From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
torvalds@linux-foundation.org
Cc: stable-review@kernel.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, nick@craig-wood.com, kbowa@tuxedu.org,
penberg@cs.helsinki.fi, kamezawa.hiroyu@jp.fujitsu.com
Subject: [117/136] /proc/kcore: work around a BUG()
Date: Thu, 01 Oct 2009 18:17:45 -0700 [thread overview]
Message-ID: <20091002012425.572199097@mini.kroah.org> (raw)
In-Reply-To: <20091002012911.GA18542@kroah.com>
[-- Attachment #1: proc-kcore-work-around-a-bug.patch --]
[-- Type: text/plain, Size: 3395 bytes --]
2.6.31-stable review patch. If anyone has any objections, please let us know.
------------------
From: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Not upstream due to other fixes in .32
Works around a BUG() which is triggered when the kernel accesses holes in
vmalloc regions.
BUG: unable to handle kernel paging request at fa54c000
IP: [<c04f687a>] read_kcore+0x260/0x31a
*pde = 3540b067 *pte = 00000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1c.2/0000:03:00.0/ieee80211/phy0/rfkill0/state
Modules linked in: fuse sco bridge stp llc bnep l2cap bluetooth sunrpc nf_conntrack_ftp ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq dm_multipath uinput usb_storage arc4 ecb snd_hda_codec_realtek snd_hda_intel ath5k snd_hda_codec snd_hwdep iTCO_wdt snd_pcm iTCO_vendor_support pcspkr i2c_i801 mac80211 joydev snd_timer serio_raw r8169 snd soundcore mii snd_page_alloc ath cfg80211 ata_generic i915 drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan]
Sep 4 12:45:16 tuxedu kernel: Pid: 2266, comm: cat Not tainted (2.6.31-rc8 #2) Joybook Lite U101
EIP: 0060:[<c04f687a>] EFLAGS: 00010286 CPU: 0
EIP is at read_kcore+0x260/0x31a
EAX: f5e5ea00 EBX: fa54d000 ECX: 00000400 EDX: 00001000
ESI: fa54c000 EDI: f44ad000 EBP: e4533f4c ESP: e4533f24
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process cat (pid: 2266, ti=e4532000 task=f09d19a0 task.ti=e4532000)
Stack:
00005000 00000000 f44ad000 09d9c000 00003000 fa54c000 00001000 f6d16f60
e4520b80 fffffffb e4533f70 c04ef8eb e4533f98 00008000 09d97000 c04f661a
e4520b80 09d97000 c04ef88c e4533f8c c04ba531 e4533f98 c04c0930 e4520b80
Call Trace:
[<c04ef8eb>] ? proc_reg_read+0x5f/0x73
[<c04f661a>] ? read_kcore+0x0/0x31a
[<c04ef88c>] ? proc_reg_read+0x0/0x73
[<c04ba531>] ? vfs_read+0x82/0xe1
[<c04c0930>] ? path_put+0x1a/0x1d
[<c04ba62e>] ? sys_read+0x40/0x62
[<c0403298>] ? sysenter_do_call+0x12/0x2d
Code: 39 f3 89 ca 0f 43 f3 89 fb 29 f2 29 f3 39 cf 0f 46 d3 29 55 dc 8d 1c 32 f6 40 0c 01 75 18 89 d1 89 f7 c1 e9 02 2b 7d ec 03 7d e0 <f3> a5 89 d1 83 e1 03 74 02 f3 a4 8b 00 83 7d dc 00 74 04 85 c0
EIP: [<c04f687a>] read_kcore+0x260/0x31a SS:ESP 0068:e4533f24
CR2: 00000000fa54c000
To access vmalloc area which may have memory holes, copy_from_user is
useful. So this:
# cat /proc/kcore > /dev/null
will not panic.
This is a minimal fix, suitable for 2.6.30.x and 2.6.31. More extensive
/proc/kcore changes are planned for 2.6.32.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Tested-by: Nick Craig-Wood <nick@craig-wood.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Reported-by: <kbowa@tuxedu.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/proc/kcore.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -361,7 +361,13 @@ read_kcore(struct file *file, char __use
/* don't dump ioremap'd stuff! (TA) */
if (m->flags & VM_IOREMAP)
continue;
- memcpy(elf_buf + (vmstart - start),
+ /*
+ * we may access memory holes, then use
+ * ex_table. checking return value just for
+ * avoid warnings.
+ */
+ vmsize = __copy_from_user_inatomic(
+ elf_buf + (vmstart - start),
(char *)vmstart, vmsize);
}
read_unlock(&vmlist_lock);
next prev parent reply other threads:[~2009-10-02 1:34 UTC|newest]
Thread overview: 155+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20091002011548.335611824@mini.kroah.org>
2009-10-02 1:29 ` [000/136] 2.6.31.2-stable review Greg KH
2009-10-02 1:15 ` [001/136] KVM: VMX: Fix EPT with WP bit change during paging Greg KH
2009-10-02 1:15 ` [002/136] pata_amd: do not filter out valid modes in nv_mode_filter Greg KH
2009-10-02 1:15 ` [003/136] p54usb: add Zcomax XG-705A usbid Greg KH
2009-10-02 1:15 ` [004/136] x86: Increase MIN_GAP to include randomized stack Greg KH
2009-10-02 1:15 ` [005/136] serial: bfin_5xx: fix building as module when early printk is enabled Greg KH
2009-10-02 1:15 ` [006/136] USB: option.c Add support for ZTE AC2726 EVDO modem Greg KH
2009-10-02 1:15 ` [007/136] USB: option: TELIT UC864G support Greg KH
2009-10-02 1:15 ` [008/136] video: s3c_fb.c: fix build with CONFIG_HOTPLUG=n Greg KH
2009-10-02 1:15 ` [009/136] kbuild: fix cc1 options check to ensure we do not use -fPIC when compiling Greg KH
2009-10-02 1:15 ` [010/136] drivers/mfd/ab3100-core.c: fix powerpc build error Greg KH
2009-10-02 1:15 ` [011/136] thinkpad-acpi: dont ask about brightness_mode for fw. 1V and 1R Greg KH
2009-10-02 1:16 ` [012/136] ACPI: pci_slot.ko wants a 64-bit _SUN Greg KH
2009-10-02 1:16 ` [013/136] fbcon: only unbind from console if successfully registered Greg KH
2009-10-02 1:16 ` [014/136] kallsyms: fix segfault in prefix_underscores_count() Greg KH
2009-10-02 1:16 ` [015/136] sisfb: change SiS_DDC_Port type to SISIOADDRESS Greg KH
2009-10-02 1:16 ` [016/136] mmc_spi: fail gracefully if host or card do not support the switch command Greg KH
2009-10-02 1:16 ` [017/136] alpha: AGP update (fixes compile failure) Greg KH
2009-10-02 1:16 ` [018/136] fs: make sure data stored into inode is properly seen before unlocking new inode Greg KH
2009-10-02 1:16 ` [019/136] eCryptfs: Handle unrecognized tag 3 cipher codes Greg KH
2009-10-02 1:16 ` [020/136] eCryptfs: Check for O_RDONLY lower inodes when opening lower files Greg KH
2009-10-02 1:16 ` [021/136] eCryptfs: Filename encryption only supports password auth tokens Greg KH
2009-10-02 1:16 ` [022/136] eCryptfs: Validate global auth tok keys Greg KH
2009-10-02 1:16 ` [023/136] eCryptfs: Prevent lower dentry from going negative during unlink Greg KH
2009-10-02 1:16 ` [024/136] [CIFS] Re-enable Lanman security Greg KH
2009-10-02 1:16 ` [025/136] xen: make -fstack-protector work under Xen Greg KH
2009-10-02 1:16 ` [026/136] xen: only enable interrupts while actually blocking for spinlock Greg KH
2009-10-02 1:16 ` [027/136] xen: use stronger barrier after unlocking lock Greg KH
2009-10-02 1:16 ` [028/136] xen: check EFER for NX before setting up GDT mapping Greg KH
2009-10-02 1:16 ` [029/136] perf_counter: Fix perf_copy_attr() pointer arithmetic Greg KH
2009-10-02 1:16 ` [030/136] perf tools: Fix buffer allocation Greg KH
2009-10-02 1:16 ` [031/136] tty: serial/pcmcia: add ID for Advantech card Greg KH
2009-10-02 1:16 ` [032/136] PM / PCMCIA: Drop second argument of pcmcia_socket_dev_suspend() Greg KH
2009-10-02 1:16 ` [033/136] PM / yenta: Fix cardbus suspend/resume regression Greg KH
2009-10-02 1:16 ` [034/136] sony-laptop: check for rfkill hard block at load time Greg KH
2009-10-02 1:16 ` [035/136] nilfs2: fix missing zero-fill initialization of btree node cache Greg KH
2009-10-02 1:16 ` [036/136] ar9170usb: add usbid for TP-Link TL-WN821N v2 Greg KH
2009-10-02 1:16 ` [037/136] mtd: nand: fix ECC Correction bug for SMC ordering for NDFC driver Greg KH
2009-10-02 1:16 ` [038/136] mtd: ofpart: Check availability of reg property instead of name property Greg KH
2009-10-02 1:16 ` [039/136] mtd: cfi_cmdset_0002: add 0xFF intolerance for M29W128G Greg KH
2009-10-02 1:16 ` [040/136] USB: serial: ftdi_sio: new hardware support - hameg power supply Greg KH
2009-10-02 1:16 ` [041/136] USB: add PIDs for FTDI based OpenDCC hardware Greg KH
2009-10-02 1:16 ` [042/136] USB: serial: ftdi: handle gnICE+ JTAG adaptors Greg KH
2009-10-02 1:16 ` [043/136] USB: CDC WDM driver doesnt support non-blocking reads Greg KH
2009-10-02 1:16 ` [044/136] USB: fix cdc-acm regression in open Greg KH
2009-10-02 1:16 ` [045/136] cdc_acm: Fix to use modern speed interfaces Greg KH
2009-10-02 1:16 ` [046/136] tty: remove dtr/rts use from the driver open methods Greg KH
2009-10-02 1:16 ` [047/136] tty: gigaset: really fix chars_in_buffer Greg KH
2009-10-02 1:16 ` [048/136] kaweth: Fix memory leak in kaweth_control() Greg KH
2009-10-02 1:16 ` [049/136] x86: SGI UV: Fix IPI macros Greg KH
2009-10-02 1:16 ` [050/136] USB: serial: pl2303: new hardware support - sanwa multimeter Greg KH
2009-10-02 1:16 ` [051/136] USB: storage: fix a resume path GFP_NOIO must be used Greg KH
2009-10-02 1:16 ` [052/136] USB: usb-storage fails to attach to Huawei Datacard cdrom device Greg KH
2009-10-02 1:16 ` [053/136] USB: usbtmc: sanity checks for DEV_DEP_MSG_IN urbs Greg KH
2009-10-02 1:16 ` [054/136] USB: sl811-hcd: Fix device disconnect: Greg KH
2009-10-02 1:16 ` [055/136] drm/i915: remove restore in resume Greg KH
2009-10-02 1:16 ` [056/136] drm/i915: Only destroy a constructed mmap offset Greg KH
2009-10-02 1:16 ` [057/136] drm/i915: prevent FIFO calculation overflows on 32 bits with high dotclocks Greg KH
2009-10-02 1:16 ` [058/136] drm/i915: Add buffer to inactive list immediately during fault Greg KH
2009-10-02 1:16 ` [059/136] drm/i915: Check that the relocation points to within the target Greg KH
2009-10-02 1:16 ` [060/136] drm/i915: Fix typo for wrong LVDS clock setting on IGDNG Greg KH
2009-10-02 1:16 ` [061/136] drm/i915: Fix SSC frequence for IGDNG Greg KH
2009-10-02 1:16 ` [062/136] drm/i915: Remove DAC disable in CRT force detect on IGDNG Greg KH
2009-10-02 1:16 ` [063/136] drm/i915: Fix LVDS panel fitting on Arrandale Greg KH
2009-10-02 1:16 ` [064/136] drm/I915: Use the CRT DDC to get the EDID for DVI-connector on Mac Greg KH
2009-10-02 1:16 ` [065/136] drm/i915: fix tiling on IGDNG Greg KH
2009-10-02 1:16 ` [066/136] agp/intel: Fix the pre-9xx chipset flush Greg KH
2009-10-02 1:16 ` [067/136] nfsd4: fix null dereference creating nfsv4 callback client Greg KH
2009-10-02 1:16 ` [068/136] can: fix NOHZ local_softirq_pending 08 warning Greg KH
2009-10-02 1:16 ` [069/136] ahci: restore pci_intx() handling Greg KH
2009-10-02 1:16 ` [070/136] [ARM] pxa/sharpsl_pm: zaurus c3000 aka spitz: fix resume Greg KH
2009-10-02 1:16 ` [071/136] net ax25: Fix signed comparison in the sockopt handler Greg KH
2009-10-02 1:17 ` [072/136] net: Make the copy length in af_packet sockopt handler unsigned Greg KH
2009-10-02 1:17 ` [073/136] pty_write: dont do a tty_wakeup() when the buffers are full Greg KH
2009-10-02 1:17 ` [074/136] KVM: fix cpuid E2BIG handling for extended request types Greg KH
2009-10-02 1:17 ` [075/136] KVM: MMU: fix missing locking in alloc_mmu_pages Greg KH
2009-10-02 1:17 ` [076/136] KVM: MMU: fix bogus alloc_mmu_pages assignment Greg KH
2009-10-02 1:17 ` [077/136] KVM: Protect update_cr8_intercept() when running without an apic Greg KH
2009-10-02 1:17 ` [078/136] Revert "KVM: x86: check for cr3 validity in ioctl_set_sregs" Greg KH
2009-10-02 1:17 ` [079/136] [CPUFREQ] Fix NULL ptr regression in powernow-k8 Greg KH
2009-10-03 15:19 ` Herton Ronaldo Krzesinski
2009-10-05 16:08 ` [Stable-review] " Greg KH
2009-10-02 1:17 ` [080/136] perf tools: do not complain if root is owning perf.data Greg KH
2009-10-02 1:17 ` [081/136] netfilter: nf_nat: fix inverted logic for persistent NAT mappings Greg KH
2009-10-02 1:17 ` [082/136] netfilter: nf_conntrack: netns fix re reliable conntrack event delivery Greg KH
2009-10-02 1:17 ` [083/136] netfilter: bridge: refcount fix Greg KH
2009-10-02 1:17 ` [084/136] netfilter: ebt_ulog: fix checkentry return value Greg KH
2009-10-02 1:17 ` [085/136] ath5k: Wakeup fixes Greg KH
2009-10-02 1:17 ` [086/136] ath5k: do not release irq across suspend/resume Greg KH
2009-10-02 1:17 ` [087/136] Driver core: add new device to buss list before probing Greg KH
2009-10-02 1:17 ` [088/136] tty: Add a full port_close function Greg KH
2009-10-02 1:17 ` [089/136] tty: USB hangup is racy Greg KH
2009-10-02 1:17 ` [090/136] tty: USB can now use the shutdown method for kref based freeing of ports Greg KH
2009-10-02 1:17 ` [091/136] hwmon: (asus_atk0110) Add maintainer information Greg KH
2009-10-02 1:17 ` [092/136] tty: USB serial termios bits Greg KH
2009-10-02 1:17 ` [093/136] usb-serial: change referencing of port and serial structures Greg KH
2009-10-02 1:17 ` [094/136] usb-serial: put subroutines in logical order Greg KH
2009-10-02 1:17 ` [095/136] usb-serial: change logic of serial lookups Greg KH
2009-10-02 1:17 ` [096/136] usb-serial: acquire references when a new tty is installed Greg KH
2009-10-02 1:17 ` [097/136] usb-serial: fix termios initialization logic Greg KH
2009-10-02 1:17 ` [098/136] usb-serial: rename subroutines Greg KH
2009-10-02 1:17 ` [099/136] usb-serial: add missing tests and debug lines Greg KH
2009-10-02 1:17 ` [100/136] usb-serial: straighten out serial_open Greg KH
2009-10-02 1:17 ` [101/136] USB serial: update the console driver Greg KH
2009-10-02 1:17 ` [102/136] USB: xhci: Work around for chain bit in link TRBs Greg KH
2009-10-02 1:17 ` [103/136] USB: xhci: Fix slot and endpoint context debugging Greg KH
2009-10-02 1:17 ` [104/136] USB: xhci: Configure endpoint code refactoring Greg KH
2009-10-02 1:17 ` [105/136] USB: xhci: Set correct max packet size for HS/FS control endpoints Greg KH
2009-10-02 1:17 ` [106/136] USB: xhci: Support full speed devices Greg KH
2009-10-02 1:17 ` [107/136] USB: xhci: Handle stalled control endpoints Greg KH
2009-10-02 1:17 ` [108/136] USB: xhci: Add quirk for Fresco Logic xHCI hardware Greg KH
2009-10-02 1:17 ` [109/136] USB: xhci: Make TRB completion code comparison readable Greg KH
2009-10-02 16:38 ` David Vrabel
2009-10-02 16:53 ` [stable] " Greg KH
2009-10-02 17:23 ` David Vrabel
2009-10-02 17:35 ` Greg KH
2009-10-02 1:17 ` [110/136] USB: xhci: Handle babbling endpoints correctly Greg KH
2009-10-02 1:17 ` [111/136] USB: xhci: Dont touch xhci_td after its freed Greg KH
2009-10-02 1:17 ` [112/136] USB: xhci: Check URBs actual transfer buffer size Greg KH
2009-10-02 1:17 ` [113/136] USB: xhci: Check URB_SHORT_NOT_OK before setting short packet status Greg KH
2009-10-02 1:17 ` [114/136] USB: xhci: Set -EREMOTEIO when xHC gives bad transfer length Greg KH
2009-10-02 1:17 ` [115/136] USB: xhci: Support interrupt transfers Greg KH
2009-10-02 1:17 ` [116/136] USB: Fix SS endpoint companion descriptor parsing Greg KH
2009-10-02 1:17 ` Greg KH [this message]
2009-10-02 1:17 ` [118/136] hugetlb: restore interleaving of bootmem huge pages (2.6.31) Greg KH
2009-10-02 1:17 ` [119/136] page-allocator: limit the number of MIGRATE_RESERVE pageblocks per zone Greg KH
2009-10-02 1:17 ` [120/136] mm: munlock use follow_page Greg KH
2009-10-02 16:46 ` Hugh Dickins
2009-10-02 16:54 ` Greg KH
2009-10-02 1:17 ` [121/136] mm: fix anonymous dirtying Greg KH
2009-10-02 16:34 ` Hugh Dickins
2009-10-02 16:55 ` Greg KH
2009-10-02 1:17 ` [122/136] mmap: avoid unnecessary anon_vma lock acquisition in vma_adjust() Greg KH
2009-10-02 16:36 ` Hugh Dickins
2009-10-02 16:54 ` Greg KH
2009-10-02 1:17 ` [123/136] Fix idle time field in /proc/uptime Greg KH
2009-10-02 1:17 ` [124/136] drm/i915: Handle ERESTARTSYS during page fault Greg KH
2009-10-02 1:17 ` [125/136] em28xx: ir-kbd-i2c init data needs a persistent object Greg KH
2009-10-02 1:17 ` [126/136] saa7134: " Greg KH
2009-10-02 1:17 ` [127/136] powerpc/8xx: Fix regression introduced by cache coherency rewrite Greg KH
2009-10-02 1:17 ` [128/136] powerpc: Fix incorrect setting of __HAVE_ARCH_PTE_SPECIAL Greg KH
2009-10-02 1:17 ` [129/136] HID: completely remove apple mightymouse from blacklist Greg KH
2009-10-02 1:17 ` [130/136] [SCSI] mptsas : PAE Kernel more than 4 GB kernel panic Greg KH
2009-10-02 1:17 ` [131/136] NOMMU: Fix MAP_PRIVATE mmap() of objects where the data can be mapped directly Greg KH
2009-10-02 1:18 ` [132/136] iwlwifi: Handle new firmware file with ucode build number in header Greg KH
2009-10-02 1:18 ` [133/136] iwlwifi: update 1000 series API version to match firmware Greg KH
2009-10-02 1:18 ` [134/136] iwlagn: modify digital SVR for 1000 Greg KH
2009-10-02 1:18 ` [135/136] iwlwifi: traverse linklist to find the valid OTP block Greg KH
2009-10-02 1:18 ` [136/136] iwlwifi: fix unloading driver while scanning Greg KH
2009-10-02 5:01 ` [000/136] 2.6.31.2-stable review Eric W. Biederman
2009-10-02 5:10 ` Greg KH
2009-10-02 5:34 ` Eric W. Biederman
2009-10-02 6:06 ` Eric W. Biederman
2009-10-06 0:12 ` Daisuke Nishimura
2009-10-09 22:30 ` [Stable-review] " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091002012425.572199097@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kbowa@tuxedu.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nick@craig-wood.com \
--cc=penberg@cs.helsinki.fi \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox