From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Richard Yao <ryao@gentoo.org>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.10 21/97] 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers
Date: Tue, 4 Mar 2014 12:03:34 -0800 [thread overview]
Message-ID: <20140304200346.771642798@linuxfoundation.org> (raw)
In-Reply-To: <20140304200345.895517495@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Yao <ryao@gentoo.org>
[ Upstream commit b6f52ae2f0d32387bde2b89883e3b64d88b9bfe8 ]
The 9p-virtio transport does zero copy on things larger than 1024 bytes
in size. It accomplishes this by returning the physical addresses of
pages to the virtio-pci device. At present, the translation is usually a
bit shift.
That approach produces an invalid page address when we read/write to
vmalloc buffers, such as those used for Linux kernel modules. Any
attempt to load a Linux kernel module from 9p-virtio produces the
following stack.
[<ffffffff814878ce>] p9_virtio_zc_request+0x45e/0x510
[<ffffffff814814ed>] p9_client_zc_rpc.constprop.16+0xfd/0x4f0
[<ffffffff814839dd>] p9_client_read+0x15d/0x240
[<ffffffff811c8440>] v9fs_fid_readn+0x50/0xa0
[<ffffffff811c84a0>] v9fs_file_readn+0x10/0x20
[<ffffffff811c84e7>] v9fs_file_read+0x37/0x70
[<ffffffff8114e3fb>] vfs_read+0x9b/0x160
[<ffffffff81153571>] kernel_read+0x41/0x60
[<ffffffff810c83ab>] copy_module_from_fd.isra.34+0xfb/0x180
Subsequently, QEMU will die printing:
qemu-system-x86_64: virtio: trying to map MMIO memory
This patch enables 9p-virtio to correctly handle this case. This not
only enables us to load Linux kernel modules off virtfs, but also
enables ZFS file-based vdevs on virtfs to be used without killing QEMU.
Special thanks to both Avi Kivity and Alexander Graf for their
interpretation of QEMU backtraces. Without their guidence, tracking down
this bug would have taken much longer. Also, special thanks to Linus
Torvalds for his insightful explanation of why this should use
is_vmalloc_addr() instead of is_vmalloc_or_module_addr():
https://lkml.org/lkml/2014/2/8/272
Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/9p/trans_virtio.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -340,7 +340,10 @@ static int p9_get_mapped_pages(struct vi
int count = nr_pages;
while (nr_pages) {
s = rest_of_page(data);
- pages[index++] = kmap_to_page(data);
+ if (is_vmalloc_addr(data))
+ pages[index++] = vmalloc_to_page(data);
+ else
+ pages[index++] = kmap_to_page(data);
data += s;
nr_pages--;
}
next prev parent reply other threads:[~2014-03-04 20:03 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-04 20:03 [PATCH 3.10 00/97] 3.10.33-stable review Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 01/97] drm/nouveau: set irq_enabled manually Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 02/97] drm/nv50/disp: use correct register to determine DP display bpp Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 03/97] ext4: fix error paths in swap_inode_boot_loader() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 04/97] ext4: dont try to modify s_flags if the the file system is read-only Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 05/97] ext4: fix online resize with very large inode tables Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 06/97] ext4: fix online resize with a non-standard blocks per group setting Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 07/97] ext4: dont leave i_crtime.tv_sec uninitialized Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 08/97] ARM: dma-mapping: fix GFP_ATOMIC macro usage Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 09/97] ARM: 7953/1: mm: ensure TLB invalidation is complete before enabling MMU Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 10/97] ARM: 7957/1: add DSB after icache flush in __flush_icache_all() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 11/97] ARM: OMAP2+: gpmc: fix: DT NAND child nodes not probed when MTD_NAND is built as module Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 12/97] ARM: OMAP2+: gpmc: fix: DT ONENAND child nodes not probed when MTD_ONENAND " Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 13/97] avr32: fix missing module.h causing build failure in mimc200/fram.c Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 14/97] avr32: Makefile: add -D__linux__ flag for gcc-4.4.7 use Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 15/97] cifs: ensure that uncached writes handle unmapped areas correctly Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 16/97] CIFS: Fix too big maxBuf size for SMB3 mounts Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 17/97] rtl8187: fix regression on MIPS without coherent DMA Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 18/97] rtlwifi: Fix incorrect return from rtl_ps_enable_nic() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 19/97] rtlwifi: rtl8192ce: Fix too long disable of IRQs Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 20/97] 6lowpan: fix lockdep splats Greg Kroah-Hartman
2014-03-04 20:03 ` Greg Kroah-Hartman [this message]
2014-03-04 20:03 ` [PATCH 3.10 22/97] can: add destructor for self generated skbs Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 23/97] ipv4: Fix runtime WARNING in rtmsg_ifa() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 25/97] netpoll: fix netconsole IPv6 setup Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 27/97] tcp: tsq: fix nonagle handling Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 28/97] tg3: Fix deadlock in tg3_change_mtu() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 30/97] usbnet: remove generic hard_header_len check Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 31/97] bonding: 802.3ad: make aggregator_identifier bond-private Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 32/97] ipv4: fix counter in_slow_tot Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 33/97] net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 34/97] net: add and use skb_gso_transport_seglen() Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 35/97] net: core: introduce netif_skb_dev_features Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 36/97] net: ip, ipv6: handle gso skbs in forwarding path Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 37/97] net: use __GFP_NORETRY for high order allocations Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 38/97] memcg: fix endless loop caused by mem_cgroup_iter Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 39/97] fs: fix iversion handling Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 40/97] ALSA: usb-audio: work around KEF X300A firmware bug Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 41/97] ALSA: hda/ca0132 - setup/cleanup streams Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 42/97] ALSA: hda/ca0132 - Fix recording from mode id 0x8 Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 43/97] ALSA: hda - Enable front audio jacks on one HP desktop model Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 44/97] kvm: x86: fix emulator buffer overflow (CVE-2014-0049) Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 45/97] ASoC: max98090: sync regcache on entering STANDBY Greg Kroah-Hartman
2014-03-04 20:03 ` [PATCH 3.10 46/97] ASoC: wm8770: Fix wrong number of enum items Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 47/97] ASoC: da732x: Mark DC offset control registers volatile Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 48/97] ASoC: sta32x: Fix cache sync Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 50/97] ASoC: sta32x: Fix array access overflow Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 51/97] ASoC: wm8958-dsp: Fix firmware block loading Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 52/97] SUNRPC: Fix races in xs_nospace() Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 53/97] powerpc/le: Ensure that the stop-self RTAS token is handled correctly Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 54/97] powerpc/crashdump : Fix page frame number check in copy_oldmem_page Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 55/97] ahci: disable NCQ on Samsung pci-e SSDs on macbooks Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 56/97] x86: dma-mapping: fix GFP_ATOMIC macro usage Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 57/97] perf/x86: Fix event scheduling Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 58/97] ata: enable quirk from jmicron JMB350 for JMB394 Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 59/97] sata_sil: apply MOD15WRITE quirk to TOSHIBA MK2561GSYN Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 60/97] cpufreq: powernow-k8: Initialize per-cpu data-structures properly Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 61/97] PCI: Enable INTx if BIOS left them disabled Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 62/97] ACPI / PCI: Fix memory leak in acpi_pci_irq_enable() Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 63/97] i7core_edac: Fix PCI device reference count Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 64/97] ACPI / video: Filter the _BCL table for duplicate brightness values Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 65/97] ACPI / processor: Rework processor throttling with work_on_cpu() Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 66/97] can: kvaser_usb: check number of channels returned by HW Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 67/97] usb: chipidea: need to mask when writting endptflush and endptprime Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 68/97] usb: gadget: bcm63xx_udc: fix build failure on DMA channel code Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 69/97] USB: serial: option: blacklist interface 4 for Cinterion PHS8 and PXS8 Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 70/97] usb: ehci: fix deadlock when threadirqs option is used Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 71/97] USB: ftdi_sio: add Cressi Leonardo PID Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 72/97] mei: set clients read_cb to NULL when flow control fails Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 73/97] hwmon: (max1668) Fix writing the minimum temperature Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 74/97] workqueue: ensure @task is valid across kthread_stop() Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 76/97] iio:gyro: bug on L3GD20H gyroscope support Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 77/97] perf: Fix hotplug splat Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 78/97] ALSA: hda - Add a fixup for HP Folio 13 mute LED Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 79/97] xtensa: introduce spill_registers_kernel macro Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 80/97] SELinux: bigendian problems with filename trans rules Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 81/97] quota: Fix race between dqput() and dquot_scan_active() Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 82/97] ipc,mqueue: remove limits for the amount of system-wide queues Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 83/97] Input - arizona-haptics: Fix double lock of dapm_mutex Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 84/97] irq-metag*: stop set_affinity vectoring to offline cpus Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 85/97] ARM64: unwind: Fix PC calculation Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 86/97] ARM: tegra: only run PL310 init on systems with one Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 87/97] ARM: 7749/1: spinlock: retry trylock operation if strex fails on free lock Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 88/97] ARM: 7812/1: rwlocks: " Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 89/97] qla2xxx: Fix kernel panic on selective retransmission request Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 90/97] i7300_edac: Fix device reference count Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 91/97] dma: ste_dma40: dont dereference free:d descriptor Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 92/97] dm mpath: fix stalls when handling invalid ioctls Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 93/97] dm thin: avoid metadata commit if a pools thin devices havent changed Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 94/97] dm thin: fix the error path for the thin device constructor Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 95/97] drm/radeon: print the supported atpx function mask Greg Kroah-Hartman
2014-03-04 20:04 ` [PATCH 3.10 97/97] drm/radeon: disable pll sharing for DP on DCE4.1 Greg Kroah-Hartman
2014-03-05 1:16 ` [PATCH 3.10 00/97] 3.10.33-stable review Guenter Roeck
2014-03-05 22:31 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140304200346.771642798@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ryao@gentoo.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).