From: Robert R. <rob...@am...> - 2012-08-22 07:23:17
|
On 22.08.12 10:21:07, Junxiao Bi wrote: > If one kernel path is using KM_USER0 slot and is interrupted by > the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot > will be overwrite and cleared to zero at last, when the control > return to the original kernel path, it will access an invalid > virtual address and trigger a crash. > > Cc: Robert Richter <rob...@am...> > Cc: Greg KH <gr...@li...> > Cc: st...@vg... > Signed-off-by: Junxiao Bi <jun...@or...> > > Hi, Please review this patch. > > It is for linux-2.6.32.y stable branch not for mainline. I am not sure if there will be any .32 stable release in the future, but this could be at least for .34 or if there is one for .27 and .35. > > Thanks, > Junxiao. > --- > arch/x86/oprofile/backtrace.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) We should implement the perf version here, which does a: int type = in_nmi() ? KM_NMI : KM_IRQ0; See arch/x86/kernel/cpu/perf_event.c. -Robert > > diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c > index 829edf0..b50a280 100644 > --- a/arch/x86/oprofile/backtrace.c > +++ b/arch/x86/oprofile/backtrace.c > @@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) > offset = addr & (PAGE_SIZE - 1); > size = min(PAGE_SIZE - offset, n - len); > > - map = kmap_atomic(page, KM_USER0); > + map = kmap_atomic(page, KM_NMI); > memcpy(to, map+offset, size); > - kunmap_atomic(map, KM_USER0); > + kunmap_atomic(map, KM_NMI); > put_page(page); > > len += size; > -- > 1.7.9.5 > > -- Advanced Micro Devices, Inc. Operating System Research Center |