linux/mm
Michael Hennerich 4016a1390d mm/nommu.c: return 0 from kobjsize with invalid objects
Don't perform kobjsize operations on objects the kernel doesn't manage.

On Blackfin, drivers can get dma coherent memory by calling a function
dma_alloc_coherent(). We do this in nommu by configuring a chunk of uncached
memory at the top of memory.

Since we don't want the kernel to use the uncached memory, we lie to the
kernel, and tell it that it's max memory is between 0, and the start of the
uncached dma coherent section.

this all works well, until this memory gets exposed into userspace (with a
frame buffer), when you look at the process's maps, it shows the framebuf:

root:/proc> cat maps
[snip]
03f0ef00-03f34700 rw-p 00000000 1f:00 192        /dev/fb0
root:/proc>

This is outside the "normal" range for the kernel. When the kernel tries to
find the size of this object (when you run ps), it dies in nommu.c in
kobjsize.

BUG_ON(page->index >= MAX_ORDER);

since the page we are referring to is outside what the kernel thinks is it's
max valid memory.

root:~> while [ 1 ]; ps > /dev/null; done
kernel BUG at mm/nommu.c:119!
Kernel panic - not syncing: BUG!

We fixed this by adding a check to reject out of range object pointers as it
already does that for NULL pointers.

Signed-off-by: Michael Hennerich <Michael.Hennerich@analog.com>
Signed-off-by: Robin Getz <rgetz@blackfin.uclinux.org>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-04-28 08:58:26 -07:00
..
allocpercpu.c cpumask: Cleanup more uses of CPU_MASK and NODE_MASK 2008-04-19 19:44:58 +02:00
backing-dev.c mm/backing-dev.c: fix percpu_counter_destroy call bug in bdi_init 2007-12-05 09:21:18 -08:00
bootmem.c memory hotplug: make alloc_bootmem_section() 2008-04-28 08:58:25 -07:00
bounce.c
dmapool.c dmapool: enable debugging for CONFIG_SLUB_DEBUG_ON too 2008-04-28 08:58:20 -07:00
fadvise.c xip: support non-struct page backed memory 2008-04-28 08:58:23 -07:00
filemap_xip.c xip: support non-struct page backed memory 2008-04-28 08:58:23 -07:00
filemap.c mm: rotate_reclaimable_page() cleanup 2008-04-28 08:58:20 -07:00
fremap.c mm: fix various kernel-doc comments 2008-03-19 18:53:35 -07:00
highmem.c mm: highmem kernel-doc additions 2008-03-19 18:53:35 -07:00
hugetlb.c hugetlbfs: common code update for s390 2008-04-28 08:58:25 -07:00
internal.h memory hotplug: free memmaps allocated by bootmem 2008-04-28 08:58:26 -07:00
Kconfig PAGEFLAGS_EXTENDED and separate page flags for Head and Tail 2008-04-28 08:58:22 -07:00
maccess.c kgdb: fix optional arch functions and probe_kernel_* 2008-04-17 20:05:39 +02:00
madvise.c xip: support non-struct page backed memory 2008-04-28 08:58:23 -07:00
Makefile uaccess: add probe_kernel_write() 2008-04-17 20:05:36 +02:00
memcontrol.c memcg: fix node_state handling 2008-04-08 18:25:53 -07:00
memory_hotplug.c memory hotplug: free memmaps allocated by bootmem 2008-04-28 08:58:26 -07:00
memory.c mm: add vm_insert_mixed 2008-04-28 08:58:23 -07:00
mempolicy.c mempolicy: use struct mempolicy pointer in shmem_sb_info 2008-04-28 08:58:25 -07:00
mempool.c spelling fixes: mm/ 2007-10-20 01:27:18 +02:00
migrate.c memcg: fix VM_BUG_ON from page migration 2008-03-04 16:35:14 -08:00
mincore.c mm: remove nopage 2008-04-28 08:58:18 -07:00
mlock.c
mmap.c mempolicy: rename mpol_copy to mpol_dup 2008-04-28 08:58:23 -07:00
mmzone.c mm: filter based on a nodemask as well as a gfp_mask 2008-04-28 08:58:19 -07:00
mprotect.c fix mprotect vma_wants_writenotify prot 2007-10-23 08:32:06 -07:00
mremap.c sparse pointer use of zero as null 2007-10-18 14:37:31 -07:00
msync.c
nommu.c mm/nommu.c: return 0 from kobjsize with invalid objects 2008-04-28 08:58:26 -07:00
oom_kill.c oom_kill: remove unused parameter in badness() 2008-04-28 08:58:26 -07:00
page_alloc.c mm/page_alloc.c: remove hand-coded get_order() 2008-04-28 08:58:26 -07:00
page_io.c mm: fix PageUptodate data race 2008-02-05 09:44:19 -08:00
page_isolation.c memory hotremove: unset migrate type "ISOLATE" after removal 2007-11-14 18:45:38 -08:00
page-writeback.c writeback: speed up writeback of big dirty files 2008-02-05 09:44:19 -08:00
pagewalk.c mm: fix possible off-by-one in walk_pte_range() 2008-04-28 08:58:16 -07:00
pdflush.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/juhl/trivial 2008-04-21 16:36:46 -07:00
prio_tree.c spelling fixes: mm/ 2007-10-20 01:27:18 +02:00
quicklist.c quicklists: Only consider memory that can be used with GFP_KERNEL 2008-01-14 08:52:22 -08:00
readahead.c mm/readahead: fix kernel-doc notation 2008-03-19 18:53:37 -07:00
rmap.c mm: remove nopage 2008-04-28 08:58:18 -07:00
shmem_acl.c
shmem.c mempolicy: use struct mempolicy pointer in shmem_sb_info 2008-04-28 08:58:25 -07:00
slab.c mm: move cache_line_size() to <linux/cache.h> 2008-04-28 08:58:19 -07:00
slob.c slob: reduce external fragmentation by using three free lists 2008-02-05 09:44:19 -08:00
slub.c mm: move cache_line_size() to <linux/cache.h> 2008-04-28 08:58:19 -07:00
sparse-vmemmap.c NULL noise: fs/*, mm/*, kernel/* 2008-03-30 14:18:41 -07:00
sparse.c memory hotplug: free memmaps allocated by bootmem 2008-04-28 08:58:26 -07:00
swap_state.c mm: fix various kernel-doc comments 2008-03-19 18:53:35 -07:00
swap.c mm: rotate_reclaimable_page() cleanup 2008-04-28 08:58:20 -07:00
swapfile.c mm: try both endianess when checking for endianess 2008-04-28 08:58:19 -07:00
thrash.c
tiny-shmem.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2008-03-25 08:57:47 -07:00
truncate.c fix invalidate_inode_pages2_range() to not clear ret 2008-04-28 08:58:18 -07:00
util.c fix mm/util.c:krealloc() 2007-11-14 18:45:41 -08:00
vmalloc.c vmallocinfo: add caller information 2008-04-28 08:58:21 -07:00
vmscan.c mm: have zonelist contains structs with both a zone pointer and zone_idx 2008-04-28 08:58:18 -07:00
vmstat.c vmstats: add cond_resched() to refresh_cpu_vm_stats() 2008-04-28 08:58:26 -07:00