[SRU][B][PATCH 0/8] x86: mm: fix kernel bug in vmalloc_sync_one()
Andrea Righi
andrea.righi at canonical.com
Fri Jun 14 08:54:58 UTC 2019
Buglink: https://bugs.launchpad.net/bugs/1830433
[Impact]
Commit d653420532d580156c8486686899ea6a9eeb7bf0 in bionic enabled kernel page
table isolation for x86_32, but also introduced a kernel bug (the BUG_ON()
condition in vmalloc_sync_one()) that seems to happen when vmalloc_sync_all()
is called multiple times (e.g., in a busy loop).
The real problem seems to be a race condition with page-table entries'
initialization that can be fixed applying the upstream commit
9bc4f28af75a91aea0ae383f50b0a430c4509303 ("x86/mm: Use WRITE_ONCE() when setting PTEs").
[Test Case]
The bug can be easily triggered by rebooting the system a couple of times and
loading this module:
https://launchpadlibrarian.net/428142172/vmalloc-stress-test.c
[Fix]
The following upstream fix seems to resolve the problem:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bc4f28af75a91aea0ae383f50b0a430c4509303
In addition to that, the following upstream fixes are also required (all clean
cherry picks) to do a cleaner backport of
9bc4f28af75a91aea0ae383f50b0a430c4509303:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=86fa949b050184ffc53688516a6a83ae5f98d08a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=792adb90fa724ce07c0171cbc96b9215af4b1045
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=785a19f9d1dd8a4ab2d0633be4656653bd3de1fc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f967db0b9ed44ec3057a28f3b28efc51df51b835
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba6f508d0ec4adb09f0a939af6d5e19cdfa8667d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f77084d96355f5fba8e2c1fb3a51a393b1570de7
[Regression Potential]
All upstream fixes, tested on the affected platform, backport changes are
minimal.
----------------------------------------------------------------
Chintan Pandya (1):
ioremap: Update pgtable free interfaces with addr
Dan Williams (1):
x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
Kirill A. Shutemov (1):
x86/mm: provide pmdp_establish() helper
Nadav Amit (1):
x86/mm: Use WRITE_ONCE() when setting PTEs
Sebastian Andrzej Siewior (1):
x86/mm/pat: Disable preemption around __flush_tlb_all()
Toshi Kani (2):
x86/mm: Disable ioremap free page handling on x86-PAE
x86/mm: Add TLB purge to free pmd/pte page interfaces
Vlastimil Babka (1):
x86/init: fix build with CONFIG_SWAP=n
arch/arm64/mm/mmu.c | 4 ++--
arch/x86/include/asm/pgtable-3level.h | 37 ++++++++++++++++++++++++++++++++++++-
arch/x86/include/asm/pgtable.h | 15 +++++++++++++++
arch/x86/include/asm/pgtable_64.h | 22 +++++++++++-----------
arch/x86/include/asm/tlbflush.h | 6 ++++++
arch/x86/mm/init.c | 2 ++
arch/x86/mm/init_64.c | 6 ------
arch/x86/mm/pageattr.c | 6 +++++-
arch/x86/mm/pgtable.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------
include/asm-generic/pgtable.h | 8 ++++----
lib/ioremap.c | 4 ++--
11 files changed, 140 insertions(+), 39 deletions(-)
More information about the kernel-team
mailing list