-31 2:42 ` [patch 06/43] fuse: fix NULL deref in fuse_file_alloc() Greg KH
2009-01-31 2:42 ` [patch 07/43] x86, mm: fix pte_free() Greg KH
2009-01-31 2:42 ` [patch 08/43] klist.c: bit 0 in pointer cant be used as flag Greg KH
2009-01-31 2:42 ` [patch 09/43] sysfs: fix problems with binary files Greg KH
2009-01-31 2:42 ` Greg KH [this message]
2009-01-31 2:42 ` [patch 11/43] USB: fix toggle mismatch in disable_endpoint paths Greg KH
2009-01-31 2:42 ` [patch 12/43] sound: virtuoso: enable UART on Xonar HDAV1.3 Greg KH
2009-01-31 2:42 ` [patch 13/43] USB: usbmon: Implement compat_ioctl Greg KH
2009-01-31 2:42 ` [patch 14/43] USB: fix char-device disconnect handling Greg KH
2009-01-31 2:42 ` [patch 15/43] USB: storage: add unusual devs entry Greg KH
2009-01-31 2:42 ` [patch 16/43] alpha: nautilus - fix compile failure with gcc-4.3 Greg KH
2009-01-31 2:42 ` [patch 17/43] alpha: fix vmalloc breakage Greg KH
2009-01-31 2:42 ` [patch 18/43] resources: skip sanity check of busy resources Greg KH
2009-01-31 2:42 ` [patch 19/43] rtl8187: Add termination packet to prevent stall Greg KH
2009-01-31 2:42 ` [patch 20/43] it821x: Add ultra_mask quirk for Vortex86SX Greg KH
2009-01-31 2:42 ` [patch 21/43] libata: pata_via: support VX855, future chips whose IDE controller use 0x0571 Greg KH
2009-01-31 2:42 ` [patch 22/43] serial_8250: support for Sealevel Systems Model 7803 COMM+8 Greg KH
2009-01-31 2:43 ` [patch 23/43] drm: stash AGP include under the do-we-have-AGP ifdef Greg KH
2009-01-31 2:43 ` [patch 24/43] Fix OOPS in mmap_region() when merging adjacent VM_LOCKED file segments Greg KH
2009-01-31 2:43 ` [patch 25/43] bnx2x: Block nvram access when the device is inactive Greg KH
2009-01-31 2:43 ` [patch 26/43] ext3: Add sanity check to make_indexed_dir Greg KH
2009-01-31 2:43 ` [patch 27/43] rtl8187: Fix error in setting OFDM power settings for RTL8187L Greg KH
2009-01-31 2:44 ` [patch 28/43] epoll: drop max_user_instances and rely only on max_user_watches Greg KH
2009-01-31 2:44 ` [patch 29/43] gpiolib: fix request related issue Greg KH
2009-01-31 2:44 ` [patch 30/43] sgi-xpc: Remove NULL pointer dereference Greg KH
2009-01-31 2:44 ` [patch 31/43] sgi-xpc: ensure flags are updated before bte_copy Greg KH
2009-01-31 2:44 ` [patch 32/43] include/linux: Add bsg.h to the Kernel exported headers Greg KH
2009-01-31 2:44 ` [patch 33/43] ALSA: hda - Fix PCM reference NID for STAC/IDT analog outputs Greg KH
2009-01-31 2:44 ` [patch 34/43] ALSA: hda - add another MacBook Pro 4, 1 subsystem ID Greg KH
2009-01-31 2:44 ` [patch 35/43] ALSA: hda - Add quirk for HP DV6700 laptop Greg KH
2009-01-31 2:44 ` [patch 36/43] crypto: authenc - Fix zero-length IV crash Greg KH
2009-01-31 2:44 ` [patch 37/43] crypto: ccm - Fix handling of null assoc data Greg KH
2009-01-31 2:44 ` [patch 38/43] x86, pat: fix reserve_memtype() for legacy 1MB range Greg KH
2009-01-31 2:44 ` [patch 39/43] x86, pat: fix PTE corruption issue while mapping RAM using /dev/mem Greg KH
2009-01-31 2:44 ` [patch 40/43] PCI hotplug: fix lock imbalance in pciehp Greg KH
2009-01-31 2:44 ` [patch 41/43] dmaengine: fix dependency chaining Greg KH
2009-01-31 2:45 ` [patch 42/43] NET: net_namespace, fix lock imbalance Greg KH
2009-01-31 2:45 ` [patch 43/43] relay: fix lock imbalance in relay_late_setup_files Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090131024233.GK12368@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=suresh.b.siddha@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=venkatesh.pallipadi@intel.com \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox