From ec69c1585679315476ad1a3e32780963f30c7134 Mon Sep 17 00:00:00 2001 From: Andy Lutomirski Date: Sat, 17 May 2014 23:19:24 +1000 Subject: [PATCH] x86,vdso: fix an OOPS accessing the hpet mapping w/o an hpet The oops can be triggered in qemu using -no-hpet (but not nohpet) by reading a couple of pages past the end of the vdso text. This should send SIGBUS instead of OOPSing. The bug was introduced by: commit 7a59ed415f5b57469e22e41fc4188d5399e0b194 Author: Stefani Seibold Date: Mon Mar 17 23:22:09 2014 +0100 x86, vdso: Add 32 bit VDSO time support for 32 bit kernel which is new in 3.15. This will be fixed separately in 3.15, but that patch will not apply to tip/x86/vdso. This is the equivalent fix for tip/x86/vdso and, presumably, 3.16. Signed-off-by: Andy Lutomirski Reported-by: Sasha Levin Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Stefani Seibold Cc: [needs rework for 3.15 and earlier] Signed-off-by: Andrew Morton --- arch/x86/vdso/vma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c index e915eaec4f96..8ad0081df7a8 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -90,6 +90,7 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) struct vm_area_struct *vma; unsigned long addr; int ret = 0; + static struct page *no_pages[] = {NULL}; if (calculate_addr) { addr = vdso_addr(current->mm->start_stack, @@ -125,7 +126,7 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) addr + image->size, image->sym_end_mapping - image->size, VM_READ, - NULL); + no_pages); if (IS_ERR(vma)) { ret = PTR_ERR(vma); -- 2.39.5