ACK/Cmnt: [SRU][B][PATCH 0/8] x86: mm: fix kernel bug in vmalloc_sync_one()
Stefan Bader
stefan.bader at canonical.com
Fri Jun 28 11:51:08 UTC 2019
On 14.06.19 10:54, Andrea Righi wrote:
> Buglink: https://bugs.launchpad.net/bugs/1830433
>
> [Impact]
>
> Commit d653420532d580156c8486686899ea6a9eeb7bf0 in bionic enabled kernel page
> table isolation for x86_32, but also introduced a kernel bug (the BUG_ON()
> condition in vmalloc_sync_one()) that seems to happen when vmalloc_sync_all()
> is called multiple times (e.g., in a busy loop).
>
> The real problem seems to be a race condition with page-table entries'
> initialization that can be fixed applying the upstream commit
>
> 9bc4f28af75a91aea0ae383f50b0a430c4509303 ("x86/mm: Use WRITE_ONCE() when setting PTEs").
>
> [Test Case]
>
> The bug can be easily triggered by rebooting the system a couple of times and
> loading this module:
>
> https://launchpadlibrarian.net/428142172/vmalloc-stress-test.c
>
> [Fix]
>
> The following upstream fix seems to resolve the problem:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bc4f28af75a91aea0ae383f50b0a430c4509303
>
> In addition to that, the following upstream fixes are also required (all clean
> cherry picks) to do a cleaner backport of
> 9bc4f28af75a91aea0ae383f50b0a430c4509303:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=86fa949b050184ffc53688516a6a83ae5f98d08a
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=792adb90fa724ce07c0171cbc96b9215af4b1045
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=785a19f9d1dd8a4ab2d0633be4656653bd3de1fc
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f967db0b9ed44ec3057a28f3b28efc51df51b835
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba6f508d0ec4adb09f0a939af6d5e19cdfa8667d
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f77084d96355f5fba8e2c1fb3a51a393b1570de7
>
> [Regression Potential]
>
> All upstream fixes, tested on the affected platform, backport changes are
> minimal.
>
> ----------------------------------------------------------------
> Chintan Pandya (1):
> ioremap: Update pgtable free interfaces with addr
>
> Dan Williams (1):
> x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
>
> Kirill A. Shutemov (1):
> x86/mm: provide pmdp_establish() helper
>
> Nadav Amit (1):
> x86/mm: Use WRITE_ONCE() when setting PTEs
>
> Sebastian Andrzej Siewior (1):
> x86/mm/pat: Disable preemption around __flush_tlb_all()
>
> Toshi Kani (2):
> x86/mm: Disable ioremap free page handling on x86-PAE
> x86/mm: Add TLB purge to free pmd/pte page interfaces
>
> Vlastimil Babka (1):
> x86/init: fix build with CONFIG_SWAP=n
>
> arch/arm64/mm/mmu.c | 4 ++--
> arch/x86/include/asm/pgtable-3level.h | 37 ++++++++++++++++++++++++++++++++++++-
> arch/x86/include/asm/pgtable.h | 15 +++++++++++++++
> arch/x86/include/asm/pgtable_64.h | 22 +++++++++++-----------
> arch/x86/include/asm/tlbflush.h | 6 ++++++
> arch/x86/mm/init.c | 2 ++
> arch/x86/mm/init_64.c | 6 ------
> arch/x86/mm/pageattr.c | 6 +++++-
> arch/x86/mm/pgtable.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------
> include/asm-generic/pgtable.h | 8 ++++----
> lib/ioremap.c | 4 ++--
> 11 files changed, 140 insertions(+), 39 deletions(-)
>
>
Still a bit scary (any x86 mm is though) but at least appear to be sensible
steps, more or less, and also it is testable.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190628/49977762/attachment.sig>
More information about the kernel-team
mailing list