>From time to time users report that UML hangs and consumes 100% CPU
on the host side.
Analyzing such an issue uncovered a bug in UML's page fault
handler. If the kernel tries to access userspace memory without
copy_from/to_user() UML receives a SIGSEGV and tries to handle
it. As the page fault handler is not designed to fix such faults the
SIGSEGV stays and UML consumes all CPU handling SIGSEGV.
The only sane thing we can do here is calling panic().
This patch helps to detect bad memory access from the kernel side.
Signed-off-by: Richard Weinberger <rich...@nod.at>
---
arch/um/kernel/trap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index b0a3017..04a6de4 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -222,6 +222,9 @@ unsigned long segv(struct faultinfo fi, unsigned long ip,
int is_user,
if (!is_user && address < PAGE_SIZE) {
show_regs(container_of(regs, struct pt_regs, regs));
panic("NULL pointer dereference at ip:0x%lx
address:0x%lx", ip, address);
+ } else if (!is_user && address < task_size) {
+ show_regs(container_of(regs, struct pt_regs, regs));
+ panic("Kernel tried to access userspace at ip:0x%lx
address:0x%lx", ip, address);
}
err = handle_page_fault(address, ip, is_write, is_user,
--
1.8.4.2
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
