From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>,
Suresh Siddha <suresh.b.siddha@intel.com>,
Dave Airlie <airlied@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: [patch 41/74] x86, pat: Fix set_memory_wc related corruption
Date: Thu, 13 Aug 2009 12:50:16 -0700 [thread overview]
Message-ID: <20090813195130.664882602@mini.kroah.org> (raw)
In-Reply-To: <20090813195705.GA22393@kroah.com>
[-- Attachment #1: x86-pat-fix-set_memory_wc-related-corruption.patch --]
[-- Type: text/plain, Size: 2602 bytes --]
2.6.30-stable review patch. If anyone has any objections, please let us know.
------------------
From: Pallipadi, Venkatesh <venkatesh.pallipadi@intel.com>
commit bdc6340f4eb68295b1e7c0ade2356b56dca93d93 upstream.
Changeset 3869c4aa18835c8c61b44bd0f3ace36e9d3b5bd0
that went in after 2.6.30-rc1 was a seemingly small change to _set_memory_wc()
to make it complaint with SDM requirements. But, introduced a nasty bug, which
can result in crash and/or strange corruptions when set_memory_wc is used.
One such crash reported here
http://lkml.org/lkml/2009/7/30/94
Actually, that changeset introduced two bugs.
* change_page_attr_set() takes &addr as first argument and can the addr value
might have changed on return, even for single page change_page_attr_set()
call. That will make the second change_page_attr_set() in this routine
operate on unrelated addr, that can eventually cause strange corruptions
and bad page state crash.
* The second change_page_attr_set() call, before setting _PAGE_CACHE_WC, should
clear the earlier _PAGE_CACHE_UC_MINUS, as otherwise cache attribute will not
be WC (will be UC instead).
The patch below fixes both these problems. Sending a single patch to fix both
the problems, as the change is to the same line of code. The change to have a
addr_copy is not very clean. But, it is simpler than making more changes
through various routines in pageattr.c.
A huge thanks to Jerome for reporting this problem and providing a simple test
case that helped us root cause the problem.
Reported-by: Jerome Glisse <glisse@freedesktop.org>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <20090730214319.GA1889@linux-os.sc.intel.com>
Acked-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/x86/mm/pageattr.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -1002,12 +1002,15 @@ EXPORT_SYMBOL(set_memory_array_uc);
int _set_memory_wc(unsigned long addr, int numpages)
{
int ret;
+ unsigned long addr_copy = addr;
+
ret = change_page_attr_set(&addr, numpages,
__pgprot(_PAGE_CACHE_UC_MINUS), 0);
-
if (!ret) {
- ret = change_page_attr_set(&addr, numpages,
- __pgprot(_PAGE_CACHE_WC), 0);
+ ret = change_page_attr_set_clr(&addr_copy, numpages,
+ __pgprot(_PAGE_CACHE_WC),
+ __pgprot(_PAGE_CACHE_MASK),
+ 0, 0, NULL);
}
return ret;
}
next prev parent reply other threads:[~2009-08-13 20:07 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090813194935.985368088@mini.kroah.org>
2009-08-13 19:57 ` [patch 00/74] 2.6.30.5-stable review Greg KH
2009-08-13 19:49 ` [patch 01/74] iwlwifi: only show active power level via sysfs Greg KH
2009-08-13 19:49 ` [patch 02/74] be2net: Fix to avoid a crash seen on PPC with LRO and Jumbo frames Greg KH
2009-08-13 19:49 ` [patch 03/74] E100: work around the driver using streaming DMA mapping for RX descriptors Greg KH
2009-08-13 19:49 ` [patch 04/74] ipsec: Fix name of CAST algorithm Greg KH
2009-08-13 19:49 ` [patch 05/74] sky2: Fix checksum endianness Greg KH
2009-08-13 19:49 ` [patch 06/74] usbnet cdc_subset: fix issues talking to PXA gadgets Greg KH
2009-08-13 19:49 ` [patch 07/74] net: sk_prot_alloc() should not blindly overwrite memory Greg KH
2009-08-13 19:49 ` [patch 08/74] net: sock_copy() fixes Greg KH
2009-08-13 19:49 ` [patch 09/74] gro: Flush GRO packets in napi_disable_pending path Greg KH
2009-08-13 19:49 ` [patch 10/74] gso: Stop fraglists from escaping Greg KH
2009-08-13 19:49 ` [patch 11/74] net: Move rx skb_orphan call to where needed Greg KH
2009-08-13 19:49 ` [patch 12/74] inet: Call skb_orphan before tproxy activates Greg KH
2009-08-13 19:49 ` [patch 13/74] drm/i915: Save/restore cursor state on suspend/resume Greg KH
2009-08-13 19:49 ` [patch 14/74] drm/i915: add ignore lvds quirk info for AOpen Mini PC Greg KH
2009-08-13 19:49 ` [patch 15/74] drm/i915: apply G45 vblank count code to all G4x chips and fix max_frame_count Greg KH
2009-08-13 19:49 ` [patch 16/74] drm/i915: avoid non-atomic sysrq execution Greg KH
2009-08-13 19:49 ` [patch 17/74] drm/i915: Skip lvds with Aopen i945GTt-VFA Greg KH
2009-08-13 19:49 ` [patch 18/74] drm/i915: Hook connector to encoder during load detection (fixes tv/vga detect) Greg KH
2009-08-13 19:49 ` [patch 19/74] drm/i915: initialize fence registers to zero when loading GEM Greg KH
2009-08-13 19:49 ` [patch 20/74] drm/i915: Set SSC frequency for 8xx chips correctly Greg KH
2009-08-13 19:49 ` [patch 21/74] sysfs: fix hardlink count on device_move Greg KH
2009-08-13 19:49 ` [patch 22/74] USB: storage: raise timeout in usb_stor_Bulk_max_lun Greg KH
2009-08-13 19:49 ` [patch 23/74] edac: x38 fix mchbar high register addr Greg KH
2009-08-13 19:49 ` [patch 24/74] Make SCSI SG v4 driver enabled by default and remove EXPERIMENTAL dependency, since udev depends on BSG Greg KH
2009-08-13 19:50 ` [patch 25/74] SCSI: libsas: reuse the original port when hotplugging phys in wide ports Greg KH
2009-08-13 19:50 ` [patch 26/74] cifs: fix error handling in mount-time DFS referral chasing code Greg KH
2009-08-13 19:50 ` [patch 27/74] thinkpad-acpi: disable broken bay and dock subdrivers Greg KH
2009-08-13 19:50 ` [patch 28/74] thinkpad-acpi: fix incorrect use of TPACPI_BRGHT_MODE_ECNVRAM Greg KH
2009-08-13 22:06 ` Stefan Lippers-Hollmann
2009-08-13 22:13 ` Stefan Lippers-Hollmann
2009-08-13 22:29 ` Greg KH
2009-08-13 19:50 ` [patch 29/74] nilfs2: fix oops due to inconsistent state in page with discrete b-tree nodes Greg KH
2009-08-13 19:50 ` [patch 30/74] tracing: Fix invalid function_graph entry Greg KH
2009-08-13 19:50 ` [patch 31/74] tracing: Fix missing function_graph events when we splice_read from trace_pipe Greg KH
2009-08-13 19:50 ` [patch 32/74] parisc: isa-eeprom - Fix loff_t usage Greg KH
2009-08-13 19:50 ` [patch 33/74] cfg80211: add two missing NULL pointer checks Greg KH
2009-08-13 19:50 ` [patch 34/74] posix-timers: Fix oops in clock_nanosleep() with CLOCK_MONOTONIC_RAW Greg KH
2009-08-13 19:50 ` [patch 35/74] PM / ACPI: HP G7000 Notebook needs a SCI_EN resume quirk Greg KH
2009-08-13 19:50 ` [patch 36/74] powerpc/mpc83xx: Fix usb mux setup for mpc834x Greg KH
2009-08-13 19:50 ` [patch 37/74] hugetlbfs: fix i_blocks accounting Greg KH
2009-08-13 19:50 ` [patch 38/74] page-allocator: preserve PFN ordering when __GFP_COLD is set Greg KH
2009-08-13 19:50 ` [patch 39/74] x86: Fix CPA memtype reserving in the set_pages_array*() cases Greg KH
2009-08-13 19:50 ` [patch 40/74] x86: fix assembly constraints in native_save_fl() Greg KH
2009-08-13 19:50 ` Greg KH [this message]
2009-08-13 19:50 ` [patch 42/74] md/raid6: release spare page at ->stop() Greg KH
2009-08-13 19:50 ` [patch 43/74] md: when a level change reduces the number of devices, remove the excess Greg KH
2009-08-13 19:50 ` [patch 44/74] ide: fix handling of unexpected IRQs vs request_irq() Greg KH
2009-08-13 19:50 ` [patch 45/74] ide: relax DMA info validity checking Greg KH
2009-08-13 19:50 ` [patch 46/74] hwmon: (asus_atk0110) Fix upper limit readings Greg KH
2009-08-13 19:50 ` [patch 47/74] hwmon: (smsc47m1) Differentiate between LPC47M233 and LPC47M292 Greg KH
2009-08-13 19:50 ` [patch 48/74] i2c/tsl2550: Fix lux value in dark environment Greg KH
2009-08-13 19:50 ` [patch 49/74] firewire: sbp2: add support for disks >2 TB (and 16 bytes long CDBs) Greg KH
2009-08-13 19:50 ` [patch 50/74] ieee1394: " Greg KH
2009-08-13 19:50 ` [patch 51/74] atl1c: WAKE_MCAST tested twice, not WAKE_UCAST Greg KH
2009-08-13 19:50 ` [patch 52/74] atl1c: add missing parentheses Greg KH
2009-08-13 19:50 ` [patch 53/74] atl1c: misplaced parenthesis Greg KH
2009-08-13 19:50 ` [patch 54/74] md: Handle growth of v1.x metadata correctly Greg KH
2009-08-13 19:50 ` [patch 55/74] execve: must clear current->clear_child_tid Greg KH
2009-08-13 19:50 ` [patch 56/74] flat: fix uninitialized ptr with shared libs Greg KH
2009-08-13 19:50 ` [patch 57/74] compat_ioctl: hook up compat handler for FIEMAP ioctl Greg KH
2009-08-13 19:50 ` [patch 58/74] generic-ipi: fix hotplug_cfd() Greg KH
2009-08-13 19:50 ` [patch 59/74] Staging: rt2870: Revert d44ca7 Removal of kernel_thread() API Greg KH
2009-08-13 19:50 ` [patch 60/74] USB: ftdi_sio: add vendor and product id for Bayer glucose meter serial converter cable Greg KH
2009-08-13 19:50 ` [patch 61/74] USB: ftdi_sio: add product_id for Marvell OpenRD Base, Client Greg KH
2009-08-13 19:50 ` [patch 62/74] USB: storage: include Prolific Technology USB drive in unusual_devs list Greg KH
2009-08-13 19:50 ` [patch 63/74] USB: usbfs: fix -ENOENT error code to be -ENODEV Greg KH
2009-08-13 19:50 ` [patch 64/74] USB: devio: Properly do access_ok() checks Greg KH
2009-08-13 19:50 ` [patch 65/74] ring-buffer: Fix memleak in ring_buffer_free() Greg KH
2009-08-13 19:50 ` [patch 66/74] x86: Fix VMI && stack protector Greg KH
2009-08-13 19:50 ` [patch 67/74] mm_for_maps: simplify, use ptrace_may_access() Greg KH
2009-08-13 19:50 ` [patch 68/74] mm_for_maps: shift down_read(mmap_sem) to the caller Greg KH
2009-08-13 19:50 ` [patch 69/74] mm_for_maps: take ->cred_guard_mutex to fix the race with exec Greg KH
2009-08-13 19:50 ` [patch 70/74] Make sock_sendpage() use kernel_sendpage() Greg KH
2009-08-13 19:50 ` [patch 71/74] ring-buffer: Fix advance of reader in rb_buffer_peek() Greg KH
2009-08-13 19:50 ` [patch 72/74] NFS: Fix an O_DIRECT Oops Greg KH
2009-08-13 19:50 ` [patch 73/74] ALSA: hda - Add missing vmaster initialization for ALC269 Greg KH
2009-08-13 19:50 ` [patch 74/74] ide: fix memory leak when flush command is issued Greg KH
2009-08-13 22:32 ` [stable] [patch 00/74] 2.6.30.5-stable review Greg KH
2009-08-14 6:26 ` Ozan Çağlayan
2009-08-14 16:15 ` Greg KH
2009-08-14 17:00 ` Ozan Çağlayan
2009-08-14 17:09 ` Greg KH
2009-08-14 20:36 ` Ozan Çağlayan
2009-09-15 23:01 ` Greg KH
2009-09-16 6:22 ` Ozan Çağlayan
2009-09-16 13:41 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090813195130.664882602@mini.kroah.org \
--to=gregkh@suse.de \
--cc=airlied@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=suresh.b.siddha@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=venkatesh.pallipadi@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).