From: Junxiao Bi <jun...@or...> - 2012-08-22 03:00:30
|
If one kernel path is using KM_USER0 slot and is interrupted by the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot will be overwrite and cleared to zero at last, when the control return to the original kernel path, it will access an invalid virtual address and trigger a crash. Cc: Robert Richter <rob...@am...> Cc: Greg KH <gr...@li...> Cc: st...@vg... Signed-off-by: Junxiao Bi <jun...@or...> Hi, Please review this patch. It is for linux-2.6.32.y stable branch not for mainline. Thanks, Junxiao. --- arch/x86/oprofile/backtrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c index 829edf0..b50a280 100644 --- a/arch/x86/oprofile/backtrace.c +++ b/arch/x86/oprofile/backtrace.c @@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) offset = addr & (PAGE_SIZE - 1); size = min(PAGE_SIZE - offset, n - len); - map = kmap_atomic(page, KM_USER0); + map = kmap_atomic(page, KM_NMI); memcpy(to, map+offset, size); - kunmap_atomic(map, KM_USER0); + kunmap_atomic(map, KM_NMI); put_page(page); len += size; -- 1.7.9.5 |