提交 b74253f7 编写于 作者: W Will Deacon 提交者: Russell King

ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with VIVT caches

The vivt_flush_cache_{range,page} functions check that the mm_struct
of the VMA being flushed has been active on the current CPU before
performing the cache maintenance.

The gate_vma has a NULL mm_struct pointer and, as such, will cause a
kernel fault if we try to flush it with the above operations. This
happens during ELF core dumps, which include the gate_vma as it may be
useful for debugging purposes.

This patch adds checks to the VIVT cache flushing functions so that VMAs
with a NULL mm_struct are flushed unconditionally (the vectors page may
be dirty if we use it to store the current TLS pointer).

Cc: <stable@vger.kernel.org> # 3.4+
Reported-by: NGilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
Tested-by: NUros Bizjak <ubizjak@gmail.com>
Signed-off-by: NWill Deacon <will.deacon@arm.com>
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
上级 15ac49b6
...@@ -215,7 +215,9 @@ static inline void vivt_flush_cache_mm(struct mm_struct *mm) ...@@ -215,7 +215,9 @@ static inline void vivt_flush_cache_mm(struct mm_struct *mm)
static inline void static inline void
vivt_flush_cache_range(struct vm_area_struct *vma, unsigned long start, unsigned long end) vivt_flush_cache_range(struct vm_area_struct *vma, unsigned long start, unsigned long end)
{ {
if (cpumask_test_cpu(smp_processor_id(), mm_cpumask(vma->vm_mm))) struct mm_struct *mm = vma->vm_mm;
if (!mm || cpumask_test_cpu(smp_processor_id(), mm_cpumask(mm)))
__cpuc_flush_user_range(start & PAGE_MASK, PAGE_ALIGN(end), __cpuc_flush_user_range(start & PAGE_MASK, PAGE_ALIGN(end),
vma->vm_flags); vma->vm_flags);
} }
...@@ -223,7 +225,9 @@ vivt_flush_cache_range(struct vm_area_struct *vma, unsigned long start, unsigned ...@@ -223,7 +225,9 @@ vivt_flush_cache_range(struct vm_area_struct *vma, unsigned long start, unsigned
static inline void static inline void
vivt_flush_cache_page(struct vm_area_struct *vma, unsigned long user_addr, unsigned long pfn) vivt_flush_cache_page(struct vm_area_struct *vma, unsigned long user_addr, unsigned long pfn)
{ {
if (cpumask_test_cpu(smp_processor_id(), mm_cpumask(vma->vm_mm))) { struct mm_struct *mm = vma->vm_mm;
if (!mm || cpumask_test_cpu(smp_processor_id(), mm_cpumask(mm))) {
unsigned long addr = user_addr & PAGE_MASK; unsigned long addr = user_addr & PAGE_MASK;
__cpuc_flush_user_range(addr, addr + PAGE_SIZE, vma->vm_flags); __cpuc_flush_user_range(addr, addr + PAGE_SIZE, vma->vm_flags);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册