From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, David Sadler <dsadler@us.ibm.com>,
Carsten Otte <cotte@de.ibm.com>,
Louis Alex Eisner <leisner@cs.ucsd.edu>,
Hugh Dickins <hughd@google.com>
Subject: [02/21] mm/filemap_xip.c: fix race condition in xip_file_fault()
Date: Fri, 10 Feb 2012 14:47:41 -0800 [thread overview]
Message-ID: <20120210224850.988599320@clark.kroah.org> (raw)
In-Reply-To: <20120210224858.GA30752@kroah.com>
2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Carsten Otte <carsteno@de.ibm.com>
commit 99f02ef1f18631eb0a4e0ea0a3d56878dbcb4b90 upstream.
Fix a race condition that shows in conjunction with xip_file_fault() when
two threads of the same user process fault on the same memory page.
In this case, the race winner will install the page table entry and the
unlucky loser will cause an oops: xip_file_fault calls vm_insert_pfn (via
vm_insert_mixed) which drops out at this check:
retval = -EBUSY;
if (!pte_none(*pte))
goto out_unlock;
The resulting -EBUSY return value will trigger a BUG_ON() in
xip_file_fault.
This fix simply considers the fault as fixed in this case, because the
race winner has successfully installed the pte.
[akpm@linux-foundation.org: use conventional (and consistent) comment layout]
Reported-by: David Sadler <dsadler@us.ibm.com>
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Reported-by: Louis Alex Eisner <leisner@cs.ucsd.edu>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/filemap_xip.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/mm/filemap_xip.c
+++ b/mm/filemap_xip.c
@@ -262,7 +262,12 @@ found:
xip_pfn);
if (err == -ENOMEM)
return VM_FAULT_OOM;
- BUG_ON(err);
+ /*
+ * err == -EBUSY is fine, we've raced against another thread
+ * that faulted-in the same page
+ */
+ if (err != -EBUSY)
+ BUG_ON(err);
return VM_FAULT_NOPAGE;
} else {
int err, ret = VM_FAULT_OOM;
next prev parent reply other threads:[~2012-02-10 22:55 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 22:48 [00/21] 2.6.32.57-longterm review Greg KH
2012-02-10 22:47 ` [01/21] IB/mlx4: pass SMP vendor-specific attribute MADs to firmware Greg KH
2012-02-10 22:47 ` Greg KH [this message]
2012-02-10 22:47 ` [03/21] NFSv4: Fix up the callers of nfs4_state_end_reclaim_reboot Greg KH
2012-02-10 22:47 ` [04/21] NFSv4: The state manager shouldnt exit on errors that were handled Greg KH
2012-02-10 22:47 ` [05/21] NFSv4: Ensure the state manager handles NFS4ERR_NO_GRACE correctly Greg KH
2012-02-10 22:47 ` [06/21] NFSv4: Handle NFS4ERR_GRACE when recovering an expired lease Greg KH
2012-02-10 22:47 ` [07/21] NFSv4: Fix open recovery Greg KH
2012-02-10 22:47 ` [08/21] rpc client can not deal with ENOSOCK, so translate it into ENOCONN Greg KH
2012-02-10 22:47 ` [09/21] udf: Mark LVID buffer as uptodate before marking it dirty Greg KH
2012-02-10 22:47 ` [10/21] drm/i915: Fix TV Out refresh rate Greg KH
2012-02-10 22:47 ` [11/21] eCryptfs: Infinite loop due to overflow in ecryptfs_write() Greg KH
2012-02-10 22:47 ` [12/21] atmel_lcdfb: fix usage of CONTRAST_CTR in suspend/resume Greg KH
2012-02-10 22:47 ` [13/21] Staging: asus_oled: fix image processing Greg KH
2012-02-10 22:47 ` [14/21] Staging: android: binder: Dont call dump_stack in binder_vma_open Greg KH
2012-02-10 22:47 ` [15/21] Staging: android: binder: Fix crashes when sharing a binder file between processes Greg KH
2012-02-10 22:47 ` [16/21] usb: gadget: zero: fix bug in loopback autoresume handling Greg KH
2012-02-10 22:47 ` [17/21] usb: Skip PCI USB quirk handling for Netlogic XLP Greg KH
2012-02-10 22:47 ` [18/21] USB: usbserial: add new PID number (0xa951) to the ftdi driver Greg KH
2012-02-10 22:47 ` [19/21] mmc: cb710 core: Add missing spin_lock_init for irq_lock of struct cb710_chip Greg KH
2012-02-10 22:47 ` [20/21] net: fix sk_forward_alloc corruptions Greg KH
2012-02-10 22:48 ` [21/21] net: sock_queue_err_skb() dont mess with sk_forward_alloc Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120210224850.988599320@clark.kroah.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cotte@de.ibm.com \
--cc=dsadler@us.ibm.com \
--cc=hughd@google.com \
--cc=leisner@cs.ucsd.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox