From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Michel Lespinasse <walken@google.com>,
James Bottomley <JBottomley@Parallels.com>
Subject: [ 13/37] PARISC: fix virtual aliasing issue in get_shared_area()
Date: Fri, 30 Nov 2012 10:46:00 -0800 [thread overview]
Message-ID: <20121130183858.649363838@linuxfoundation.org> (raw)
In-Reply-To: <20121130183857.166228045@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Bottomley <James.Bottomley@HansenPartnership.com>
commit 949a05d03490e39e773e8652ccab9157e6f595b4 upstream.
On Thu, 2012-11-01 at 16:45 -0700, Michel Lespinasse wrote:
> Looking at the arch/parisc/kernel/sys_parisc.c implementation of
> get_shared_area(), I do have a concern though. The function basically
> ignores the pgoff argument, so that if one creates a shared mapping of
> pages 0-N of a file, and then a separate shared mapping of pages 1-N
> of that same file, both will have the same cache offset for their
> starting address.
>
> This looks like this would create obvious aliasing issues. Am I
> misreading this ? I can't understand how this could work good enough
> to be undetected, so there must be something I'm missing here ???
This turns out to be correct and we need to pay attention to the pgoff as
well as the address when creating the virtual address for the area.
Fortunately, the bug is rarely triggered as most applications which use pgoff
tend to use large values (git being the primary one, and it uses pgoff in
multiples of 16MB) which are larger than our cache coherency modulus, so the
problem isn't often seen in practise.
Reported-by: Michel Lespinasse <walken@google.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/sys_parisc.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -73,6 +73,8 @@ static unsigned long get_shared_area(str
struct vm_area_struct *vma;
int offset = mapping ? get_offset(mapping) : 0;
+ offset = (offset + (pgoff << PAGE_SHIFT)) & 0x3FF000;
+
addr = DCACHE_ALIGN(addr - offset) + offset;
for (vma = find_vma(current->mm, addr); ; vma = vma->vm_next) {
next prev parent reply other threads:[~2012-11-30 18:46 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-30 18:45 [ 00/37] 3.0.54-stable review Greg Kroah-Hartman
2012-11-30 18:45 ` [ 01/37] ALSA: pcmcia - Use pcmcia_request_irq() Greg Kroah-Hartman
2012-11-30 18:45 ` [ 02/37] drivers/block/DAC960: fix DAC960_V2_IOCTL_Opcode_T -Wenum-compare warning Greg Kroah-Hartman
2012-11-30 18:45 ` [ 03/37] drivers/block/DAC960: fix -Wuninitialized warning Greg Kroah-Hartman
2012-11-30 18:45 ` [ 04/37] riva/fbdev: fix several -Wuninitialized Greg Kroah-Hartman
2012-11-30 18:45 ` [ 05/37] ifenslave: Fix unused variable warnings Greg Kroah-Hartman
2012-11-30 18:45 ` [ 06/37] x86-32: Fix invalid stack address while in softirq Greg Kroah-Hartman
2012-12-04 13:42 ` Herton Ronaldo Krzesinski
2012-12-04 14:13 ` Robert Richter
2012-12-06 18:42 ` Greg Kroah-Hartman
2012-11-30 18:45 ` [ 07/37] x86, microcode, AMD: Add support for family 16h processors Greg Kroah-Hartman
2012-11-30 18:45 ` [ 08/37] rtlwifi: rtl8192cu: Add new USB ID Greg Kroah-Hartman
2012-11-30 18:45 ` [ 09/37] mwifiex: report error to MMC core if we cannot suspend Greg Kroah-Hartman
2012-11-30 18:45 ` [ 10/37] SCSI: isci: copy fis 0x34 response into proper buffer Greg Kroah-Hartman
2012-11-30 18:45 ` [ 11/37] ALSA: ua101, usx2y: fix broken MIDI output Greg Kroah-Hartman
2012-11-30 18:45 ` [ 12/37] ALSA: hda - Cirrus: Correctly clear line_out_pins when moving to speaker Greg Kroah-Hartman
2012-12-03 9:46 ` David Henningsson
2012-12-03 20:56 ` Greg Kroah-Hartman
2012-11-30 18:46 ` Greg Kroah-Hartman [this message]
2012-11-30 18:46 ` [ 14/37] PARISC: fix user-triggerable panic on parisc Greg Kroah-Hartman
2012-11-30 18:46 ` [ 15/37] mtd: slram: invalid checking of absolute end address Greg Kroah-Hartman
2012-11-30 18:46 ` [ 16/37] dm: fix deadlock with request based dm and queue request_fn recursion Greg Kroah-Hartman
2012-11-30 18:46 ` [ 17/37] futex: avoid wake_futex() for a PI futex_q Greg Kroah-Hartman
2012-11-30 18:46 ` [ 18/37] mac80211: deinitialize ibss-internals after emptiness check Greg Kroah-Hartman
2012-11-30 18:46 ` [ 19/37] radeon: add AGPMode 1 quirk for RV250 Greg Kroah-Hartman
2012-11-30 18:46 ` [ 20/37] can: bcm: initialize ifindex for timeouts without previous frame reception Greg Kroah-Hartman
2012-11-30 18:46 ` [ 21/37] jbd: Fix lock ordering bug in journal_unmap_buffer() Greg Kroah-Hartman
2012-11-30 18:46 ` [ 22/37] sparc64: not any error from do_sigaltstack() should fail rt_sigreturn() Greg Kroah-Hartman
2012-11-30 18:46 ` [ 23/37] ALSA: hda - Add new codec ALC283 ALC290 support Greg Kroah-Hartman
2012-11-30 18:46 ` [ 24/37] ALSA: hda - Fix missing beep on ASUS X43U notebook Greg Kroah-Hartman
2012-11-30 18:46 ` [ 25/37] ALSA: hda - Add support for Realtek ALC292 Greg Kroah-Hartman
2012-11-30 18:46 ` [ 26/37] bas_gigaset: fix pre_reset handling Greg Kroah-Hartman
2012-11-30 18:46 ` [ 27/37] ixgbe: add support for X540-AT1 Greg Kroah-Hartman
2012-11-30 18:46 ` [ 28/37] sata_svw: check DMA start bit before reset Greg Kroah-Hartman
2012-11-30 18:46 ` [ 29/37] ixgbe: add support for new 82599 device Greg Kroah-Hartman
2012-11-30 18:46 ` [ 30/37] ixgbe: add support for new 82599 device id Greg Kroah-Hartman
2012-11-30 18:46 ` [ 31/37] get_dvb_firmware: fix download site for tda10046 firmware Greg Kroah-Hartman
2012-11-30 18:46 ` [ 32/37] USB: mct_u232: fix broken close Greg Kroah-Hartman
2012-11-30 18:46 ` [ 33/37] watchdog: using u64 in get_sample_period() Greg Kroah-Hartman
2012-11-30 18:46 ` [ 34/37] acer-wmi: support for P key on TM8372 Greg Kroah-Hartman
2012-11-30 18:46 ` [ 35/37] x86, mce, therm_throt: Dont report power limit and package level thermal throttle events in mcelog Greg Kroah-Hartman
2012-11-30 18:46 ` [ 36/37] Input: bcm5974 - set BUTTONPAD property Greg Kroah-Hartman
2012-11-30 18:46 ` [ 37/37] mmc: sdhci-s3c: fix the wrong number of max bus clocks Greg Kroah-Hartman
2012-12-01 15:36 ` [ 00/37] 3.0.54-stable review Satoru Takeuchi
2012-12-01 16:24 ` David Miller
2012-12-01 17:15 ` Shuah Khan
2012-12-02 0:27 ` Satoru Takeuchi
2012-12-02 2:07 ` Shuah Khan
2012-12-02 17:01 ` Greg Kroah-Hartman
2012-12-02 19:36 ` Nikola Ciprich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121130183858.649363838@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=JBottomley@Parallels.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).