diff options
author | Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> | 2005-09-23 08:44:16 +0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-23 09:17:36 +0400 |
commit | 546fe1cbf91d4d62e3849517c31a2327c992e5c5 (patch) | |
tree | c2be2cd1eb19e04c49d22ec77119973fa8f0ea13 /arch/um/kernel/tt/uaccess_user.c | |
parent | 69e1e688f5698287b45fbff22a01de91b20804cd (diff) | |
download | linux-546fe1cbf91d4d62e3849517c31a2327c992e5c5.tar.xz |
[PATCH] uml: fix hang in TT mode on fault
The current code doesn't handle well general protection faults on the host -
it thinks that cr2 is always the address of a page fault. While actually, on
general protection faults, that address is not accessible, so we'd better
assume we couldn't satisfy the fault. Currently instead we think we've fixed
it, so we go back, retry the instruction and fault again endlessly.
This leads to the kernel hanging when doing copy_from_user(dest, -1, ...) in
TT mode, since reading *(-1) causes a GFP, and we don't support kernel
preemption.
Thanks to Luo Xin for testing UML with LTP and reporting the failures he got.
Cc: Luo Xin <luothing@sina.com>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/um/kernel/tt/uaccess_user.c')
-rw-r--r-- | arch/um/kernel/tt/uaccess_user.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/arch/um/kernel/tt/uaccess_user.c b/arch/um/kernel/tt/uaccess_user.c index f01475512ecb..8c220f054b61 100644 --- a/arch/um/kernel/tt/uaccess_user.c +++ b/arch/um/kernel/tt/uaccess_user.c @@ -22,8 +22,15 @@ int __do_copy_from_user(void *to, const void *from, int n, __do_copy, &faulted); TASK_REGS(get_current())->tt = save; - if(!faulted) return(0); - else return(n - (fault - (unsigned long) from)); + if(!faulted) + return 0; + else if (fault) + return n - (fault - (unsigned long) from); + else + /* In case of a general protection fault, we don't have the + * fault address, so NULL is used instead. Pretend we didn't + * copy anything. */ + return n; } static void __do_strncpy(void *dst, const void *src, int count) |