]>
Commit | Line | Data |
---|---|---|
2cb7cef9 BS |
1 | Subject: Check for valid hugepage size in hugetlb_get_unmapped_area |
2 | From: Brian King <brking@linux.vnet.ibm.com> | |
3 | References: 456433 - LTC50170 | |
4 | ||
5 | It looks like most of the hugetlb code is doing the correct thing if | |
6 | hugepages are not supported, but the mmap code is not. If we get into | |
7 | the mmap code when hugepages are not supported, such as in an LPAR | |
8 | which is running Active Memory Sharing, we can oops the kernel. This | |
9 | patch fixes the oops being seen in this path. | |
10 | ||
11 | ops: Kernel access of bad area, sig: 11 [#1] | |
12 | SMP NR_CPUS=1024 NUMA pSeries | |
13 | Modules linked in: nfs(N) lockd(N) nfs_acl(N) sunrpc(N) ipv6(N) fuse(N) loop(N) | |
14 | dm_mod(N) sg(N) ibmveth(N) sd_mod(N) crc_t10dif(N) ibmvscsic(N) | |
15 | scsi_transport_srp(N) scsi_tgt(N) scsi_mod(N) | |
16 | Supported: No | |
17 | NIP: c000000000038d60 LR: c00000000003945c CTR: c0000000000393f0 | |
18 | REGS: c000000077e7b830 TRAP: 0300 Tainted: G | |
19 | (2.6.27.5-bz50170-2-ppc64) | |
20 | MSR: 8000000000009032 <EE,ME,IR,DR> CR: 44000448 XER: 20000001 | |
21 | DAR: c000002000af90a8, DSISR: 0000000040000000 | |
22 | TASK = c00000007c1b8600[4019] 'hugemmap01' THREAD: c000000077e78000 CPU: 6 | |
23 | GPR00: 0000001fffffffe0 c000000077e7bab0 c0000000009a4e78 0000000000000000 | |
24 | GPR04: 0000000000010000 0000000000000001 00000000ffffffff 0000000000000001 | |
25 | GPR08: 0000000000000000 c000000000af90c8 0000000000000001 0000000000000000 | |
26 | GPR12: 000000000000003f c000000000a73880 0000000000000000 0000000000000000 | |
27 | GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000010000 | |
28 | GPR20: 0000000000000000 0000000000000003 0000000000010000 0000000000000001 | |
29 | GPR24: 0000000000000003 0000000000000000 0000000000000001 ffffffffffffffb5 | |
30 | GPR28: c000000077ca2e80 0000000000000000 c00000000092af78 0000000000010000 | |
31 | NIP [c000000000038d60] .slice_get_unmapped_area+0x6c/0x4e0 | |
32 | LR [c00000000003945c] .hugetlb_get_unmapped_area+0x6c/0x80 | |
33 | Call Trace: | |
34 | [c000000077e7bbc0] [c00000000003945c] .hugetlb_get_unmapped_area+0x6c/0x80 | |
35 | [c000000077e7bc30] [c000000000107e30] .get_unmapped_area+0x64/0xd8 | |
36 | [c000000077e7bcb0] [c00000000010b140] .do_mmap_pgoff+0x140/0x420 | |
37 | [c000000077e7bd80] [c00000000000bf5c] .sys_mmap+0xc4/0x140 | |
38 | [c000000077e7be30] [c0000000000086b4] syscall_exit+0x0/0x40 | |
39 | Instruction dump: | |
40 | fac1ffb0 fae1ffb8 fb01ffc0 fb21ffc8 fb41ffd0 fb61ffd8 fb81ffe0 fbc1fff0 | |
41 | fbe1fff8 f821fef1 f8c10158 f8e10160 <7d49002e> f9010168 e92d01b0 eb4902b0 | |
42 | ||
43 | Signed-off-by: Brian King <brking@linux.vnet.ibm.com> | |
44 | Signed-off-by: Olaf Hering <olh@suse.de> | |
45 | ||
46 | --- | |
47 | arch/powerpc/mm/hugetlbpage.c | 3 +++ | |
48 | 1 file changed, 3 insertions(+) | |
49 | ||
50 | --- a/arch/powerpc/mm/hugetlbpage.c | |
51 | +++ b/arch/powerpc/mm/hugetlbpage.c | |
52 | @@ -500,6 +500,9 @@ unsigned long hugetlb_get_unmapped_area( | |
53 | { | |
54 | struct hstate *hstate = hstate_file(file); | |
55 | int mmu_psize = shift_to_mmu_psize(huge_page_shift(hstate)); | |
56 | + | |
57 | + if (!mmu_huge_psizes[mmu_psize]) | |
58 | + return -EINVAL; | |
59 | return slice_get_unmapped_area(addr, len, flags, mmu_psize, 1, 0); | |
60 | } | |
61 |