linux-sg2042/arch/x86/mm
Mel Gorman 0ee364eb31 x86/mm: Check if PUD is large when validating a kernel address
A user reported the following oops when a backup process reads
/proc/kcore:

 BUG: unable to handle kernel paging request at ffffbb00ff33b000
 IP: [<ffffffff8103157e>] kern_addr_valid+0xbe/0x110
 [...]

 Call Trace:
  [<ffffffff811b8aaa>] read_kcore+0x17a/0x370
  [<ffffffff811ad847>] proc_reg_read+0x77/0xc0
  [<ffffffff81151687>] vfs_read+0xc7/0x130
  [<ffffffff811517f3>] sys_read+0x53/0xa0
  [<ffffffff81449692>] system_call_fastpath+0x16/0x1b

Investigation determined that the bug triggered when reading
system RAM at the 4G mark. On this system, that was the first
address using 1G pages for the virt->phys direct mapping so the
PUD is pointing to a physical address, not a PMD page.

The problem is that the page table walker in kern_addr_valid() is
not checking pud_large() and treats the physical address as if
it was a PMD.  If it happens to look like pmd_none then it'll
silently fail, probably returning zeros instead of real data. If
the data happens to look like a present PMD though, it will be
walked resulting in the oops above.

This patch adds the necessary pud_large() check.

Unfortunately the problem was not readily reproducible and now
they are running the backup program without accessing
/proc/kcore so the patch has not been validated but I think it
makes sense.

Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.coM>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: stable@vger.kernel.org
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20130211145236.GX21389@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-02-13 10:02:55 +01:00
..
kmemcheck bug.h: add include of it to various implicit C users 2012-02-29 17:15:08 -05:00
Makefile memblock, x86: Replace memblock_x86_reserve/free_range() with generic ones 2011-07-14 11:47:53 -07:00
amdtopology.c x86, NUMA: Enable CONFIG_AMD_NUMA on 32bit too 2011-05-02 17:24:48 +02:00
dump_pagetables.c x86, mm: Create symbolic index into address_markers array 2010-07-20 16:56:19 -07:00
extable.c x86, extable: Switch to relative exception table entries 2012-04-20 17:22:34 -07:00
fault.c x86: Do not leak kernel page mapping locations 2013-02-07 19:57:44 +01:00
gup.c thp: add compound tail page _mapcount when mapped 2011-12-09 07:50:28 -08:00
highmem_32.c highmem: kill all __kmap_atomic() 2012-03-20 21:48:30 +08:00
hugetlbpage.c mm: use vm_unmapped_area() in hugetlbfs on i386 architecture 2012-12-11 17:22:25 -08:00
init.c x86, mm: Undo incorrect revert in arch/x86/mm/init.c 2012-10-25 15:45:45 -07:00
init_32.c x86, 386 removal: Remove CONFIG_X86_WP_WORKS_OK 2012-11-29 13:23:03 -08:00
init_64.c x86/mm: Check if PUD is large when validating a kernel address 2013-02-13 10:02:55 +01:00
iomap_32.c mm: fix race in kunmap_atomic() 2010-10-27 18:03:05 -07:00
ioremap.c Revert "x86, mm: Include the entire kernel memory map in trampoline_pgd" 2012-12-15 12:29:54 -08:00
kmmio.c x86, kmmio/mmiotrace: Fix double free of kmmio_fault_pages 2010-06-18 11:30:09 +02:00
memtest.c memblock, x86: Replace memblock_x86_reserve/free_range() with generic ones 2011-07-14 11:47:53 -07:00
mmap.c x86: Fix mmap random address range 2011-12-05 17:07:23 +01:00
mmio-mod.c module_param: make bool parameters really bool (arch) 2012-01-13 09:32:18 +10:30
numa.c x86: print physical addresses consistently with other parts of kernel 2012-05-29 16:22:21 -07:00
numa_32.c memblock, x86: Replace memblock_x86_reserve/free_range() with generic ones 2011-07-14 11:47:53 -07:00
numa_64.c memblock, x86: Make free_all_memory_core_early() explicitly free lowmem only 2011-07-14 11:47:49 -07:00
numa_emulation.c x86: print physical addresses consistently with other parts of kernel 2012-05-29 16:22:21 -07:00
numa_internal.h x86, NUMA: Initialize and use remap allocator from setup_node_bootmem() 2011-05-02 14:18:54 +02:00
pageattr-test.c x86: Convert vmalloc()+memset() to vzalloc() 2011-05-28 19:53:57 +02:00
pageattr.c Revert "x86-64/efi: Use EFI to deal with platform wall clock (again)" 2012-12-15 15:20:41 -08:00
pat.c mm, x86, pat: rework linear pfn-mmap tracking 2012-10-09 16:22:16 +09:00
pat_internal.h x86, pat: Fix memory leak in free_memtype 2010-05-26 11:26:04 -07:00
pat_rbtree.c rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
pf_in.c x86: Eliminate various 'set but not used' warnings 2011-05-21 19:10:33 +02:00
pf_in.h
pgtable.c Automatic NUMA Balancing V11 2012-12-16 15:18:08 -08:00
pgtable_32.c Disintegrate asm/system.h for X86 2012-03-28 18:11:12 +01:00
physaddr.c x86: split __phys_addr out into separate file 2009-09-10 11:48:55 -07:00
physaddr.h x86: split __phys_addr out into separate file 2009-09-10 11:48:55 -07:00
setup_nx.c x86, cpu: Only CPU features determine NX capabilities 2010-11-10 15:43:15 -08:00
srat.c ACPI: Only count valid srat memory structures 2012-08-03 00:15:53 -04:00
testmmiotrace.c x86, kmmio/mmiotrace: Fix double free of kmmio_fault_pages 2010-06-18 11:30:09 +02:00
tlb.c x86, 386 removal: Remove CONFIG_INVLPG 2012-11-29 13:23:02 -08:00