Re: [PATCH 3.16-stable 3/5] x86/kaiser: Fix segfaults caused by the PVCLOCK_FIXMAP user mapping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2018-01-17 at 17:22 +0100, Juerg Haefliger wrote:
> Without this, we'll get early userspace segfaults like this in the
> PVCLOCK_FIXMAP area:
> 
> [    0.602244] init[1]: segfault at ffffffffff5ff020 ip 00007fff7154afc1 sp 00007fff71540c08 error 5
> [    0.603026] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> [    0.603026]
> [    0.603624] CPU: 0 PID: 1 Comm: init Not tainted 3.16.53-rc2-stable+ #240
> [    0.604002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
> [    0.604002]  0000000000000000 ffff88003e31bc80 ffffffff81741db3 ffffffff81a60558
> [    0.604002]  ffff88003d222380 ffff88003e31bcf8 ffffffff8173da0e 0000000000000010
> [    0.604002]  ffff88003e31bd08 ffff88003e31bca8 0000000000000000 000000000000000b
> [    0.604002] Call Trace:
> [    0.604002]  [<ffffffff81741db3>] dump_stack+0x64/0x82
> [    0.604002]  [<ffffffff8173da0e>] panic+0xc8/0x203
> [    0.604002]  [<ffffffff8109c7f0>] do_exit+0xb00/0xb00
> [    0.604002]  [<ffffffff8109d5ff>] do_group_exit+0x3f/0xa0
> [    0.604002]  [<ffffffff810ac9c2>] get_signal_to_deliver+0x1c2/0x5e0
> [    0.604002]  [<ffffffff810494f8>] do_signal+0x48/0x730
> [    0.604002]  [<ffffffff8173d70c>] ? __bad_area_nosemaphore+0x1bd/0x1ca
> [    0.604002]  [<ffffffff8108cad4>] ? __do_page_fault+0x84/0x400
> [    0.604002]  [<ffffffff81049c45>] do_notify_resume+0x65/0x80
> [    0.604002]  [<ffffffff8174c002>] retint_signal+0x48/0x86
> [    0.604002] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
> [    0.604002] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> 
> This is probably too big of a hammer and needs some polishing but it's
> working :-)

It certainly is too big a hammer.

I think what's going wrong is that the pmd containing the fixmap area
is already mapped with _KERNPG_TABLE, i.e. excluding _PAGE_USER.  Then
when we map the ptes for the pvclock area we don't update the pmd
protections.

I'll look at some other branches to see how this was addressed there.

Ben.

> Signed-off-by: Juerg Haefliger <juerg.haefliger@xxxxxxxxxxxxx>
> ---
>  arch/x86/mm/kaiser.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c
> index fc50dee484f6..3f0b0b41badc 100644
> --- a/arch/x86/mm/kaiser.c
> +++ b/arch/x86/mm/kaiser.c
> @@ -202,7 +202,7 @@ static int kaiser_add_user_map(const void *__start_addr, unsigned long size,
>  			ret = -EIO;
>  			break;
>  		}
> -		pte = kaiser_pagetable_walk(address, flags & _PAGE_USER);
> +		pte = kaiser_pagetable_walk(address, true);
>  		if (!pte) {
>  			ret = -ENOMEM;
>  			break;
-- 
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]