[PATCH OLK-6.6 0/2] Bugfix for two issues
Bugfix for the following two issues Liu Mingrui (2): zcopy: Fix NULL pointer dereference while attach conflict with free zcopy: Fix softlockup while attach PUD-SIZE page drivers/misc/zcopy/zcopy.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.25.1
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IDBKGM -------------------------------- Add mm_read_lock to avoid conflict between attach and free. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000020300acd7000 [0000000000000000] pgd=0800203008421403, p4d=0800203008421403, pud=0800203008422403, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP CPU: 107 PID: 151805 Comm: ioctl_zcopy_too Kdump: loaded Not tainted 6.6.0-f3180605d2a8 #1 Hardware name: Huawei Taishan 2280 V2/BC82AMDD, BIOS 6.57 05/17/2023 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : attach_pte_range+0x190/0x9a0 [zcopy] lr : attach_pte_range+0xd4/0x9a0 [zcopy] sp : ffff8000be8abb20 x29: ffff8000be8abb80 x28: 0000ffff90e00000 x27: ffffa651cb444d08 x26: 0400000000000001 x25: 0000000000000000 x24: ffff203017961000 x23: 0000ffff87400000 x22: 0010000000000001 x21: fffffc80c05e5840 x20: ffff2020259111d0 x19: ffffa651cb443c40 x18: ffff8000be8ab9b0 x17: 0000000000000000 x16: ffffa651e40182b0 x15: ffffffffffffffbc x14: ffffa651e8b17c58 x13: ffff20301695a000 x12: ffffa651cb444a58 x11: 0000000000000154 x10: 0000ffff91000000 x9 : ffffa651cb43e574 x8 : 0000000000000000 x7 : ffff20300758a880 x6 : 0000000000200000 x5 : ffff203008b1b438 x4 : 0000000000000001 x3 : 00000000000001da x2 : fffffc0000000000 x1 : 0000000000000000 x0 : 00000000000001da Call trace: attach_pte_range+0x190/0x9a0 [zcopy] attach_page_range+0x22c/0x618 [zcopy] attach_pages+0x2b8/0x8b8 [zcopy] zcopy_ioctl+0xe8/0x168 [zcopy] vfs_ioctl+0x3c/0xa8 __se_sys_ioctl+0x12c/0x160 __arm64_sys_ioctl+0x40/0x68 invoke_syscall+0x8c/0x1d0 el0_svc_common.constprop.0+0x64/0x1d0 do_el0_svc+0x54/0xe0 el0_slow_syscall+0x44/0x1e8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Fixes: 8d543a8e74d5 ("zcopy: Introduce the pageattach interface") Signed-off-by: Liu Mingrui <liumingrui@huawei.com> --- drivers/misc/zcopy/zcopy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/misc/zcopy/zcopy.c b/drivers/misc/zcopy/zcopy.c index f4c56ce07e66..48c0702b96e5 100644 --- a/drivers/misc/zcopy/zcopy.c +++ b/drivers/misc/zcopy/zcopy.c @@ -709,7 +709,9 @@ static int attach_pages(unsigned long dst_addr, unsigned long src_addr, } trace_attach_page_range_start(dst_mm, src_mm, dst_addr, src_addr, size); + mmap_read_lock(src_mm); ret = attach_page_range(dst_mm, src_mm, dst_addr, src_addr, size); + mmap_read_unlock(src_mm); trace_attach_page_range_end(dst_mm, src_mm, dst_addr, src_addr, ret); unpin_user_pages_dirty_lock(process_pages, pinned_pages, 0); -- 2.25.1
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IDBQKW -------------------------------- Fix softlockup while attach PUD-SIZE page. Because we are not supported to PUD-SIZE page, just ignore to handle it. Also unsupported to filemapping PTE-PAGE to attach. watchdog: BUG: soft lockup - CPU#22 stuck for 23s! [ioctl_zcopy_too:2604618] CPU: 22 PID: 2604618 Comm: ioctl_zcopy_too Kdump: loaded Tainted: G OE 5.10.0+ #12 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.79 12/28/2022 pstate: 00000005 (nzcv daif -PAN -UAO -TCO BTYPE=--) pc : native_queued_spin_lock_slowpath+0x15c/0x390 lr : attach_huge_pmd+0x654/0x6b8 [zcopy] sp : ffff80002d76bc20 x29: ffff80002d76bc20 x28: fffffe0050e00028 x27: fffffe006dadadc0 x26: ffff001b778e81e8 x25: ffff001440000000 x24: fffffe006dbe3a28 x23: ffff00898038da48 x22: ffff800011b8a1e0 x21: 0000ffff47a00000 x20: ffff0018038c3740 x19: fffffe006dbe3a00 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000020 x15: 0000000000000000 x14: 0000000000000020 x13: 0000000000000008 x12: ffff001ffbffa2c0 x11: 0000000000000008 x10: 0000000000000002 x9 : ffff80000946c818 x8 : ffff80001182f5ee x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffff80001182f5f7 x4 : 0000000000000002 x3 : fffffe0050e00028 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000002 Call trace: native_queued_spin_lock_slowpath+0x15c/0x390 attach_page_range+0x214/0x4f0 [zcopy] attach_pages+0xf8/0x3a0 [zcopy] zcopy_ioctl.part.0+0x98/0xf0 [zcopy] zcopy_ioctl+0x2c/0xa4 [zcopy] __arm64_sys_ioctl+0xb0/0x110 invoke_syscall+0x50/0x134 el0_svc_common.constprop.0+0x68/0x124 do_el0_svc+0x34/0xe0 el0_svc+0x20/0x30 el0_sync_handler+0xb8/0xc0 fast_work_pending464+0x178/0x18c Kernel panic - not syncing: softlockup: hung tasks Fixes: 8d543a8e74d5 ("zcopy: Introduce the pageattach interface") Signed-off-by: Liu Mingrui <liumingrui@huawei.com> --- drivers/misc/zcopy/zcopy.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/misc/zcopy/zcopy.c b/drivers/misc/zcopy/zcopy.c index 48c0702b96e5..a64bc468c46a 100644 --- a/drivers/misc/zcopy/zcopy.c +++ b/drivers/misc/zcopy/zcopy.c @@ -179,6 +179,9 @@ static pud_t *zcopy_get_pud(struct mm_struct *mm, unsigned long addr) if (pud_none(*pud)) return NULL; + if (!pud_table(*pud)) + return NULL; + return pud; } -- 2.25.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/19576 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/KE4... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/19576 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/KE4...
participants (2)
-
Liu Mingrui -
patchwork bot