From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760349AbcBYJrB (ORCPT ); Thu, 25 Feb 2016 04:47:01 -0500 Received: from torg.zytor.com ([198.137.202.12]:33708 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1759479AbcBYJq6 (ORCPT ); Thu, 25 Feb 2016 04:46:58 -0500 Date: Thu, 25 Feb 2016 01:45:35 -0800 From: tip-bot for Jan Beulich Message-ID: Cc: tglx@linutronix.de, linux-kernel@vger.kernel.org, JBeulich@suse.com, jbeulich@suse.com, a.p.zijlstra@chello.nl, mingo@kernel.org, hpa@zytor.com Reply-To: jbeulich@suse.com, JBeulich@suse.com, a.p.zijlstra@chello.nl, mingo@kernel.org, hpa@zytor.com, tglx@linutronix.de, linux-kernel@vger.kernel.org In-Reply-To: <56BB0AD402000078000D05BF@prv-mh.provo.novell.com> References: <56BB0AD402000078000D05BF@prv-mh.provo.novell.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/mm] x86/mm: Avoid premature success when changing page attributes Git-Commit-ID: 405e1133d00e0271cedef75c17ecb773ff3e2732 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 405e1133d00e0271cedef75c17ecb773ff3e2732 Gitweb: http://git.kernel.org/tip/405e1133d00e0271cedef75c17ecb773ff3e2732 Author: Jan Beulich AuthorDate: Wed, 10 Feb 2016 02:03:00 -0700 Committer: Thomas Gleixner CommitDate: Thu, 25 Feb 2016 10:41:43 +0100 x86/mm: Avoid premature success when changing page attributes set_memory_nx() (and set_memory_x()) currently differ in behavior from all other set_memory_*() functions when encountering a virtual address space hole within the kernel address range: They stop processing at the hole, but nevertheless report success (making the caller believe the operation was carried out on the entire range). While observed to be a problem - triggering the CONFIG_DEBUG_WX warning - only with out of tree code, I suspect (but didn't check) that on x86-64 the CONFIG_DEBUG_PAGEALLOC logic in free_init_pages() would, when called from free_initmem(), have the same effect on the set_memory_nx() called from mark_rodata_ro(). This unexpected behavior is a result of change_page_attr_set_clr() special casing changes to only the NX bit, in that it passes "false" as the "checkalias" argument to __change_page_attr_set_clr(). Since this flag becomes the "primary" argument of both __change_page_attr() and __cpa_process_fault(), the latter would so far return success without adjusting cpa->numpages. Success to the higher level callers, however, means that whatever cpa->numpages currently holds is the count of successfully processed pages. The cases when __change_page_attr() calls __cpa_process_fault(), otoh, don't generally mean the entire range got processed (as can be seen from one of the two success return paths in __cpa_process_fault() already adjusting ->numpages). Signed-off-by: Jan Beulich Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/56BB0AD402000078000D05BF@prv-mh.provo.novell.com Signed-off-by: Thomas Gleixner --- arch/x86/mm/pageattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 2440814..3dd6afd 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1122,8 +1122,10 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr, /* * Ignore all non primary paths. */ - if (!primary) + if (!primary) { + cpa->numpages = 1; return 0; + } /* * Ignore the NULL PTE for kernel identity mapping, as it is expected