Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-15 00:21:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
a8aed3e075
linux/arch/x86
History
Andrea Arcangeli a8aed3e075 x86/mm/pageattr: Prevent PSE and GLOABL leftovers to confuse pmd/pte_present and pmd_huge 
Without this patch any kernel code that reads kernel memory in
non present kernel pte/pmds (as set by pageattr.c) will crash.

With this kernel code:

static struct page *crash_page;
static unsigned long *crash_address;
[..]
	crash_page = alloc_pages(GFP_KERNEL, 9);
	crash_address = page_address(crash_page);
	if (set_memory_np((unsigned long)crash_address, 1))
		printk("set_memory_np failure\n");
[..]

The kernel will crash if inside the "crash tool" one would try
to read the memory at the not present address.

crash> p crash_address
crash_address = $8 = (long unsigned int *) 0xffff88023c000000
crash> rd 0xffff88023c000000
[ *lockup* ]

The lockup happens because _PAGE_GLOBAL and _PAGE_PROTNONE
shares the same bit, and pageattr leaves _PAGE_GLOBAL set on a
kernel pte which is then mistaken as _PAGE_PROTNONE (so
pte_present returns true by mistake and the kernel fault then
gets confused and loops).

With THP the same can happen after we taught pmd_present to
check _PAGE_PROTNONE and _PAGE_PSE in commit
027ef6c878 ("mm: thp: fix pmd_present for
split_huge_page and PROT_NONE with THP").  THP has the same
problem with _PAGE_GLOBAL as the 4k pages, but it also has a
problem with _PAGE_PSE, which must be cleared too.

After the patch is applied copy_user correctly returns -EFAULT
and doesn't lockup anymore.

crash> p crash_address
crash_address = $9 = (long unsigned int *) 0xffff88023c000000
crash> rd 0xffff88023c000000
rd: read error: kernel virtual address: ffff88023c000000  type:
"64-bit KVADDR"

Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Shaohua Li <shaohua.li@intel.com>
Cc: "H. Peter Anvin" <hpa@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-02-24 13:01:45 +01:00
..
boot Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:11:10 -08:00
configs x86: Default to ARCH=x86 to avoid overriding CONFIG_64BIT 2012-12-20 14:37:18 -08:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-12-15 12:35:19 -08:00
ia32 x86-64: Replace left over sti/cli in ia32 audit exit code 2013-01-31 10:36:01 +01:00
include Merge branch 'x86-uv-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 20:12:57 -08:00
kernel x86/apic: Fix parsing of the 'lapic' cmdline option 2013-02-20 11:24:36 +01:00
kvm KVM: x86: use dynamic percpu allocations for shared msrs area 2013-01-08 12:51:56 -02:00
lguest x86, MCA: Finish mca_config conversion 2012-10-26 14:37:58 +02:00
lib X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
math-emu
mm x86/mm/pageattr: Prevent PSE and GLOABL leftovers to confuse pmd/pte_present and pmd_huge 2013-02-24 13:01:45 +01:00
net x86: bpf_jit_comp: add vlan tag support 2012-10-31 14:00:15 -04:00
oprofile oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() 2012-10-15 14:38:24 +02:00
pci x86, uv, uv3: Update ACPI Check to include SGI UV3 2013-02-11 17:17:44 -08:00
platform x86, efi: Make "noefi" really disable EFI runtime serivces 2013-02-20 13:18:36 -08:00
power x86, topology: Debug CPU0 hotplug 2012-11-14 15:28:11 -08:00
realmode Revert "x86, mm: Include the entire kernel memory map in trampoline_pgd" 2012-12-15 12:29:54 -08:00
syscalls Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
tools Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-05 07:57:09 +11:00
um Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:13:49 -08:00
vdso timers/x86/hpet: Use HPET_COUNTER to specify the hpet counter in vread_hpet() 2013-02-15 12:13:18 +01:00
video
xen Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:07:27 -08:00
.gitignore
Kbuild x86, realmode: realmode.bin infrastructure 2012-05-08 11:41:48 -07:00
Kconfig Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 20:11:07 -08:00
Kconfig.cpu x86, 386 removal: Document Nx586 as a 386 and thus unsupported 2012-11-29 13:28:39 -08:00
Kconfig.debug x86/tlb: add tlb_flushall_shift knob into debugfs 2012-06-27 19:29:10 -07:00
Makefile Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-19 19:12:03 -08:00
Makefile_32.cpu x86, 386 removal: Remove CONFIG_M386 from Kconfig 2012-11-29 13:23:01 -08:00
Makefile.um