| From: Samu Kallio <> |
| Subject: [PATCH] x86: mm: Fix vmalloc_fault oops during lazy MMU updates. |
| Date: Sun, 17 Feb 2013 04:35:52 +0200 |
| |
| In paravirtualized x86_64 kernels, vmalloc_fault may cause an oops |
| when lazy MMU updates are enabled, because set_pgd effects are being |
| deferred. |
| |
| One instance of this problem is during process mm cleanup with memory |
| cgroups enabled. The chain of events is as follows: |
| |
| - zap_pte_range enables lazy MMU updates |
| - zap_pte_range eventually calls mem_cgroup_charge_statistics, |
| which accesses the vmalloc'd mem_cgroup per-cpu stat area |
| - vmalloc_fault is triggered which tries to sync the corresponding |
| PGD entry with set_pgd, but the update is deferred |
| - vmalloc_fault oopses due to a mismatch in the PUD entries |
| |
| Calling arch_flush_lazy_mmu_mode immediately after set_pgd makes the |
| changes visible to the consistency checks. |
| |
| Signed-off-by: Samu Kallio <samu.kallio@aberdeencloud.com> |
| |
| arch/x86/mm/fault.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
| index 8e13ecb..0a45298 100644 |
| |
| |
| @@ -378,10 +378,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) |
| if (pgd_none(*pgd_ref)) |
| return -1; |
| |
| - if (pgd_none(*pgd)) |
| + if (pgd_none(*pgd)) { |
| set_pgd(pgd, *pgd_ref); |
| - else |
| + arch_flush_lazy_mmu_mode(); |
| + } else { |
| BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); |
| + } |
| |
| /* |
| * Below here mismatches are bugs because these lower tables |
| -- |
| 1.8.1.3 |
| |
| |