lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4994BE06.4040006@goop.org>
Date:	Thu, 12 Feb 2009 16:25:42 -0800
From:	Jeremy Fitzhardinge <jeremy@...p.org>
To:	Ingo Molnar <mingo@...e.hu>
CC:	the arch/x86 maintainers <x86@...nel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Xen-devel <xen-devel@...ts.xensource.com>
Subject: [PATCH] xen: Fix xen_flush_tlb_others

From: Ian Campbell <Ian.Campbell@...rix.com>

    xen: Fix xen_flush_tlb_others
    
    The commit
        commit 4595f9620cda8a1e973588e743cf5f8436dd20c6
        Author: Rusty Russell <rusty@...tcorp.com.au>
        Date:   Sat Jan 10 21:58:09 2009 -0800
    
            x86: change flush_tlb_others to take a const struct cpumask
    
    causes xen_flush_tlb_others to allocate a multicall and then issue it
    without initializing it in the case where the cpumask is empty,
    leading to:
    
            [    8.354898] 1 multicall(s) failed: cpu 1
            [    8.354921] Pid: 2213, comm: bootclean Not tainted 2.6.29-rc3-x86_32p-xenU-tip #135
            [    8.354937] Call Trace:
            [    8.354955]  [<c01036e3>] xen_mc_flush+0x133/0x1b0
            [    8.354971]  [<c0105d2a>] ? xen_force_evtchn_callback+0x1a/0x30
            [    8.354988]  [<c0105a60>] xen_flush_tlb_others+0xb0/0xd0
            [    8.355003]  [<c0126643>] flush_tlb_page+0x53/0xa0
            [    8.355018]  [<c0176a80>] do_wp_page+0x2a0/0x7c0
            [    8.355034]  [<c0238f0a>] ? notify_remote_via_irq+0x3a/0x70
            [    8.355049]  [<c0178950>] handle_mm_fault+0x7b0/0xa50
            [    8.355065]  [<c0131a3e>] ? wake_up_new_task+0x8e/0xb0
            [    8.355079]  [<c01337b5>] ? do_fork+0xe5/0x320
            [    8.355095]  [<c0121919>] do_page_fault+0xe9/0x240
            [    8.355109]  [<c0121830>] ? do_page_fault+0x0/0x240
            [    8.355125]  [<c032457a>] error_code+0x72/0x78
            [    8.355139]   call  1/1: op=2863311530 arg=[aaaaaaaa] result=-38     xen_flush_tlb_others+0x41/0xd0
    
    Since empty cpumasks are rare and undoing an xen_mc_entry() is tricky
    just issue such requests normally.
    
    Signed-off-by: Ian Campbell <ian.campbell@...rix.com>
    Cc: Jeremy Fitzhardinge <jeremy@...p.org>
    Cc: Ingo Molnar <mingo@...e.hu>
    Cc: Rusty Russell <rusty@...tcorp.com.au>
    Cc: Mike Travis <travis@....com>
    Cc: x86@...nel.org

diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index d2e8ed1..319bd40 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1273,8 +1273,6 @@ static void xen_flush_tlb_others(const struct cpumask *cpus,
 	/* Remove us, and any offline CPUS. */
 	cpumask_and(to_cpumask(args->mask), cpus, cpu_online_mask);
 	cpumask_clear_cpu(smp_processor_id(), to_cpumask(args->mask));
-	if (unlikely(cpumask_empty(to_cpumask(args->mask))))
-		goto issue;
 
 	if (va == TLB_FLUSH_ALL) {
 		args->op.cmd = MMUEXT_TLB_FLUSH_MULTI;
@@ -1285,7 +1283,6 @@ static void xen_flush_tlb_others(const struct cpumask *cpus,
 
 	MULTI_mmuext_op(mcs.mc, &args->op, 1, NULL, DOMID_SELF);
 
-issue:
 	xen_mc_issue(PARAVIRT_LAZY_MMU);
 }
 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ