Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision d0fc63f7bd07cb779a06dc1cdd0c5a14e7f5d562 authored by Stuart Bennett on 08 March 2009, 18:21:35 UTC, committed by Ingo Molnar on 08 March 2009, 18:51:23 UTC 
x86 mmiotrace: fix remove_kmmio_fault_pages()
 
Impact: fix race+crash in mmiotrace

The list manipulation in remove_kmmio_fault_pages() was broken. If more
than one consecutive kmmio_fault_page was re-added during the grace
period between unregister_kmmio_probe() and remove_kmmio_fault_pages(),
the list manipulation failed to remove pages from the release list.

After a second grace period the pages get into rcu_free_kmmio_fault_pages()
and raise a BUG_ON() kernel crash.

The list manipulation is fixed to properly remove pages from the release
list.

This bug has been present from the very beginning of mmiotrace in the
mainline kernel. It was introduced in 0fd0e3da ("x86: mmiotrace full
patch, preview 1");

An urgent fix for Linus. Tested by Stuart (on 32-bit) and Pekka
(on amd and intel 64-bit systems, nouveau and nvidia proprietary).

Signed-off-by: Stuart Bennett <stuart@freedesktop.org>
Signed-off-by: Pekka Paalanen <pq@iki.fi>
LKML-Reference: <20090308202135.34933feb@daedalus.pq.iki.fi>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
1 parent 73bf1b6
History
Tip revision: d0fc63f7bd07cb779a06dc1cdd0c5a14e7f5d562 authored by Stuart Bennett on 08 March 2009, 18:21:35 UTC
x86 mmiotrace: fix remove_kmmio_fault_pages()
Tip revision: d0fc63f
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
usr
virt
.gitignore -rw-r--r-- 867 bytes
.mailmap -rw-r--r-- 3.9 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 91.3 KB
Kbuild -rw-r--r-- 2.4 KB
MAINTAINERS -rw-r--r-- 107.1 KB
Makefile -rw-r--r-- 53.2 KB
README -rw-r--r-- 16.7 KB
REPORTING-BUGS -rw-r--r-- 3.1 KB

README

back to top