Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c3e5694 authored by Steven Rostedt's avatar Steven Rostedt
Browse files

x86: check PMD in spurious_fault handler 



Impact: fix to prevent hard lockup on bad PMD permissions

If the PMD does not have the correct permissions for a page access,
but the PTE does, the spurious fault handler will mistake the fault
as a lazy TLB transaction. This will result in an infinite loop of:

 fault -> spurious_fault check (pass) -> return to code -> fault

This patch adds a check and a warn on if the PTE passes the permissions
but the PMD does not.

[ Updated: Ingo Molnar suggested using WARN_ONCE with some text ]

Signed-off-by: default avatarSteven Rostedt <srostedt@redhat.com>
parent 07a66d7c

arch/x86/mm/fault.c

+12 −1
Original line number Diff line number Diff line
@@ -455,6 +455,7 @@ static int spurious_fault(unsigned long address, 
	pud_t *pud;

	pmd_t *pmd;

	pte_t *pte;

	int ret;



	/* Reserved-bit violation or user access to kernel space? */

	if (error_code & (PF_USER | PF_RSVD))
@@ -482,7 +483,17 @@ static int spurious_fault(unsigned long address, 
	if (!pte_present(*pte))

		return 0;



	return spurious_fault_check(error_code, pte);

	ret = spurious_fault_check(error_code, pte);

	if (!ret)

		return 0;



	/*

	 * Make sure we have permissions in PMD

	 * If not, then there's a bug in the page tables.

	 */

	ret = spurious_fault_check(error_code, (pte_t *) pmd);

	WARN_ONCE(!ret, "PMD has incorrect permission bits\n");

	return ret;

}



/*