Patch "iommu/amd: Fix BUG when faulting a PROT_NONE VMA" has been added to the 4.2-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 05 Nov 2015 16:40:16 -0800

This is a note to let you know that I've just added the patch titled

    iommu/amd: Fix BUG when faulting a PROT_NONE VMA

to the 4.2-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iommu-amd-fix-bug-when-faulting-a-prot_none-vma.patch
and it can be found in the queue-4.2 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From d14f6fced5f9360edca5a1325ddb7077aab1203b Mon Sep 17 00:00:00 2001
From: Jay Cornwall <jay@xxxxxxxxxxxx>
Date: Wed, 16 Sep 2015 14:10:03 -0500
Subject: iommu/amd: Fix BUG when faulting a PROT_NONE VMA

From: Jay Cornwall <jay@xxxxxxxxxxxx>

commit d14f6fced5f9360edca5a1325ddb7077aab1203b upstream.

handle_mm_fault indirectly triggers a BUG in do_numa_page
when given a VMA without read/write/execute access. Check
this condition in do_fault.

do_fault -> handle_mm_fault -> handle_pte_fault -> do_numa_page

  mm/memory.c
  3147  static int do_numa_page(struct mm_struct *mm, struct vm_area_struct *vma,
  ....
  3159  /* A PROT_NONE fault should not end up here */
  3160  BUG_ON(!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE)));

Signed-off-by: Jay Cornwall <jay@xxxxxxxxxxxx>
Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/iommu/amd_iommu_v2.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/iommu/amd_iommu_v2.c
+++ b/drivers/iommu/amd_iommu_v2.c
@@ -516,6 +516,13 @@ static void do_fault(struct work_struct
 		goto out;
 	}
 
+	if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) {
+		/* handle_mm_fault would BUG_ON() */
+		up_read(&mm->mmap_sem);
+		handle_fault_error(fault);
+		goto out;
+	}
+
 	ret = handle_mm_fault(mm, vma, address, write);
 	if (ret & VM_FAULT_ERROR) {
 		/* failed to service fault */


Patches currently in stable-queue which might be from jay@xxxxxxxxxxxx are

queue-4.2/iommu-amd-fix-bug-when-faulting-a-prot_none-vma.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






