git.baikalelectronics.ru Git - kernel.git/commit

author	Stuart Bennett <stuart@freedesktop.org>
	Sun, 8 Mar 2009 18:21:35 +0000 (20:21 +0200)
committer	Ingo Molnar <mingo@elte.hu>
	Sun, 8 Mar 2009 18:51:23 +0000 (19:51 +0100)
commit	172b101cd399a200379b756aff0ce6f9e8d35f61
tree	9d4dd9976bbc20709d6f8e0242537f76141bdc7d	tree \| snapshot
parent	66def9e7aca5e75cdb5eccac73eda4d0ef079eab	commit \| diff

x86 mmiotrace: fix remove_kmmio_fault_pages()

Impact: fix race+crash in mmiotrace

The list manipulation in remove_kmmio_fault_pages() was broken. If more
than one consecutive kmmio_fault_page was re-added during the grace
period between unregister_kmmio_probe() and remove_kmmio_fault_pages(),
the list manipulation failed to remove pages from the release list.

After a second grace period the pages get into rcu_free_kmmio_fault_pages()
and raise a BUG_ON() kernel crash.

The list manipulation is fixed to properly remove pages from the release
list.

This bug has been present from the very beginning of mmiotrace in the
mainline kernel. It was introduced in a50b79d4 ("x86: mmiotrace full
patch, preview 1");

An urgent fix for Linus. Tested by Stuart (on 32-bit) and Pekka
(on amd and intel 64-bit systems, nouveau and nvidia proprietary).

Signed-off-by: Stuart Bennett <stuart@freedesktop.org>
Signed-off-by: Pekka Paalanen <pq@iki.fi>
LKML-Reference: <20090308202135.34933feb@daedalus.pq.iki.fi>
Signed-off-by: Ingo Molnar <mingo@elte.hu>