diff mbox

x86/xen: suppress hugetlbfs in PV guests

Message ID 57188ED802000078000E431C@prv-mh.provo.novell.com (mailing list archive)
State New, archived
Headers show

Commit Message

Jan Beulich April 21, 2016, 6:27 a.m. UTC
Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:

kernel BUG at .../fs/hugetlbfs/inode.c:428!
invalid opcode: 0000 [#1] SMP 
Modules linked in: ...
Supported: Yes
CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G        W         4.4.0-2016-01-20-pv #2
Hardware name: ...
task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
RSP: e02b:ffff880803c879a8  EFLAGS: 00010202
RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
FS:  00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
Stack:
 ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
 ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
 ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
Call Trace:
 [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
 [<ffffffff81167b3d>] evict+0xbd/0x1b0
 [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
 [<ffffffff81165b0e>] dput+0x1fe/0x220
 [<ffffffff81150535>] __fput+0x155/0x200
 [<ffffffff81079fc0>] task_work_run+0x60/0xa0
 [<ffffffff81063510>] do_exit+0x160/0x400
 [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
 [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
 [<ffffffff8100f854>] do_signal+0x14/0x110
 [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
 [<ffffffff814178a5>] retint_user+0x8/0x13

This is CVE-2016-3961 / XSA-174.

Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org 
---
 arch/x86/include/asm/hugetlb.h |    1 +
 1 file changed, 1 insertion(+)
diff mbox

Patch

--- 4.6-rc4/arch/x86/include/asm/hugetlb.h
+++ 4.6-rc4-xsa174/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@ 
 #include <asm/page.h>
 #include <asm-generic/hugetlb.h>
 
+#define hugepages_supported() cpu_has_pse
 
 static inline int is_hugepage_only_range(struct mm_struct *mm,
 					 unsigned long addr,