linux-mips
[Top] [All Lists]

Re: [MIPS] TLB handler fix for vmalloc'ed addresses

To: Maxim Uvarov <muvarov@ru.mvista.com>
Subject: Re: [MIPS] TLB handler fix for vmalloc'ed addresses
From: Ralf Baechle <ralf@linux-mips.org>
Date: Thu, 10 Sep 2009 17:37:44 +0200
Cc: linux-mips@linux-mips.org
In-reply-to: <4AA90F3B.6000204@ru.mvista.com>
Original-recipient: rfc822;linux-mips@linux-mips.org
References: <4AA656D8.9040608@ru.mvista.com> <20090910141518.GA10547@linux-mips.org> <4AA90F3B.6000204@ru.mvista.com>
Sender: linux-mips-bounce@linux-mips.org
User-agent: Mutt/1.5.19 (2009-01-05)
On Thu, Sep 10, 2009 at 06:37:47PM +0400, Maxim Uvarov wrote:

>>> TLB exception handler incorrecly handles situation
>>> with wrong vmalloc'ed addresses.  This patch adds
>>> verifications for vmalloc'ed addresses (similar to
>>> x86_64 implementation). So the code now traps inside
>>> do_page_fault() on access to the wrong area.
>>>
>>> Signed-off-by: Maxim Uvarov <muvarov@ru.mvista.com>
>>>
>>> Test case:
>>>
>>> #include <linux/module.h>
>>> #include <linux/init.h>
>>> #include <linux/kernel.h>
>>> #include <linux/kthread.h>
>>> #include <linux/delay.h>
>>>
>>> static struct task_struct *ts;
>>> static int example_thread(void *dummy)
>>> {
>>>     void *ptr;
>>>     ptr = vmalloc(16*1024*1024);
>>>     for(;;)
>>>     {
>>>             msleep(100);
>>>     }
>>> }
>>
>> So your test case allocates vmalloc memory but never touches it.
>
> Yes, it is so. Bug occurs on rmmod this module. (Module does not free memory
> allocated with vmalloc().

Nor does it stop the thread on exit or avoid unloading.  So panicing is
expected.

  Ralf

<Prev in Thread] Current Thread [Next in Thread>