+ mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Subject: + mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch added to -mm tree
To: linx.z.chen@xxxxxxxxx,kirill.shutemov@xxxxxxxxxxxxxxx,n-horiguchi@xxxxxxxxxxxxx,shuox.liu@xxxxxxxxx,stable@xxxxxxxxxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Fri, 18 Oct 2013 13:25:28 -0700


The patch titled
     Subject: mm/pagewalk.c: fix walk_page_range() access of wrong PTEs
has been added to the -mm tree.  Its filename is
     mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Chen LinX <linx.z.chen@xxxxxxxxx>
Subject: mm/pagewalk.c: fix walk_page_range() access of wrong PTEs

When walk_page_range walk a memory map's page tables, it'll skip VM_PFNMAP
area, then variable 'next' will to assign to vma->vm_end, it maybe larger
than 'end'.  In next loop, 'addr' will be larger than 'next'.  Then in
/proc/XXXX/pagemap file reading procedure, the 'addr' will growing forever
in pagemap_pte_range, pte_to_pagemap_entry will access wrong pte.

[   93.387934] BUG: Bad page map in process procrank  pte:8437526f pmd:785de067
[   93.387936] addr:9108d000 vm_flags:00200073 anon_vma:f0d99020 mapping:  (null) index:9108d
[   93.387938] CPU: 1 PID: 4974 Comm: procrank Tainted: G    B   W  O 3.10.1+ #1
[   93.387942]  f0d983c8 f0d983c8 e8271e48 c281ef4b e8271e84 c20ee794 c2a3f150 9108d000
[   93.387946]  00200073 f0d99020 00000000 0009108d e8342d90 8437526f 0009108d 00000000
[   93.387950]  00000000 00084375 fffa4234 e8271e98 c20ef836 00000000 e8271f28 f0d983c8
[   93.387951] Call Trace:
[   93.387953]  [<c281ef4b>] dump_stack+0x16/0x18
[   93.387956]  [<c20ee794>] print_bad_pte+0x114/0x1b0
[   93.387959]  [<c20ef836>] vm_normal_page+0x56/0x60
[   93.387961]  [<c21594ba>] pagemap_pte_range+0x17a/0x1d0
[   93.387963]  [<c2159340>] ? m_next+0x70/0x70
[   93.387966]  [<c20fc60e>] walk_page_range+0x19e/0x2c0
[   93.387969]  [<c20432c4>] ? ptrace_may_access+0x24/0x40
[   93.387971]  [<c2159a4e>] pagemap_read+0x16e/0x200
[   93.387973]  [<c2159340>] ? m_next+0x70/0x70
[   93.387976]  [<c2158be0>] ? quota_send_warning+0x1f0/0x1f0
[   93.387979]  [<c2158c30>] ? pagemap_pte_hole+0x50/0x50
[   93.387981]  [<c21598e0>] ? clear_refs_pte_range+0xc0/0xc0
[   93.387984]  [<c210c534>] vfs_read+0x84/0x150
[   93.387986]  [<c21598e0>] ? clear_refs_pte_range+0xc0/0xc0
[   93.387988]  [<c210c77a>] SyS_read+0x4a/0x80
[   93.387991]  [<c28267c8>] syscall_call+0x7/0xb
[   93.387996]  [<c2820000>] ? e1000_regdump+0x6f/0x37c
[  102.866190]  [<c259fcd3>] ? cpuidle_idle_call+0x93/0x1b0
[  102.872124]  [<c28297fa>] ? atomic_notifier_call_chain+0x1a/0x20
[  102.878834]  [<c2008478>] ? arch_cpu_idle+0x8/0x20
[  102.884183]  [<c207950d>] ? cpu_startup_entry+0x4d/0x1b0
[  102.890116]  [<c280ecbd>] ? rest_init+0x5d/0x60
[  102.895174]  [<c2b989f8>] ? start_kernel+0x31b/0x321
[  102.900717]  [<c2b98512>] ? repair_env_string+0x51/0x51
[  102.906551]  [<c2b98356>] ? i386_start_kernel+0x12c/0x12f

Signed-off-by: Liu ShuoX <shuox.liu@xxxxxxxxx>
Signed-off-by: Chen LinX <linx.z.chen@xxxxxxxxx>
Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Reviewed-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>	[3.10.x+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 mm/pagewalk.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -puN mm/pagewalk.c~mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes mm/pagewalk.c
--- a/mm/pagewalk.c~mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes
+++ a/mm/pagewalk.c
@@ -242,7 +242,7 @@ int walk_page_range(unsigned long addr,
 		if (err)
 			break;
 		pgd++;
-	} while (addr = next, addr != end);
+	} while (addr = next, addr < end);
 
 	return err;
 }
_

Patches currently in -mm which might be from linx.z.chen@xxxxxxxxx are

mm-pagewalkc-fix-walk_page_range-access-of-wrong-ptes.patch

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]