This is a note to let you know that I've just added the patch titled
xen/balloon: Fix crash when ballooning on x86 32 bit PAE
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xen-balloon-fix-crash-when-ballooning-on-x86-32-bit-pae.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From dfd74a1edfaba5864276a2859190a8d242d18952 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Date: Thu, 17 Mar 2016 16:52:00 +0000
Subject: xen/balloon: Fix crash when ballooning on x86 32 bit PAE
From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
commit dfd74a1edfaba5864276a2859190a8d242d18952 upstream.
Commit 55b3da98a40dbb3776f7454daf0d95dde25c33d2 (xen/balloon: find
non-conflicting regions to place hotplugged memory) caused a
regression in 4.4.
When ballooning on an x86 32 bit PAE system with close to 64 GiB of
memory, the address returned by allocate_resource may be above 64 GiB.
When using CONFIG_SPARSEMEM, this setup is limited to using physical
addresses < 64 GiB. When adding memory at this address, it runs off
the end of the mem_section array and causes a crash. Instead, fail
the ballooning request.
Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/xen/balloon.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -152,6 +152,8 @@ static DECLARE_WAIT_QUEUE_HEAD(balloon_w
static void balloon_process(struct work_struct *work);
static DECLARE_DELAYED_WORK(balloon_worker, balloon_process);
+static void release_memory_resource(struct resource *resource);
+
/* When ballooning out (allocating memory to return to Xen) we don't really
want the kernel to try too hard since that can trigger the oom killer. */
#define GFP_BALLOON \
@@ -268,6 +270,20 @@ static struct resource *additional_memor
return NULL;
}
+#ifdef CONFIG_SPARSEMEM
+ {
+ unsigned long limit = 1UL << (MAX_PHYSMEM_BITS - PAGE_SHIFT);
+ unsigned long pfn = res->start >> PAGE_SHIFT;
+
+ if (pfn > limit) {
+ pr_err("New System RAM resource outside addressable RAM (%lu > %lu)\n",
+ pfn, limit);
+ release_memory_resource(res);
+ return NULL;
+ }
+ }
+#endif
+
return res;
}
Patches currently in stable-queue which might be from ross.lagerwall@xxxxxxxxxx are
queue-4.4/xen-balloon-fix-crash-when-ballooning-on-x86-32-bit-pae.patch
queue-4.4/xen-fix-page-pfn-conversion-on-32-bit-systems.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html