linux/arch/x86
Mel Gorman 0ee364eb31 x86/mm: Check if PUD is large when validating a kernel address
A user reported the following oops when a backup process reads
/proc/kcore:

 BUG: unable to handle kernel paging request at ffffbb00ff33b000
 IP: [<ffffffff8103157e>] kern_addr_valid+0xbe/0x110
 [...]

 Call Trace:
  [<ffffffff811b8aaa>] read_kcore+0x17a/0x370
  [<ffffffff811ad847>] proc_reg_read+0x77/0xc0
  [<ffffffff81151687>] vfs_read+0xc7/0x130
  [<ffffffff811517f3>] sys_read+0x53/0xa0
  [<ffffffff81449692>] system_call_fastpath+0x16/0x1b

Investigation determined that the bug triggered when reading
system RAM at the 4G mark. On this system, that was the first
address using 1G pages for the virt->phys direct mapping so the
PUD is pointing to a physical address, not a PMD page.

The problem is that the page table walker in kern_addr_valid() is
not checking pud_large() and treats the physical address as if
it was a PMD.  If it happens to look like pmd_none then it'll
silently fail, probably returning zeros instead of real data. If
the data happens to look like a present PMD though, it will be
walked resulting in the oops above.

This patch adds the necessary pud_large() check.

Unfortunately the problem was not readily reproducible and now
they are running the backup program without accessing
/proc/kcore so the patch has not been validated but I think it
makes sense.

Signed-off-by: Mel Gorman <mgorman@suse.de>
Reviewed-by: Rik van Riel <riel@redhat.coM>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: stable@vger.kernel.org
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20130211145236.GX21389@suse.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-02-13 10:02:55 +01:00
..
boot Various urgent EFI fixes and some warning cleanups for v3.8 2013-01-30 14:43:05 -08:00
configs
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-12-15 12:35:19 -08:00
ia32 x86-64: Replace left over sti/cli in ia32 audit exit code 2013-01-31 10:36:01 +01:00
include x86/mm: Check if PUD is large when validating a kernel address 2013-02-13 10:02:55 +01:00
kernel x86/apic: Work around boot failure on HP ProLiant DL980 G7 Server systems 2013-02-11 11:13:00 +01:00
kvm KVM: x86: use dynamic percpu allocations for shared msrs area 2013-01-08 12:51:56 -02:00
lguest
lib X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
math-emu
mm x86/mm: Check if PUD is large when validating a kernel address 2013-02-13 10:02:55 +01:00
net
oprofile
pci X86: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
platform Merge branch 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-01-31 17:10:36 +11:00
power
realmode Revert "x86, mm: Include the entire kernel memory map in trampoline_pgd" 2012-12-15 12:29:54 -08:00
syscalls Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
tools Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-02-05 07:57:09 +11:00
um Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-12-20 18:05:28 -08:00
vdso Merge tag 'kvm-3.8-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2012-12-13 15:31:08 -08:00
video
xen Fixes: 2013-01-18 12:02:52 -08:00
.gitignore
Kbuild
Kconfig x86/olpc: Fix olpc-xo1-sci.c build errors 2013-01-24 16:00:23 +01:00
Kconfig.cpu
Kconfig.debug
Makefile md update for 3.8 2012-12-18 09:32:44 -08:00
Makefile_32.cpu
Makefile.um