From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ming Lei <ming.lei@canonical.com>,
Aaro Koskinen <aaro.koskinen@iki.fi>,
Simon Baatz <gmbnomis@gmail.com>,
Russell King - ARM Linux <linux@arm.linux.org.uk>,
Will Deacon <will.deacon@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
Tejun Heo <tj@kernel.org>,
"James E.J. Bottomley" <JBottomley@parallels.com>,
Jens Axboe <axboe@kernel.dk>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3.4 22/26] lib/scatterlist.c: dont flush_kernel_dcache_page on slab page
Date: Fri, 8 Nov 2013 22:51:51 -0800 [thread overview]
Message-ID: <20131109065051.746459117@linuxfoundation.org> (raw)
In-Reply-To: <20131109065050.089866597@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming Lei <ming.lei@canonical.com>
commit 3d77b50c5874b7e923be946ba793644f82336b75 upstream.
Commit b1adaf65ba03 ("[SCSI] block: add sg buffer copy helper
functions") introduces two sg buffer copy helpers, and calls
flush_kernel_dcache_page() on pages in SG list after these pages are
written to.
Unfortunately, the commit may introduce a potential bug:
- Before sending some SCSI commands, kmalloc() buffer may be passed to
block layper, so flush_kernel_dcache_page() can see a slab page
finally
- According to cachetlb.txt, flush_kernel_dcache_page() is only called
on "a user page", which surely can't be a slab page.
- ARCH's implementation of flush_kernel_dcache_page() may use page
mapping information to do optimization so page_mapping() will see the
slab page, then VM_BUG_ON() is triggered.
Aaro Koskinen reported the bug on ARM/kirkwood when DEBUG_VM is enabled,
and this patch fixes the bug by adding test of '!PageSlab(miter->page)'
before calling flush_kernel_dcache_page().
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Tested-by: Simon Baatz <gmbnomis@gmail.com>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Tejun Heo <tj@kernel.org>
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/scatterlist.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -419,7 +419,8 @@ void sg_miter_stop(struct sg_mapping_ite
if (miter->addr) {
miter->__offset += miter->consumed;
- if (miter->__flags & SG_MITER_TO_SG)
+ if ((miter->__flags & SG_MITER_TO_SG) &&
+ !PageSlab(miter->page))
flush_kernel_dcache_page(miter->page);
if (miter->__flags & SG_MITER_ATOMIC) {
next prev parent reply other threads:[~2013-11-09 6:51 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-09 6:51 [PATCH 3.4 00/26] 3.4.69-stable review Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 01/26] USB: support new huawei devices in option.c Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 02/26] USB: quirks.c: add one device that cannot deal with suspension Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 03/26] USB: quirks: add touchscreen that is dazzeled by remote wakeup Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 04/26] USB: serial: ftdi_sio: add id for Z3X Box device Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 05/26] mac80211: correctly close cancelled scans Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 06/26] mac80211: update sta->last_rx on acked tx frames Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 07/26] rtlwifi: rtl8192cu: Fix error in pointer arithmetic Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 08/26] jfs: fix error path in ialloc Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 09/26] can: flexcan: flexcan_chip_start: fix regression, mark one MB for TX and abort pending TX Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 10/26] libata: make ata_eh_qc_retry() bump scmd->allowed on bogus failures Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 11/26] md: Fix skipping recovery for read-only arrays Greg Kroah-Hartman
2013-11-17 4:11 ` Ben Hutchings
2013-11-17 7:20 ` NeilBrown
2013-11-09 6:51 ` [PATCH 3.4 12/26] clockevents: Sanitize ticks to nsec conversion Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 13/26] parisc: Do not crash 64bit SMP kernels on machines with >= 4GB RAM Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 14/26] ALSA: hda - Add a fixup for ASUS N76VZ Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 15/26] ALSA: fix oops in snd_pcm_info() caused by ASoC DPCM Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 16/26] ASoC: wm_hubs: Add missing break in hp_supply_event() Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 17/26] ASoC: dapm: Fix source list debugfs outputs Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 18/26] staging: ozwpan: prevent overflow in oz_cdev_write() Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 19/26] Staging: bcm: info leak in ioctl Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 20/26] uml: check length in exitcode_proc_write() Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 21/26] xtensa: dont use alternate signal stack on threads Greg Kroah-Hartman
2013-11-09 6:51 ` Greg Kroah-Hartman [this message]
2013-11-09 6:51 ` [PATCH 3.4 23/26] aacraid: missing capable() check in compat ioctl Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 24/26] mm: fix aio performance regression for database caused by THP Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 25/26] drm: Prevent overwriting from userspace underallocating core ioctl structs Greg Kroah-Hartman
2013-11-09 6:51 ` [PATCH 3.4 26/26] drm/radeon/atom: workaround vbios bug in transmitter table on rs780 Greg Kroah-Hartman
2013-11-09 14:24 ` [PATCH 3.4 00/26] 3.4.69-stable review Satoru Takeuchi
2013-11-09 16:19 ` Greg Kroah-Hartman
2013-11-09 16:58 ` Guenter Roeck
2013-11-09 17:12 ` Greg Kroah-Hartman
2013-11-11 17:58 ` Shuah Khan
2013-11-11 22:51 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131109065051.746459117@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=JBottomley@parallels.com \
--cc=aaro.koskinen@iki.fi \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=catalin.marinas@arm.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=gmbnomis@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=ming.lei@canonical.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).