[PATCH 3.15] x86,vdso: Fix an OOPS accessing the hpet mapping w/o an hpet

[PATCH 3.15] x86,vdso: Fix an OOPS accessing the hpet mapping w/o an hpet

[Andy Lutomirski]

The access should fail, but it shouldn't oops.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---

The oops can be triggered in qemu using -no-hpet (but not nohpet) by
running a 32-bit program and reading a couple of pages before the vdso.

This will conflict with tip/x86/vdso.  Sorry.

 arch/x86/vdso/vdso32-setup.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index 0034898..33426da 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -147,6 +147,8 @@ int __init sysenter_setup(void)
 	return 0;
 }
 
+static struct page *no_pages[] = {NULL};
+
 /* Setup a VMA at program startup for the vsyscall page */
 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
 {
@@ -192,7 +194,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
 			addr -  VDSO_OFFSET(VDSO_PREV_PAGES),
 			VDSO_OFFSET(VDSO_PREV_PAGES),
 			VM_READ,
-			NULL);
+			no_pages);
 
 	if (IS_ERR(vma)) {
 		ret = PTR_ERR(vma);
-- 
1.9.0

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

[PATCH] x86,vdso: Fix an OOPS accessing the hpet mapping w/o an hpet

[Andy Lutomirski]

The access should fail, but it shouldn't oops.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---

This applies to tip/x86/vdso and should be applied to unbreak Trinity
on linux-next.

 arch/x86/vdso/vma.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
index e915eae..d02131e 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -84,6 +84,8 @@ static unsigned long vdso_addr(unsigned long start, unsigned len)
 	return addr;
 }
 
+static struct page *no_pages[] = {NULL};
+
 static int map_vdso(const struct vdso_image *image, bool calculate_addr)
 {
 	struct mm_struct *mm = current->mm;
@@ -125,7 +127,7 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
 				       addr + image->size,
 				       image->sym_end_mapping - image->size,
 				       VM_READ,
-				       NULL);
+				       no_pages);
 
 	if (IS_ERR(vma)) {
 		ret = PTR_ERR(vma);
-- 
1.9.0

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 3.15] x86,vdso: Fix an OOPS accessing the hpet mapping w/o an hpet

[Andrew Morton]

On Wed, 14 May 2014 16:01:22 -0700 Andy Lutomirski <luto@amacapital.net> wrote:

> The access should fail, but it shouldn't oops.
> 
> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> ---
> 
> The oops can be triggered in qemu using -no-hpet (but not nohpet) by
> running a 32-bit program and reading a couple of pages before the vdso.

This sentence is the best part of the changelog!  People often do this
- they put all the good stuff after the ^---.  I always move it into
the changelog.

So how old is this bug?

> --- a/arch/x86/vdso/vdso32-setup.c
> +++ b/arch/x86/vdso/vdso32-setup.c
> @@ -147,6 +147,8 @@ int __init sysenter_setup(void)
>  	return 0;
>  }
>  
> +static struct page *no_pages[] = {NULL};

nit: this could be local to arch_setup_additional_pages().

>  /* Setup a VMA at program startup for the vsyscall page */
>  int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
>  {
> @@ -192,7 +194,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
>  			addr -  VDSO_OFFSET(VDSO_PREV_PAGES),
>  			VDSO_OFFSET(VDSO_PREV_PAGES),
>  			VM_READ,
> -			NULL);
> +			no_pages);
>  
>  	if (IS_ERR(vma)) {
>  		ret = PTR_ERR(vma);

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH 3.15] x86,vdso: Fix an OOPS accessing the hpet mapping w/o an hpet

[Andy Lutomirski]

On Wed, May 14, 2014 at 4:16 PM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Wed, 14 May 2014 16:01:22 -0700 Andy Lutomirski <luto@amacapital.net> wrote:
>
>> The access should fail, but it shouldn't oops.
>>
>> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
>> ---
>>
>> The oops can be triggered in qemu using -no-hpet (but not nohpet) by
>> running a 32-bit program and reading a couple of pages before the vdso.
>
> This sentence is the best part of the changelog!  People often do this
> - they put all the good stuff after the ^---.  I always move it into
> the changelog.
>
> So how old is this bug?

New in 3.15.

>
>> --- a/arch/x86/vdso/vdso32-setup.c
>> +++ b/arch/x86/vdso/vdso32-setup.c
>> @@ -147,6 +147,8 @@ int __init sysenter_setup(void)
>>       return 0;
>>  }
>>
>> +static struct page *no_pages[] = {NULL};
>
> nit: this could be local to arch_setup_additional_pages().

Will do.

>
>>  /* Setup a VMA at program startup for the vsyscall page */
>>  int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
>>  {
>> @@ -192,7 +194,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
>>                       addr -  VDSO_OFFSET(VDSO_PREV_PAGES),
>>                       VDSO_OFFSET(VDSO_PREV_PAGES),
>>                       VM_READ,
>> -                     NULL);
>> +                     no_pages);
>>
>>       if (IS_ERR(vma)) {
>>               ret = PTR_ERR(vma);
>

--Andy

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>