[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [3.19.y-ckt stable] Patch "x86/mm/xen: Suppress hugetlbfs in PV guests" has been added to the 3.19.y-ckt tree

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
Date: Tue, 26 Apr 2016 12:54:33 -0700
Cc: Juergen Gross <JGross@xxxxxxxx>, Denys Vlasenko <dvlasenk@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Kamal Mostafa <kamal@xxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, kernel-team@xxxxxxxxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Toshi Kani <toshi.kani@xxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
Delivery-date: Tue, 26 Apr 2016 19:56:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

This is a note to let you know that I have just added a patch titled

    x86/mm/xen: Suppress hugetlbfs in PV guests

to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue

This patch is scheduled to be released in version 3.19.8-ckt20.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

---8<------------------------------------------------------------

From d34f71f0ba7a50c24907c38797f54bc303b4ca44 Mon Sep 17 00:00:00 2001
From: Jan Beulich <JBeulich@xxxxxxxx>
Date: Thu, 21 Apr 2016 00:27:04 -0600
Subject: x86/mm/xen: Suppress hugetlbfs in PV guests

commit 103f6112f253017d7062cd74d17f4a514ed4485c upstream.

Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

  kernel BUG at .../fs/hugetlbfs/inode.c:428!
  invalid opcode: 0000 [#1] SMP
  ...
  RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] 
remove_inode_hugepages+0x25b/0x320
  ...
  Call Trace:
   [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
   [<ffffffff81167b3d>] evict+0xbd/0x1b0
   [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
   [<ffffffff81165b0e>] dput+0x1fe/0x220
   [<ffffffff81150535>] __fput+0x155/0x200
   [<ffffffff81079fc0>] task_work_run+0x60/0xa0
   [<ffffffff81063510>] do_exit+0x160/0x400
   [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
   [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
   [<ffffffff8100f854>] do_signal+0x14/0x110
   [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
   [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Brian Gerst <brgerst@xxxxxxxxx>
Cc: David Vrabel <david.vrabel@xxxxxxxxxx>
Cc: Denys Vlasenko <dvlasenk@xxxxxxxxxx>
Cc: H. Peter Anvin <hpa@xxxxxxxxx>
Cc: Juergen Gross <JGross@xxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Luis R. Rodriguez <mcgrof@xxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Toshi Kani <toshi.kani@xxxxxx>
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Link: http://lkml.kernel.org/r/57188ED802000078000E431C@xxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
---
 arch/x86/include/asm/hugetlb.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h
index 68c0539..7aadd3c 100644
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>

+#define hugepages_supported() cpu_has_pse

 static inline int is_hugepage_only_range(struct mm_struct *mm,
                                         unsigned long addr,
--
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Prev by Date: [Xen-devel] [xen-unstable-smoke test] 92860: tolerable all pass - PUSHED
Next by Date: Re: [Xen-devel] Should we mark RTDS as supported feature from experimental feature?
Previous by thread: [Xen-devel] [xen-unstable-smoke test] 92860: tolerable all pass - PUSHED
Next by thread: [Xen-devel] [ovmf test] 92813: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.