From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
Greg KH <greg@kroah.com>
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Ingo Molnar <mingo@elte.hu>,
venkatesh.pallipadi@intel.com,
Suresh Siddha <suresh.b.siddha@intel.com>
Subject: [patch 19/41] x86: fix page attribute corruption with cpa()
Date: Wed, 4 Feb 2009 10:46:26 -0800 [thread overview]
Message-ID: <20090204184626.GT25246@kroah.com> (raw)
In-Reply-To: <20090204184539.GA25246@kroah.com>
[-- Attachment #1: x86-fix-page-attribute-corruption-with-cpa.patch --]
[-- Type: text/plain, Size: 4280 bytes --]
2.6.27-stable review patch. If anyone has any objections, please let us know.
------------------
From: Suresh Siddha <suresh.b.siddha@intel.com>
commit a1e46212a410793d575718818e81ddc442a65283 upstream.
Impact: fix sporadic slowdowns and warning messages
This patch fixes a performance issue reported by Linus on his
Nehalem system. While Linus reverted the PAT patch (commit
58dab916dfb57328d50deb0aa9b3fc92efa248ff) which exposed the issue,
existing cpa() code can potentially still cause wrong(page attribute
corruption) behavior.
This patch also fixes the "WARNING: at arch/x86/mm/pageattr.c:560" that
various people reported.
In 64bit kernel, kernel identity mapping might have holes depending
on the available memory and how e820 reports the address range
covering the RAM, ACPI, PCI reserved regions. If there is a 2MB/1GB hole
in the address range that is not listed by e820 entries, kernel identity
mapping will have a corresponding hole in its 1-1 identity mapping.
If cpa() happens on the kernel identity mapping which falls into these
holes,
existing code fails like this:
__change_page_attr_set_clr()
__change_page_attr()
returns 0 because of if (!kpte). But doesn't
set cpa->numpages and cpa->pfn.
cpa_process_alias()
uses uninitialized cpa->pfn (random value)
which can potentially lead to changing the page
attribute of kernel text/data, kernel identity
mapping of RAM pages etc. oops!
This bug was easily exposed by another PAT patch which was doing
cpa() more often on kernel identity mapping holes (physical range
between
max_low_pfn_mapped and 4GB), where in here it was setting the
cache disable attribute(PCD) for kernel identity mappings aswell.
Fix cpa() to handle the kernel identity mapping holes. Retain
the WARN() for cpa() calls to other not present address ranges
(kernel-text/data, ioremap() addresses)
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/mm/pageattr.c | 49 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 15 deletions(-)
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -582,6 +582,36 @@ out_unlock:
return 0;
}
+static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
+ int primary)
+{
+ /*
+ * Ignore all non primary paths.
+ */
+ if (!primary)
+ return 0;
+
+ /*
+ * Ignore the NULL PTE for kernel identity mapping, as it is expected
+ * to have holes.
+ * Also set numpages to '1' indicating that we processed cpa req for
+ * one virtual address page and its pfn. TBD: numpages can be set based
+ * on the initial value and the level returned by lookup_address().
+ */
+ if (within(vaddr, PAGE_OFFSET,
+ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))) {
+ cpa->numpages = 1;
+ cpa->pfn = __pa(vaddr) >> PAGE_SHIFT;
+ return 0;
+ } else {
+ WARN(1, KERN_WARNING "CPA: called for zero pte. "
+ "vaddr = %lx cpa->vaddr = %lx\n", vaddr,
+ cpa->vaddr);
+
+ return -EINVAL;
+ }
+}
+
static int __change_page_attr(struct cpa_data *cpa, int primary)
{
unsigned long address = cpa->vaddr;
@@ -592,17 +622,11 @@ static int __change_page_attr(struct cpa
repeat:
kpte = lookup_address(address, &level);
if (!kpte)
- return 0;
+ return __cpa_process_fault(cpa, address, primary);
old_pte = *kpte;
- if (!pte_val(old_pte)) {
- if (!primary)
- return 0;
- WARN(1, KERN_WARNING "CPA: called for zero pte. "
- "vaddr = %lx cpa->vaddr = %lx\n", address,
- cpa->vaddr);
- return -EINVAL;
- }
+ if (!pte_val(old_pte))
+ return __cpa_process_fault(cpa, address, primary);
if (level == PG_LEVEL_4K) {
pte_t new_pte;
@@ -676,12 +700,7 @@ static int cpa_process_alias(struct cpa_
* mapping already:
*/
if (!(within(cpa->vaddr, PAGE_OFFSET,
- PAGE_OFFSET + (max_low_pfn_mapped << PAGE_SHIFT))
-#ifdef CONFIG_X86_64
- || within(cpa->vaddr, PAGE_OFFSET + (1UL<<32),
- PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))
-#endif
- )) {
+ PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT)))) {
alias_cpa = *cpa;
alias_cpa.vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT);
next prev parent reply other threads:[~2009-02-04 18:58 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090204184029.881610776@mini.kroah.org>
2009-02-04 18:45 ` [patch 00/41] 2.6.27-stable review Greg KH
2009-02-04 18:45 ` [patch 01/41] cifs: make sure we allocate enough storage for socket address Greg KH
2009-02-04 18:45 ` [patch 02/41] ixgb: fix bug when freeing resources Greg KH
2009-02-04 18:45 ` [patch 03/41] m68knommu: set NO_DMA Greg KH
2009-02-04 18:45 ` [patch 04/41] sata_mv: fix 8-port timeouts on 508x/6081 chips Greg KH
2009-02-04 18:45 ` [patch 05/41] x86: use early clobbers in usercopy*.c Greg KH
2009-02-04 18:46 ` [patch 06/41] Add enable_ms to jsm driver Greg KH
2009-02-04 18:46 ` [patch 07/41] fbdev/atyfb: Fix DSP config on some PowerMacs & PowerBooks Greg KH
2009-02-04 23:51 ` Benjamin Herrenschmidt
2009-02-05 0:02 ` Greg KH
2009-02-05 9:23 ` Benjamin Herrenschmidt
2009-02-06 12:05 ` David Woodhouse
2009-02-06 13:48 ` Risto Suominen
2009-02-07 2:50 ` Benjamin Herrenschmidt
2009-02-04 18:46 ` [patch 08/41] Fix memory corruption in console selection Greg KH
2009-02-04 18:46 ` [patch 09/41] Input: atkbd - broaden the Dell DMI signatures Greg KH
2009-02-04 18:46 ` [patch 10/41] Input: atkbd - Samsung NC10 key repeat fix Greg KH
2009-02-04 18:46 ` [patch 11/41] net: fix packet socket delivery in rx irq handler Greg KH
2009-02-04 18:46 ` [patch 12/41] nfsd: Ensure nfsv4 calls the underlying filesystem on LOCKT Greg KH
2009-02-04 18:46 ` [patch 13/41] nfsd: only set file_lock.fl_lmops in nfsd4_lockt if a stateowner is found Greg KH
2009-02-04 18:46 ` [patch 14/41] PCI: irq and pci_ids patch for Intel Tigerpoint DeviceIDs Greg KH
2009-02-04 18:46 ` [patch 15/41] sata_nv: rename nv_nf2_hardreset() Greg KH
2009-02-04 18:46 ` [patch 16/41] sata_nv: fix MCP5x reset Greg KH
2009-02-04 18:46 ` [patch 17/41] sata_nv: ck804 has borked hardreset too Greg KH
2009-02-04 18:46 ` [patch 18/41] USB: isp1760: Fix probe in PCI glue code Greg KH
2009-02-04 18:46 ` Greg KH [this message]
2009-02-04 18:46 ` [patch 20/41] cpuidle: update the last_state acpi cpuidle reflecting actual state entered Greg KH
2009-02-04 18:46 ` [patch 21/41] cpuidle: upon BIOS bug, default to default_idle rather than polling Greg KH
2009-02-04 18:46 ` [patch 22/41] cpuidle: use last_state which can reflect the actual state entered Greg KH
2009-02-04 18:46 ` [patch 23/41] cpuidle: Add decaying history logic to menu idle predictor Greg KH
2009-02-04 18:46 ` [patch 24/41] ACPI: Avoid array address overflow when _CST MWAIT hint bits are set Greg KH
2009-02-04 18:46 ` [patch 25/41] ACPI: Attach the ACPI device to the ACPI handle as early as possible Greg KH
2009-02-04 18:46 ` [patch 26/41] ACPICA: Fixed a couple memory leaks associated with "implicit return" Greg KH
2009-02-04 18:46 ` [patch 27/41] ACPICA: Add check for invalid handle in acpi_get_object_info Greg KH
2009-02-04 18:46 ` [patch 28/41] ACPI: Change acpi_evaluate_integer to support 64-bit on 32-bit kernels Greg KH
2009-02-04 18:46 ` [patch 29/41] ACPI: Fix compiler warnings introduced by 32 to 64 bit acpi conversions Greg KH
2009-02-04 18:46 ` [patch 30/41] ACPI EC: Fix regression due to use of uninitialized variable Greg KH
2009-02-05 8:08 ` Thomas Renninger
2009-02-05 15:06 ` Thomas Renninger
2009-02-05 17:30 ` Greg KH
2009-02-05 17:30 ` Greg KH
2009-02-04 18:46 ` [patch 31/41] ACPICA: Fix wrong resource descriptor length for 64-bit build Greg KH
2009-02-04 18:46 ` [patch 32/41] asus-laptop: Add support for P30/P35 Greg KH
2009-02-04 18:46 ` [patch 33/41] asus-laptop: Fix the led behavior with value > 1 Greg KH
2009-02-10 20:24 ` Pavel Machek
2009-02-10 20:57 ` Greg KH
2009-02-12 8:58 ` Pavel Machek
2009-02-12 9:15 ` Corentin Chary
2009-02-04 18:46 ` [patch 34/41] video: always update the brightness when poking "brightness" Greg KH
2009-02-04 18:46 ` [patch 35/41] dont load asus-acpi if model is not supported Greg KH
2009-02-04 18:47 ` [patch 36/41] Newly inserted battery might differ from one just removed, so Greg KH
2009-02-04 18:47 ` [patch 37/41] ACPI: Do not modify SCI_EN directly Greg KH
2009-02-04 18:47 ` [patch 38/41] ACPI suspend: Blacklist HP xw4600 Workstation for old code ordering Greg KH
2009-02-04 18:47 ` [patch 39/41] dlm: initialize file_lock struct in GETLK before copying conflicting lock Greg KH
2009-02-04 18:47 ` [patch 40/41] sata_mv: Fix chip type for Hightpoint RocketRaid 1740/1742 Greg KH
2009-02-04 18:47 ` [patch 41/41] ACPICA: Allow multiple backslash prefix in namepaths Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090204184626.GT25246@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=greg@kroah.com \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=suresh.b.siddha@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=venkatesh.pallipadi@intel.com \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox