Skip to content

Commit

Permalink
x86: check PMD in spurious_fault handler
Browse files Browse the repository at this point in the history
Impact: fix to prevent hard lockup on bad PMD permissions

If the PMD does not have the correct permissions for a page access,
but the PTE does, the spurious fault handler will mistake the fault
as a lazy TLB transaction. This will result in an infinite loop of:

 fault -> spurious_fault check (pass) -> return to code -> fault

This patch adds a check and a warn on if the PTE passes the permissions
but the PMD does not.

[ Updated: Ingo Molnar suggested using WARN_ONCE with some text ]

Signed-off-by: Steven Rostedt <srostedt@redhat.com>
  • Loading branch information
Steven Rostedt committed Feb 20, 2009
1 parent 07a66d7 commit 3c3e569
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion arch/x86/mm/fault.c
Original file line number Diff line number Diff line change
Expand Up @@ -455,6 +455,7 @@ static int spurious_fault(unsigned long address,
pud_t *pud;
pmd_t *pmd;
pte_t *pte;
int ret;

/* Reserved-bit violation or user access to kernel space? */
if (error_code & (PF_USER | PF_RSVD))
Expand Down Expand Up @@ -482,7 +483,17 @@ static int spurious_fault(unsigned long address,
if (!pte_present(*pte))
return 0;

return spurious_fault_check(error_code, pte);
ret = spurious_fault_check(error_code, pte);
if (!ret)
return 0;

/*
* Make sure we have permissions in PMD
* If not, then there's a bug in the page tables.
*/
ret = spurious_fault_check(error_code, (pte_t *) pmd);
WARN_ONCE(!ret, "PMD has incorrect permission bits\n");
return ret;
}

/*
Expand Down

0 comments on commit 3c3e569

Please sign in to comment.