[3.8.y.z extended stable] Patch "lib/scatterlist.c: don't flush_kernel_dcache_page on slab page" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Nov 8 02:09:03 UTC 2013 

This is a note to let you know that I have just added a patch titled

    lib/scatterlist.c: don't flush_kernel_dcache_page on slab page

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.13.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 1081c94b7f6919e5b75ae07848b8cca3fff137b5 Mon Sep 17 00:00:00 2001
From: Ming Lei <ming.lei at canonical.com>
Date: Thu, 31 Oct 2013 16:34:17 -0700
Subject: lib/scatterlist.c: don't flush_kernel_dcache_page on slab page

commit 3d77b50c5874b7e923be946ba793644f82336b75 upstream.

Commit b1adaf65ba03 ("[SCSI] block: add sg buffer copy helper
functions") introduces two sg buffer copy helpers, and calls
flush_kernel_dcache_page() on pages in SG list after these pages are
written to.

Unfortunately, the commit may introduce a potential bug:

 - Before sending some SCSI commands, kmalloc() buffer may be passed to
   block layper, so flush_kernel_dcache_page() can see a slab page
   finally

 - According to cachetlb.txt, flush_kernel_dcache_page() is only called
   on "a user page", which surely can't be a slab page.

 - ARCH's implementation of flush_kernel_dcache_page() may use page
   mapping information to do optimization so page_mapping() will see the
   slab page, then VM_BUG_ON() is triggered.

Aaro Koskinen reported the bug on ARM/kirkwood when DEBUG_VM is enabled,
and this patch fixes the bug by adding test of '!PageSlab(miter->page)'
before calling flush_kernel_dcache_page().

Signed-off-by: Ming Lei <ming.lei at canonical.com>
Reported-by: Aaro Koskinen <aaro.koskinen at iki.fi>
Tested-by: Simon Baatz <gmbnomis at gmail.com>
Cc: Russell King - ARM Linux <linux at arm.linux.org.uk>
Cc: Will Deacon <will.deacon at arm.com>
Cc: Aaro Koskinen <aaro.koskinen at iki.fi>
Acked-by: Catalin Marinas <catalin.marinas at arm.com>
Cc: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
Cc: Tejun Heo <tj at kernel.org>
Cc: "James E.J. Bottomley" <JBottomley at parallels.com>
Cc: Jens Axboe <axboe at kernel.dk>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 lib/scatterlist.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 7874b01..bd86887 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -495,7 +495,8 @@ void sg_miter_stop(struct sg_mapping_iter *miter)
 	if (miter->addr) {
 		miter->__offset += miter->consumed;

-		if (miter->__flags & SG_MITER_TO_SG)
+		if ((miter->__flags & SG_MITER_TO_SG) &&
+		    !PageSlab(miter->page))
 			flush_kernel_dcache_page(miter->page);

 		if (miter->__flags & SG_MITER_ATOMIC) {
--
1.8.1.2

More information about the kernel-team mailing list