If one kernel path is using KM_USER0 slot and is interrupted by the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot will be overwrite and cleared to zero at last, when the control return to the original kernel path, it will access an invalid virtual address and trigger a crash.
Cc: Robert Richter <[email protected]> Cc: Greg KH <[email protected]> Cc: [email protected] Signed-off-by: Junxiao Bi <[email protected]> Hi, Please review this patch. It is for linux-2.6.32.y stable branch not for mainline. Thanks, Junxiao. --- arch/x86/oprofile/backtrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c index 829edf0..b50a280 100644 --- a/arch/x86/oprofile/backtrace.c +++ b/arch/x86/oprofile/backtrace.c @@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) offset = addr & (PAGE_SIZE - 1); size = min(PAGE_SIZE - offset, n - len); - map = kmap_atomic(page, KM_USER0); + map = kmap_atomic(page, KM_NMI); memcpy(to, map+offset, size); - kunmap_atomic(map, KM_USER0); + kunmap_atomic(map, KM_NMI); put_page(page); len += size; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
