Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP... | stable

[ 00/82] 3.4.2-stable review · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 01/82] exofs: Fix CRASH on very early IO errors. · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 02/82] microblaze: Do not select GENERIC_GPIO by default · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 04/82] SCSI: Fix dm-multipath starvation when scsi host is busy · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 03/82] SCSI: fix scsi_wait_scan · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 06/82] mm: fix NULL ptr deref when walking hugepages · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 07/82] mm: consider all swapped back pages in used-once logic · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Josh Boyer <hidden> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Andrea Arcangeli <hidden> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Linus Torvalds <torvalds@linux-foundation.org> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Andrea Arcangeli <hidden> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Andrea Arcangeli <hidden> · 2012-06-07
[PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE · Andrea Arcangeli <hidden> · 2012-06-07
Re: [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE\ · Konrad Rzeszutek Wilk <hidden> · 2012-06-10
Re: [Xen-devel] [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE\ · Andrew Jones <hidden> · 2012-06-11
Re: [Xen-devel] [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE\ · Konrad Rzeszutek Wilk <hidden> · 2012-06-11
Re: [Xen-devel] [PATCH] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE\ · Andrea Arcangeli <hidden> · 2012-06-11
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Andrea Arcangeli <hidden> · 2012-06-07
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Greg KH <gregkh@linuxfoundation.org> · 2012-06-08
Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition · Konrad Rzeszutek Wilk <hidden> · 2012-06-07
[ 05/82] mm/fork: fix overflow in vma length when copying mmap on clone · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 11/82] iwlwifi: do not use shadow registers by default · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 12/82] cifs: Include backup intent search flags during searches {try #2) · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 14/82] PARISC: fix boot failure on 32-bit systems caused by branch stubs placed before .text · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 10/82] iwlwifi: update BT traffic load states correctly · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 16/82] solos-pci: Fix DMA support · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 17/82] MIPS: BCM63XX: Add missing include for bcm63xx_gpio.h · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 18/82] mac80211: fix ADDBA declined after suspend with wowlan · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 19/82] ixp4xx: fix compilation by adding gpiolib support · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 21/82] x86, amd, xen: Avoid NULL pointer paravirt references · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 22/82] NFS: kmalloc() doesnt return an ERR_PTR() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 23/82] NFSv4: Map NFS4ERR_SHARE_DENIED into an EACCES error instead of EIO · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 24/82] hugetlb: fix resv_map leak in error path · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 26/82] iommu/amd: Check for the right TLP prefix bit · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 25/82] sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 28/82] drm/radeon: fix XFX quirk · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 29/82] drm/radeon: fix typo in trinity tiling setup · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 32/82] drm/i915: wait for a vblank to pass after tv detect · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 33/82] drm/i915: no lvds quirk for HP t5740e Thin Client · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 34/82] kbuild: install kernel-page-flags.h · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 35/82] mm: fix vma_resv_map() NULL pointer · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 31/82] drm/i915: Adding TV Out Missing modes. · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 37/82] slub: fix a memory leak in get_partial_node() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 38/82] vfs: umount_tree() might be called on subtree that had never made it · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 40/82] fec_mpc52xx: fix timestamp filtering · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 42/82] x86: Reset the debug_stack update counter · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 43/82] mtd: nand: fix scan_read_raw_oob · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 44/82] mtd: of_parts: fix breakage in Kconfig · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 45/82] mtd: block2mtd: fix recursive call of mtd_writev · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 41/82] x86, x32, ptrace: Remove PTRACE_ARCH_PRCTL for x32 · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 48/82] drm/radeon: fix bank information in tiling config · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 49/82] drm/radeon: properly program gart on rv740, juniper, cypress, barts, hemlock · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 50/82] drm/radeon: fix HD6790, HD6570 backend programming · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 46/82] mtd: mxc_nand: move ecc strengh setup before nand_scan_tail · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 53/82] asix: allow full size 8021Q frames to be received · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
Re: [ 53/82] asix: allow full size 8021Q frames to be received · Ben Hutchings <hidden> · 2012-06-08
Re: [ 53/82] asix: allow full size 8021Q frames to be received · David Miller <davem@davemloft.net> · 2012-06-08
[ 54/82] ipv4: fix the rcu race between free_fib_info and ip_route_output_slow · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 55/82] ipv6: fix incorrect ipsec fragment · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 51/82] drm/ttm: Fix spinlock imbalance · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 57/82] skb: avoid unnecessary reallocations in __skb_cow · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 58/82] xfrm: take net hdr len into account for esp payload size calculation · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 60/82] ext4: force ro mount if ext4_setup_super() fails · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 59/82] ext4: fix potential NULL dereference in ext4_free_inodes_counts() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 61/82] ext4: fix potential integer overflow in alloc_flex_gd() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 63/82] ext4: add missing save_error_info() to ext4_error() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 56/82] l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 66/82] ext4: remove mb_groups before tearing down the buddy_cache · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 62/82] ext4: disallow hard-linked directory in ext4_lookup · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 68/82] drm/radeon/audio: dont hardcode CRTC id · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 70/82] drm/radeon/kms: add new Trinity PCI ids · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 71/82] drm/radeon/kms: add new Palm, Sumo PCI ids · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 67/82] radix-tree: fix contiguous iterator · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 74/82] iommu/amd: Cache pdev pointer to root-bridge · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 75/82] iommu/amd: Fix deadlock in ppr-handling error path · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 76/82] ACPI battery: only refresh the sysfs files when pertinent information changes · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 72/82] drm/radeon/kms: add new BTC PCI ids · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 78/82] md: raid1/raid10: fix problem with merge_bvec_fn · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 79/82] wl1251: fix oops on early interrupt · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 80/82] drm/i915: always use RPNSWREQ for turbo change requests · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 81/82] drm/i915/dp: Flush any outstanding work to turn the VDD off · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 82/82] drm/i915: enable vdd when switching off the eDP panel · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 77/82] vfs: Fix /proc/<tid>/fdinfo/<fd> file handling · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 73/82] drm/radeon/kms: add new SI PCI ids · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 69/82] drm/radeon: fix vm deadlocks on cayman · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 65/82] ext4: add ext4_mb_unload_buddy in the error path · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Ben Hutchings <hidden> · 2012-06-08
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · "Ted Ts'o" <tytso@mit.edu> · 2012-06-08
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Ben Hutchings <hidden> · 2012-06-08
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · "Ted Ts'o" <tytso@mit.edu> · 2012-06-08
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Ben Hutchings <hidden> · 2012-06-08
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · "Ted Ts'o" <tytso@mit.edu> · 2012-06-09
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Ben Hutchings <hidden> · 2012-06-09
Re: [ 64/82] ext4: dont trash state flags in EXT4_IOC_SETFLAGS · Greg KH <gregkh@linuxfoundation.org> · 2012-06-09
[ 52/82] drm/vmwgfx: Fix nasty write past alloced memory area · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 47/82] drm/radeon: fix regression in UMS CS ioctl · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 36/82] ALSA: usb-audio: fix rate_list memory leak · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 39/82] vfs: increment iversion when a file is truncated · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 30/82] drm/i915: properly handle interlaced bit for sdvo dtd conversion · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 27/82] iommu/amd: Add workaround for event log erratum · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 20/82] ath9k: fix a use-after-free-bug when ath_tx_setup_buffer() fails · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 15/82] PARISC: fix TLB fault path on PA2.0 narrow systems · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 13/82] cifs: fix oops while traversing open file list (try #4) · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07
[ 09/82] mm: fix faulty initialization in vmalloc_init() · Greg KH <gregkh@linuxfoundation.org> · 2012-06-07

Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition

From: Josh Boyer <hidden>
Date: 2012-06-07 13:42:57
Also in: lkml

On Thu, Jun 7, 2012 at 12:03 AM, Greg KH [off-list ref] wrote:

3.4-stable review patch. ï¿½If anyone has any objections, please let me know.

------------------

From: Andrea Arcangeli <redacted>

commit 26c191788f18129af0eb32a358cdaea0c7479626 upstream.

When holding the mmap_sem for reading, pmd_offset_map_lock should only
run on a pmd_t that has been read atomically from the pmdp pointer,
otherwise we may read only half of it leading to this crash.

This one is important, but it can break Xen apparently:

http://permalink.gmane.org/gmane.comp.emulators.xen.devel/132522
https://bugzilla.redhat.com/show_bug.cgi?id=829016

Not sure if you want to hold off on it or see if Andrea comes up with
a follow up fix?

josh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help