Fix vmalloc_fault oops during lazy MMU (rhbz 914737)
This commit is contained in:
Josh Boyer
parent
fa8ce41f27
commit
a46911c9f8
@ -811,6 +811,9 @@ Patch22260: sock_diag-Fix-out-of-bounds-access-to-sock_diag_handlers.patch
|
||||
#rhbz 903192
|
||||
Patch22261: 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
|
||||
|
||||
#rhbz 914737
|
||||
Patch22262: x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
|
||||
|
||||
Patch23000: silence-brcmsmac-warning.patch
|
||||
|
||||
#rhbz 812111
|
||||
@ -1571,6 +1574,9 @@ ApplyPatch sock_diag-Fix-out-of-bounds-access-to-sock_diag_handlers.patch
|
||||
#rhbz 903192
|
||||
ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch
|
||||
|
||||
#rhbz 914737
|
||||
ApplyPatch x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -2434,6 +2440,9 @@ fi
|
||||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Feb 26 2013 Josh Boyer <jwboyer@redhat.com>
|
||||
- Fix vmalloc_fault oops during lazy MMU (rhbz 914737)
|
||||
|
||||
* Mon Feb 25 2013 Josh Boyer <jwboyer@redhat.com>
|
||||
- Honor dmesg_restrict for /dev/kmsg (rhbz 903192)
|
||||
|
||||
|
||||
48
x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
Normal file
48
x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From: Samu Kallio <>
|
||||
Subject: [PATCH] x86: mm: Fix vmalloc_fault oops during lazy MMU updates.
|
||||
Date: Sun, 17 Feb 2013 04:35:52 +0200
|
||||
|
||||
In paravirtualized x86_64 kernels, vmalloc_fault may cause an oops
|
||||
when lazy MMU updates are enabled, because set_pgd effects are being
|
||||
deferred.
|
||||
|
||||
One instance of this problem is during process mm cleanup with memory
|
||||
cgroups enabled. The chain of events is as follows:
|
||||
|
||||
- zap_pte_range enables lazy MMU updates
|
||||
- zap_pte_range eventually calls mem_cgroup_charge_statistics,
|
||||
which accesses the vmalloc'd mem_cgroup per-cpu stat area
|
||||
- vmalloc_fault is triggered which tries to sync the corresponding
|
||||
PGD entry with set_pgd, but the update is deferred
|
||||
- vmalloc_fault oopses due to a mismatch in the PUD entries
|
||||
|
||||
Calling arch_flush_lazy_mmu_mode immediately after set_pgd makes the
|
||||
changes visible to the consistency checks.
|
||||
|
||||
Signed-off-by: Samu Kallio <samu.kallio@aberdeencloud.com>
|
||||
---
|
||||
arch/x86/mm/fault.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
|
||||
index 8e13ecb..0a45298 100644
|
||||
--- a/arch/x86/mm/fault.c
|
||||
+++ b/arch/x86/mm/fault.c
|
||||
@@ -378,10 +378,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address)
|
||||
if (pgd_none(*pgd_ref))
|
||||
return -1;
|
||||
|
||||
- if (pgd_none(*pgd))
|
||||
+ if (pgd_none(*pgd)) {
|
||||
set_pgd(pgd, *pgd_ref);
|
||||
- else
|
||||
+ arch_flush_lazy_mmu_mode();
|
||||
+ } else {
|
||||
BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref));
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Below here mismatches are bugs because these lower tables
|
||||
--
|
||||
1.8.1.3
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user