On Thu, Mar 12, 2015 at 8:52 AM, Jiri Slaby <jslaby@xxxxxxx> wrote:
>
> diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
> index 5b90bbcad9f6..d9d8d91a64ff 100644
> --- a/arch/x86/mm/fault.c
> +++ b/arch/x86/mm/fault.c
> @@ -873,6 +873,8 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code,
> if (fault & (VM_FAULT_SIGBUS|VM_FAULT_HWPOISON|
> VM_FAULT_HWPOISON_LARGE))
> do_sigbus(regs, error_code, address, fault);
> + else if (fault & VM_FAULT_SIGSEGV)
> + bad_area_nosemaphore(regs, error_code, address);
> else
> BUG();
> }
Just double-checking that you are aware that this semantically depends
on commit 7fb08eca4527 ("x86: mm: move mmap_sem unlock from
mm_fault_error() to caller"). We had that back-porting bug at least
twice, because it was so subtle.
So either you need to backport 7fb08eca4527 too before (so that we
really have dropped the semaphore at this point), or that
"bad_area_nosemaphore()" needs to be just a "bad_area()" instead,
because we still hold the semaphore.
I didn't look at the rest of the series, so this *may* be ok as-is, I
just wanted to make sure we didn't introduce this problem *again* in a
backport.
Linus
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html