From 318f6554a39314d9f24636b448e38ccaea461d21 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Feb 26 2013 13:17:31 +0000 Subject: Fix vmalloc_fault oops during lazy MMU (rhbz 914737) --- diff --git a/kernel.spec b/kernel.spec index c99d328..e73cfca 100644 --- a/kernel.spec +++ b/kernel.spec @@ -62,7 +62,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -742,6 +742,9 @@ Patch21260: alps-v2.patch #rhbz 903192 Patch21261: 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch +#rhbz 914737 +Patch21262: x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch + Patch22000: weird-root-dentry-name-debug.patch #selinux ptrace child permissions @@ -1441,6 +1444,9 @@ ApplyPatch sock_diag-Fix-out-of-bounds-access-to-sock_diag_handlers.patch #rhbz 903192 ApplyPatch 0001-kmsg-Honor-dmesg_restrict-sysctl-on-dev-kmsg.patch +#rhbz 914737 +ApplyPatch x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch + # END OF PATCH APPLICATIONS %endif @@ -2296,6 +2302,9 @@ fi # ||----w | # || || %changelog +* Tue Feb 26 2013 Josh Boyer +- Fix vmalloc_fault oops during lazy MMU (rhbz 914737) + * Mon Feb 25 2013 Josh Boyer - 3.9.0-0.rc0.git7.1 - Honor dmesg_restrict for /dev/kmsg (rhbz 903192) - Linux v3.8-7888-gab78265 diff --git a/x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch b/x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch new file mode 100644 index 0000000..31b0de8 --- /dev/null +++ b/x86-mm-Fix-vmalloc_fault-oops-during-lazy-MMU-updates.patch @@ -0,0 +1,48 @@ +From: Samu Kallio <> +Subject: [PATCH] x86: mm: Fix vmalloc_fault oops during lazy MMU updates. +Date: Sun, 17 Feb 2013 04:35:52 +0200 + +In paravirtualized x86_64 kernels, vmalloc_fault may cause an oops +when lazy MMU updates are enabled, because set_pgd effects are being +deferred. + +One instance of this problem is during process mm cleanup with memory +cgroups enabled. The chain of events is as follows: + +- zap_pte_range enables lazy MMU updates +- zap_pte_range eventually calls mem_cgroup_charge_statistics, + which accesses the vmalloc'd mem_cgroup per-cpu stat area +- vmalloc_fault is triggered which tries to sync the corresponding + PGD entry with set_pgd, but the update is deferred +- vmalloc_fault oopses due to a mismatch in the PUD entries + +Calling arch_flush_lazy_mmu_mode immediately after set_pgd makes the +changes visible to the consistency checks. + +Signed-off-by: Samu Kallio +--- + arch/x86/mm/fault.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) +diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c +index 8e13ecb..0a45298 100644 +--- a/arch/x86/mm/fault.c ++++ b/arch/x86/mm/fault.c +@@ -378,10 +378,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) + if (pgd_none(*pgd_ref)) + return -1; + +- if (pgd_none(*pgd)) ++ if (pgd_none(*pgd)) { + set_pgd(pgd, *pgd_ref); +- else ++ arch_flush_lazy_mmu_mode(); ++ } else { + BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); ++ } + + /* + * Below here mismatches are bugs because these lower tables +-- +1.8.1.3 + +