[thirdparty/kernel/stable-queue.git] / releases / 2.6.36.2 / powerpc-fix-call-to-subpage_protection.patch

From 1c2c25c78740b2796c7c06640784cb6732fa4907 Mon Sep 17 00:00:00 2001
From: Michael Neuling <mikey@neuling.org>
Date: Wed, 17 Nov 2010 16:32:59 +0000
Subject: powerpc: Fix call to subpage_protection()

From: Michael Neuling <mikey@neuling.org>

commit 1c2c25c78740b2796c7c06640784cb6732fa4907 upstream.

In:
  powerpc/mm: Fix pgtable cache cleanup with CONFIG_PPC_SUBPAGE_PROT
  commit d28513bc7f675d28b479db666d572e078ecf182d
  Author: David Gibson <david@gibson.dropbear.id.au>

subpage_protection() was changed to to take an mm rather a pgdir but it
didn't change calling site in hashpage_preload().  The change wasn't
noticed at compile time since hashpage_preload() used a void* as the
parameter to subpage_protection().

This is obviously wrong and can trigger the following crash when
CONFIG_SLAB, CONFIG_DEBUG_SLAB, CONFIG_PPC_64K_PAGES
CONFIG_PPC_SUBPAGE_PROT are enabled.

Freeing unused kernel memory: 704k freed
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6c49b7
Faulting instruction address: 0xc0000000000410f4
cpu 0x2: Vector: 300 (Data Access) at [c00000004233f590]
    pc: c0000000000410f4: .hash_preload+0x258/0x338
    lr: c000000000041054: .hash_preload+0x1b8/0x338
    sp: c00000004233f810
   msr: 8000000000009032
   dar: 6b6b6b6b6b6c49b7
 dsisr: 40000000
  current = 0xc00000007e2c0070
  paca    = 0xc000000007fe0500
    pid   = 1, comm = init
enter ? for help
[c00000004233f810] c000000000041020 .hash_preload+0x184/0x338 (unreliable)
[c00000004233f8f0] c00000000003ed98 .update_mmu_cache+0xb0/0xd0
[c00000004233f990] c000000000157754 .__do_fault+0x48c/0x5dc
[c00000004233faa0] c000000000158fd0 .handle_mm_fault+0x508/0xa8c
[c00000004233fb90] c0000000006acdd4 .do_page_fault+0x428/0x6ac
[c00000004233fe30] c000000000005260 handle_page_fault+0x20/0x74

Reported-by: Jim Keniston <jkenisto@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 arch/powerpc/mm/hash_utils_64.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/mm/hash_utils_64.c
+++ b/arch/powerpc/mm/hash_utils_64.c
@@ -1122,7 +1122,7 @@ void hash_preload(struct mm_struct *mm,
 	else
 #endif /* CONFIG_PPC_HAS_HASH_64K */
 		rc = __hash_page_4K(ea, access, vsid, ptep, trap, local, ssize,
-				    subpage_protection(pgdir, ea));
+				    subpage_protection(mm, ea));
 
 	/* Dump some info in case of hash insertion failure, they should
 	 * never happen so it is really useful to know if/when they do
Commit	Line	Data
a323acb3 GKH	1	From 1c2c25c78740b2796c7c06640784cb6732fa4907 Mon Sep 17 00:00:00 2001
	2	From: Michael Neuling <mikey@neuling.org>
	3	Date: Wed, 17 Nov 2010 16:32:59 +0000
	4	Subject: powerpc: Fix call to subpage_protection()
	5
	6	From: Michael Neuling <mikey@neuling.org>
	7
	8	commit 1c2c25c78740b2796c7c06640784cb6732fa4907 upstream.
	9
	10	In:
	11	powerpc/mm: Fix pgtable cache cleanup with CONFIG_PPC_SUBPAGE_PROT
	12	commit d28513bc7f675d28b479db666d572e078ecf182d
	13	Author: David Gibson <david@gibson.dropbear.id.au>
	14
	15	subpage_protection() was changed to to take an mm rather a pgdir but it
	16	didn't change calling site in hashpage_preload(). The change wasn't
	17	noticed at compile time since hashpage_preload() used a void* as the
	18	parameter to subpage_protection().
	19
	20	This is obviously wrong and can trigger the following crash when
	21	CONFIG_SLAB, CONFIG_DEBUG_SLAB, CONFIG_PPC_64K_PAGES
	22	CONFIG_PPC_SUBPAGE_PROT are enabled.
	23
	24	Freeing unused kernel memory: 704k freed
	25	Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6c49b7
	26	Faulting instruction address: 0xc0000000000410f4
	27	cpu 0x2: Vector: 300 (Data Access) at [c00000004233f590]
	28	pc: c0000000000410f4: .hash_preload+0x258/0x338
	29	lr: c000000000041054: .hash_preload+0x1b8/0x338
	30	sp: c00000004233f810
	31	msr: 8000000000009032
	32	dar: 6b6b6b6b6b6c49b7
	33	dsisr: 40000000
	34	current = 0xc00000007e2c0070
	35	paca = 0xc000000007fe0500
	36	pid = 1, comm = init
	37	enter ? for help
	38	[c00000004233f810] c000000000041020 .hash_preload+0x184/0x338 (unreliable)
	39	[c00000004233f8f0] c00000000003ed98 .update_mmu_cache+0xb0/0xd0
	40	[c00000004233f990] c000000000157754 .__do_fault+0x48c/0x5dc
	41	[c00000004233faa0] c000000000158fd0 .handle_mm_fault+0x508/0xa8c
	42	[c00000004233fb90] c0000000006acdd4 .do_page_fault+0x428/0x6ac
	43	[c00000004233fe30] c000000000005260 handle_page_fault+0x20/0x74
	44
	45	Reported-by: Jim Keniston <jkenisto@linux.vnet.ibm.com>
	46	Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
	47	Signed-off-by: Michael Neuling <mikey@neuling.org>
	48	cc: David Gibson <david@gibson.dropbear.id.au>
	49	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	50
6dcefc2a GKH	51	---
	52	arch/powerpc/mm/hash_utils_64.c \| 2 +-
	53	1 file changed, 1 insertion(+), 1 deletion(-)
	54
a323acb3 GKH	55	--- a/arch/powerpc/mm/hash_utils_64.c
a323acb3 GKH	56	+++ b/arch/powerpc/mm/hash_utils_64.c
6dcefc2a	57	@@ -1122,7 +1122,7 @@ void hash_preload(struct mm_struct *mm,
a323acb3 GKH	58	else
	59	#endif /* CONFIG_PPC_HAS_HASH_64K */
	60	rc = __hash_page_4K(ea, access, vsid, ptep, trap, local, ssize,
	61	- subpage_protection(pgdir, ea));
	62	+ subpage_protection(mm, ea));
	63
	64	/* Dump some info in case of hash insertion failure, they should
	65	* never happen so it is really useful to know if/when they do