On Wed, Aug 25, 2021 at 11:47:10AM -0700, Dave Hansen wrote:
On 8/19/21 6:27 AM, Mike Rapoport wrote:
Such PMDs are created when free_kernel_image_pages() frees regions larger than 2Mb. In this case a part of the freed memory is mapped with PMDs and the set_memory_np_noalias() -> ... -> __change_page_attr() sequence will mark the PMD as not present rather than wipe it completely.
Make kern_addr_valid() to check whether higher level page table entries are present before trying to dereference them to fix this issue and to avoid similar issues in the future.
Reported-by: Jiri Olsa jolsa@redhat.com Signed-off-by: Mike Rapoport rppt@linux.ibm.com Cc: stable@vger.kernel.org # 4.4... pmd = pmd_offset(pud, addr);
- if (pmd_none(*pmd))
- if (!pmd_present(*pmd)) return 0;
Yeah, that seems like the right fix. The one kern_addr_valid() user is going to touch the memory so it *better* be present. p*d_none() was definitely the wrong check.
Acked-by: Dave Hansen dave.hansen@intel.com
So I did stare at this for a while, trying to make sense of it and David Hildenbrand asked for a Fixes: tag in v1 review and from doing a bit of git archeology I think it should be:
c40a56a7818c ("x86/mm/init: Remove freed kernel image areas from alias mapping")
because that thing added the clearing of the Present bit for the high kernel image mapping of those areas.
Right?