lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Aug 2017 13:39:06 -0400 From: kan.liang@...el.com To: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, axboe@...com, viro@...iv.linux.org.uk, kirill.shutemov@...ux.intel.com, ying.huang@...el.com, npiggin@...il.com, mingo@...nel.org Cc: Kan Liang <kan.liang@...el.com> Subject: [PATCH] mm: allow page_cache_get_speculative in interrupt context From: Kan Liang <kan.liang@...el.com> Kernel panic when calling the IRQ-safe __get_user_pages_fast in NMI handler. The bug was introduced by commit: 2947ba054a4d ("x86/mm/gup: Switch GUP to the generic get_user_page_fast() implementation") The original x86 __get_user_page_fast used plain get_page() or page_ref_add(). However, the generic __get_user_page_fast uses page_cache_get_speculative(), which has VM_BUG_ON(in_interrupt()). There is no reason to prevent page_cache_get_speculative from using in interrupt context. According to the author, putting a BUG_ON there is just because the code is not verifying correctness of interrupt races. I did some tests in interrupt context. There is no issue found. Removing VM_BUG_ON(in_interrupt()) for page_cache_get_speculative(). Signed-off-by: Kan Liang <kan.liang@...el.com> --- include/linux/pagemap.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index baa9344..79b36f5 100644 --- a/include/linux/pagemap.h +++ b/include/linux/pagemap.h @@ -163,8 +163,6 @@ void release_pages(struct page **pages, int nr, bool cold); */ static inline int page_cache_get_speculative(struct page *page) { - VM_BUG_ON(in_interrupt()); - #ifdef CONFIG_TINY_RCU # ifdef CONFIG_PREEMPT_COUNT VM_BUG_ON(!in_atomic() && !irqs_disabled()); -- 2.4.3
Powered by blists - more mailing lists