From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org,
"Shiraz Hashim" <shashim@codeaurora.org>,
"Naoya Horiguchi" <n-horiguchi@ah.jp.nec.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: [PATCH 3.2 14/24] mm: pagewalk: call pte_hole() for VM_PFNMAP during walk_page_range
Date: Tue, 03 Mar 2015 22:11:28 +0000 [thread overview]
Message-ID: <lsq.1425420688.949446642@decadent.org.uk> (raw)
In-Reply-To: <lsq.1425420688.806916072@decadent.org.uk>
3.2.68-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Shiraz Hashim <shashim@codeaurora.org>
commit 23aaed6659df9adfabe9c583e67a36b54e21df46 upstream.
walk_page_range() silently skips vma having VM_PFNMAP set, which leads
to undesirable behaviour at client end (who called walk_page_range).
Userspace applications get the wrong data, so the effect is like just
confusing users (if the applications just display the data) or sometimes
killing the processes (if the applications do something with
misunderstanding virtual addresses due to the wrong data.)
For example for pagemap_read, when no callbacks are called against
VM_PFNMAP vma, pagemap_read may prepare pagemap data for next virtual
address range at wrong index.
Eventually userspace may get wrong pagemap data for a task.
Corresponding to a VM_PFNMAP marked vma region, kernel may report
mappings from subsequent vma regions. User space in turn may account
more pages (than really are) to the task.
In my case I was using procmem, procrack (Android utility) which uses
pagemap interface to account RSS pages of a task. Due to this bug it
was giving a wrong picture for vmas (with VM_PFNMAP set).
Fixes: a9ff785e4437 ("mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas")
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
mm/pagewalk.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c
@@ -200,7 +200,10 @@ int walk_page_range(unsigned long addr,
*/
if ((vma->vm_start <= addr) &&
(vma->vm_flags & VM_PFNMAP)) {
- next = vma->vm_end;
+ if (walk->pte_hole)
+ err = walk->pte_hole(addr, next, walk);
+ if (err)
+ break;
pgd = pgd_offset(walk->mm, next);
continue;
}
next prev parent reply other threads:[~2015-03-03 23:25 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-03 22:11 [PATCH 3.2 00/24] 3.2.68-rc1 review Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 23/24] ipv6: fib: fix fib dump restart Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 15/24] nilfs2: fix deadlock of segment constructor over I_SYNC flag Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 22/24] ipv6: fib: fix fib dump restart Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 05/24] ALSA: ak411x: Fix stall in work callback Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 16/24] Drivers: hv: vmbus: incorrect device name is printed when child device is unregistered Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 02/24] x86: mm/fault: Fix semaphore imbalance Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 06/24] lib/checksum.c: fix carry in csum_tcpudp_nofold Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 17/24] staging: comedi: cb_pcidas64: fix incorrect AI range code handling Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 11/24] gpio: sysfs: fix memory leak in gpiod_sysfs_set_active_low Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 24/24] Bluetooth: ath3k: workaround the compatibility issue with xHCI controller Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 09/24] MIPS: Fix kernel lockup or crash after CPU offline/online Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 20/24] time: adjtimex: Validate the ADJ_FREQUENCY values Ben Hutchings
2015-03-03 22:11 ` Ben Hutchings [this message]
2015-03-03 22:11 ` [PATCH 3.2 19/24] sched/rt: Reduce rq lock contention by eliminating locking of non-feasible target Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 03/24] MIPS: IRQ: Fix disable_irq on CPU IRQs Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 18/24] [media] media/rc: Send sync space information on the lirc device Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 08/24] caif: remove wrong dev_net_set() call Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 07/24] lib/checksum.c: fix build for generic csum_tcpudp_nofold Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 01/24] PCI: quirks: Fix backport of quirk_io() Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 13/24] net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 04/24] ASoC: atmel_ssc_dai: fix start event for I2S mode Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 21/24] ntp: Fixup adjtimex freq validation on 32-bit systems Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 12/24] MIPS: Fix C0_Pagegrain[IEC] support Ben Hutchings
2015-03-03 23:24 ` David Daney
2015-03-04 0:25 ` Ben Hutchings
2015-03-03 22:11 ` [PATCH 3.2 10/24] gpio: sysfs: fix memory leak in gpiod_export_link Ben Hutchings
2015-03-04 0:28 ` [PATCH 3.2 00/24] 3.2.68-rc1 review Ben Hutchings
2015-03-04 1:01 ` Guenter Roeck
2015-03-04 2:09 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1425420688.949446642@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=shashim@codeaurora.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox