[PATCH 1/6] x86: check PMD in spurious_fault handler

From: Steven Rostedt
Date: Thu Feb 19 2009 - 20:16:13 EST


From: Steven Rostedt <srostedt@xxxxxxxxxx>

Impact: fix to prevent hard lockup on bad PMD permissions

If the PMD does not have the correct permissions for a page access,
but the PTE does, the spurious fault handler will mistake the fault
as a lazy TLB transaction. This will result in an infinite loop of:

fault -> spurious_fault check (pass) -> return to code -> fault

This patch adds a check and a warn on if the PTE passes the permissions
but the PMD does not.

Signed-off-by: Steven Rostedt <srostedt@xxxxxxxxxx>
---
arch/x86/mm/fault.c | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c76ef1d..7b579a6 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -455,6 +455,7 @@ static int spurious_fault(unsigned long address,
pud_t *pud;
pmd_t *pmd;
pte_t *pte;
+ int ret;

/* Reserved-bit violation or user access to kernel space? */
if (error_code & (PF_USER | PF_RSVD))
@@ -482,7 +483,17 @@ static int spurious_fault(unsigned long address,
if (!pte_present(*pte))
return 0;

- return spurious_fault_check(error_code, pte);
+ ret = spurious_fault_check(error_code, pte);
+ if (!ret)
+ return 0;
+
+ /*
+ * Make sure we have permissions in PMD
+ * If not, then there's a bug in the page tables.
+ */
+ ret = spurious_fault_check(error_code, (pte_t *) pmd);
+ WARN_ON(!ret);
+ return ret;
}

/*
--
1.5.6.5

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/