From e8c59c0cf9c91dccfb6367c306d753500d5a0150 Mon Sep 17 00:00:00 2001 From: Andrew Burgess Date: Thu, 16 Aug 2007 10:30:46 -0700 Subject: [PATCH] [IA64] Failure to grow RBS There is a bug in the ia64_do_page_fault code that can cause a failure to grow the register backing store, or any mapping that is marked as VM_GROWSUP if the mapping is the highest mapped area of memory. When the address accessed is below the first mapping the previous mapping is returned as NULL, and this case is handled. However, when the address accessed is above the highest mapping the vma returned is NULL, this case is not handled correctly, and it fails to spot that this access might require an existing mapping to grow upwards. Signed-off-by: Andrew Burgess Signed-off-by: Tony Luck --- arch/ia64/mm/fault.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c index 73ccb6010c05..9150ffaff9e8 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -112,11 +112,17 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re down_read(&mm->mmap_sem); vma = find_vma_prev(mm, address, &prev_vma); - if (!vma) + if (!vma && !prev_vma ) goto bad_area; - /* find_vma_prev() returns vma such that address < vma->vm_end or NULL */ - if (address < vma->vm_start) + /* + * find_vma_prev() returns vma such that address < vma->vm_end or NULL + * + * May find no vma, but could be that the last vm area is the + * register backing store that needs to expand upwards, in + * this case vma will be null, but prev_vma will ne non-null + */ + if (( !vma && prev_vma ) || (address < vma->vm_start) ) goto check_expansion; good_area: @@ -172,6 +178,8 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re check_expansion: if (!(prev_vma && (prev_vma->vm_flags & VM_GROWSUP) && (address == prev_vma->vm_end))) { + if (!vma) + goto bad_area; if (!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if (REGION_NUMBER(address) != REGION_NUMBER(vma->vm_start) -- 2.39.5