On 08/22/2012 03:07 PM, Robert Richter wrote: > On 22.08.12 10:21:07, Junxiao Bi wrote: >> If one kernel path is using KM_USER0 slot and is interrupted by >> the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot >> will be overwrite and cleared to zero at last, when the control >> return to the original kernel path, it will access an invalid >> virtual address and trigger a crash. >> >> Cc: Robert Richter <[email protected]> >> Cc: Greg KH <[email protected]> >> Cc: [email protected] >> Signed-off-by: Junxiao Bi <[email protected]> >> >> Hi, Please review this patch. >> >> It is for linux-2.6.32.y stable branch not for mainline. > I am not sure if there will be any .32 stable release in the future, > but this could be at least for .34 or if there is one for .27 and .35. > >> Thanks, >> Junxiao. >> --- >> arch/x86/oprofile/backtrace.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > We should implement the perf version here, which does a: > > int type = in_nmi() ? KM_NMI : KM_IRQ0; > > See arch/x86/kernel/cpu/perf_event.c. KM_NMI seems OK for this since this function is only called by oprofile backtrace which is in nmi context. > -Robert > >> diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c >> index 829edf0..b50a280 100644 >> --- a/arch/x86/oprofile/backtrace.c >> +++ b/arch/x86/oprofile/backtrace.c >> @@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from, >> unsigned long n) >> offset = addr & (PAGE_SIZE - 1); >> size = min(PAGE_SIZE - offset, n - len); >> >> - map = kmap_atomic(page, KM_USER0); >> + map = kmap_atomic(page, KM_NMI); >> memcpy(to, map+offset, size); >> - kunmap_atomic(map, KM_USER0); >> + kunmap_atomic(map, KM_NMI); >> put_page(page); >> >> len += size; >> -- >> 1.7.9.5 >> >>
-- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
