On 22.08.12 10:21:07, Junxiao Bi wrote:
> If one kernel path is using KM_USER0 slot and is interrupted by
> the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot
> will be overwrite and cleared to zero at last, when the control
> return to the original kernel path, it will access an invalid
> virtual address and trigger a crash.
>
> Cc: Robert Richter <[email protected]>
> Cc: Greg KH <[email protected]>
> Cc: [email protected]
> Signed-off-by: Junxiao Bi <[email protected]>
>
> Hi, Please review this patch.
>
> It is for linux-2.6.32.y stable branch not for mainline.
I am not sure if there will be any .32 stable release in the future,
but this could be at least for .34 or if there is one for .27 and .35.
>
> Thanks,
> Junxiao.
> ---
> arch/x86/oprofile/backtrace.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
We should implement the perf version here, which does a:
int type = in_nmi() ? KM_NMI : KM_IRQ0;
See arch/x86/kernel/cpu/perf_event.c.
-Robert
>
> diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
> index 829edf0..b50a280 100644
> --- a/arch/x86/oprofile/backtrace.c
> +++ b/arch/x86/oprofile/backtrace.c
> @@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from,
> unsigned long n)
> offset = addr & (PAGE_SIZE - 1);
> size = min(PAGE_SIZE - offset, n - len);
>
> - map = kmap_atomic(page, KM_USER0);
> + map = kmap_atomic(page, KM_NMI);
> memcpy(to, map+offset, size);
> - kunmap_atomic(map, KM_USER0);
> + kunmap_atomic(map, KM_NMI);
> put_page(page);
>
> len += size;
> --
> 1.7.9.5
>
>
--
Advanced Micro Devices, Inc.
Operating System Research Center
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
