rpms/kernel/devel linux-2.6-pat-fix.patch, NONE, 1.1.2.1 kernel.spec, 1.1688.4.1, 1.1688.4.2
Matthew Garrett
mjg59 at fedoraproject.org
Wed Aug 12 00:50:20 UTC 2009
- Previous message (by thread): rpms/kernel/devel config-x86-generic, 1.86, 1.86.8.1 config-x86_64-generic, 1.88, 1.88.8.1 kernel.spec, 1.1688, 1.1688.4.1
- Next message (by thread): rpms/gnonlin/devel .cvsignore, 1.15, 1.16 gnonlin.spec, 1.27, 1.28 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjg59
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19701
Modified Files:
Tag: private-f12-2_6_31_rc5-imeanit
kernel.spec
Added Files:
Tag: private-f12-2_6_31_rc5-imeanit
linux-2.6-pat-fix.patch
Log Message:
* Wed Aug 12 2009 Matthew Garrett <mjg at redhat.com>
- linux-2.6-pat-fix.patch - fix potential memory corruption in KMS
linux-2.6-pat-fix.patch:
pageattr.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
--- NEW FILE linux-2.6-pat-fix.patch ---
commit 8523acfe40efc1a8d3da8f473ca67cb195b06f0c
Author: Thomas Hellstrom <thellstrom at vmware.com>
Date: Mon Aug 3 09:25:45 2009 +0200
x86: Fix CPA memtype reserving in the set_pages_array*() cases
The code was incorrectly reserving memtypes using the page
virtual address instead of the physical address. Furthermore,
the code was not ignoring highmem pages as it ought to.
( upstream does not pass in highmem pages yet - but upcoming
graphics code will do it and there's no reason to not handle
this properly in the CPA APIs.)
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=13884
Signed-off-by: Thomas Hellstrom <thellstrom at vmware.com>
Acked-by: Suresh Siddha <suresh.b.siddha at intel.com>
Cc: <stable at kernel.org>
Cc: dri-devel at lists.sourceforge.net
Cc: venkatesh.pallipadi at intel.com
LKML-Reference: <1249284345-7654-1-git-send-email-thellstrom at vmware.com>
Signed-off-by: Ingo Molnar <mingo at elte.hu>
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 895d90e..7e600c1 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -591,9 +591,12 @@ static int __change_page_attr(struct cpa_data *cpa, int primary)
unsigned int level;
pte_t *kpte, old_pte;
- if (cpa->flags & CPA_PAGES_ARRAY)
- address = (unsigned long)page_address(cpa->pages[cpa->curpage]);
- else if (cpa->flags & CPA_ARRAY)
+ if (cpa->flags & CPA_PAGES_ARRAY) {
+ struct page *page = cpa->pages[cpa->curpage];
+ if (unlikely(PageHighMem(page)))
+ return 0;
+ address = (unsigned long)page_address(page);
+ } else if (cpa->flags & CPA_ARRAY)
address = cpa->vaddr[cpa->curpage];
else
address = *cpa->vaddr;
@@ -697,9 +700,12 @@ static int cpa_process_alias(struct cpa_data *cpa)
* No need to redo, when the primary call touched the direct
* mapping already:
*/
- if (cpa->flags & CPA_PAGES_ARRAY)
- vaddr = (unsigned long)page_address(cpa->pages[cpa->curpage]);
- else if (cpa->flags & CPA_ARRAY)
+ if (cpa->flags & CPA_PAGES_ARRAY) {
+ struct page *page = cpa->pages[cpa->curpage];
+ if (unlikely(PageHighMem(page)))
+ return 0;
+ vaddr = (unsigned long)page_address(page);
+ } else if (cpa->flags & CPA_ARRAY)
vaddr = cpa->vaddr[cpa->curpage];
else
vaddr = *cpa->vaddr;
@@ -1122,7 +1128,9 @@ int set_pages_array_uc(struct page **pages, int addrinarray)
int free_idx;
for (i = 0; i < addrinarray; i++) {
- start = (unsigned long)page_address(pages[i]);
+ if (PageHighMem(pages[i]))
+ continue;
+ start = page_to_pfn(pages[i]) << PAGE_SHIFT;
end = start + PAGE_SIZE;
if (reserve_memtype(start, end, _PAGE_CACHE_UC_MINUS, NULL))
goto err_out;
@@ -1135,7 +1143,9 @@ int set_pages_array_uc(struct page **pages, int addrinarray)
err_out:
free_idx = i;
for (i = 0; i < free_idx; i++) {
- start = (unsigned long)page_address(pages[i]);
+ if (PageHighMem(pages[i]))
+ continue;
+ start = page_to_pfn(pages[i]) << PAGE_SHIFT;
end = start + PAGE_SIZE;
free_memtype(start, end);
}
@@ -1164,7 +1174,9 @@ int set_pages_array_wb(struct page **pages, int addrinarray)
return retval;
for (i = 0; i < addrinarray; i++) {
- start = (unsigned long)page_address(pages[i]);
+ if (PageHighMem(pages[i]))
+ continue;
+ start = page_to_pfn(pages[i]) << PAGE_SHIFT;
end = start + PAGE_SIZE;
free_memtype(start, end);
}
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1688.4.1
retrieving revision 1.1688.4.2
diff -u -p -r1.1688.4.1 -r1.1688.4.2
--- kernel.spec 11 Aug 2009 23:49:54 -0000 1.1688.4.1
+++ kernel.spec 12 Aug 2009 00:50:19 -0000 1.1688.4.2
@@ -708,6 +708,9 @@ Patch11010: via-hwmon-temp-sensor.patch
Patch12000: linux-2.6-x86-set_memory_wc-fixes.patch
Patch12010: linux-2.6-dell-laptop-rfkill-fix.patch
+# patches already upstream
+Patch12100: linux-2.6-pat-fix.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1130,6 +1133,8 @@ ApplyPatch via-hwmon-temp-sensor.patch
ApplyPatch linux-2.6-x86-set_memory_wc-fixes.patch
ApplyPatch linux-2.6-dell-laptop-rfkill-fix.patch
+ApplyPatch linux-2.6-pat-fix.patch
+
#
# PowerPC
#
@@ -1944,6 +1949,9 @@ fi
# and build.
%changelog
+* Wed Aug 12 2009 Matthew Garrett <mjg at redhat.com>
+- linux-2.6-pat-fix.patch - fix potential memory corruption in KMS
+
* Tue Aug 11 2009 Kyle McMartin <kyle at redhat.com>
- private-f12-2_6_31_rc5-imeanit: LZMA. OFF. I MEAN IT.
- Previous message (by thread): rpms/kernel/devel config-x86-generic, 1.86, 1.86.8.1 config-x86_64-generic, 1.88, 1.88.8.1 kernel.spec, 1.1688, 1.1688.4.1
- Next message (by thread): rpms/gnonlin/devel .cvsignore, 1.15, 1.16 gnonlin.spec, 1.27, 1.28 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list