1 files changed, 63 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch
new file mode 100644
index 00000000..97aed576
--- /dev/null
+++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch
@@ -0,0 +1,63 @@
+From 9476d5b9241f9e02cf2d0b0789e8e229709d54bf Mon Sep 17 00:00:00 2001
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Thu, 3 May 2012 16:14:14 -0400
+Subject: [PATCH 155/165] xen/pte: Fix crashes when trying to see non-existent
+ PGD/PMD/PUD/PTEs
+commit b7e5ffe5d83fa40d702976d77452004abbe35791 upstream.
+If I try to do "cat /sys/kernel/debug/kernel_page_tables"
+I end up with:
+BUG: unable to handle kernel paging request at ffffc7fffffff000
+IP: [<ffffffff8106aa51>] ptdump_show+0x221/0x480
+PGD 0
+Oops: 0000 [#1] SMP
+CPU 0
+.. snip..
+RAX: 0000000000000000 RBX: ffffc00000000fff RCX: 0000000000000000
+RDX: 0000800000000000 RSI: 0000000000000000 RDI: ffffc7fffffff000
+which is due to the fact we are trying to access a PFN that is not
+accessible to us. The reason (at least in this case) was that
+PGD[256] is set to __HYPERVISOR_VIRT_START which was setup (by the
+hypervisor) to point to a read-only linear map of the MFN->PFN array.
+During our parsing we would get the MFN (a valid one), try to look
+it up in the MFN->PFN tree and find it invalid and return ~0 as PFN.
+Then pte_mfn_to_pfn would happilly feed that in, attach the flags
+and return it back to the caller. 'ptdump_show' bitshifts it and
+gets and invalid value that it tries to dereference.
+Instead of doing all of that, we detect the ~0 case and just
+return !_PAGE_PRESENT.
+This bug has been in existence .. at least until 2.6.37 (yikes!)
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ arch/x86/xen/mmu.c |    7 ++++++-
+ 1 files changed, 6 insertions(+), 1 deletions(-)
+diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
+index 87f6673..ec3d603 100644
+--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
+@@ -353,8 +353,13 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
+ {
+        if (val & _PAGE_PRESENT) {
+                unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
+               unsigned long pfn = mfn_to_pfn(mfn);
+
+                pteval_t flags = val & PTE_FLAGS_MASK;
+-               val = ((pteval_t)mfn_to_pfn(mfn) << PAGE_SHIFT) | flags;
+               if (unlikely(pfn == ~0))
+                       val = flags & ~_PAGE_PRESENT;
+               else
+                       val = ((pteval_t)pfn << PAGE_SHIFT) | flags;
+        }
+ 
+        return val;
+-- 
+1.7.7.6

diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch new file mode 100644 index 00000000..97aed576 --- /dev/null +++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.17/0155-xen-pte-Fix-crashes-when-trying-to-see-non-existent-.patch
@@ -0,0 +1,63 @@
	1	From 9476d5b9241f9e02cf2d0b0789e8e229709d54bf Mon Sep 17 00:00:00 2001
	2	From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	3	Date: Thu, 3 May 2012 16:14:14 -0400
	4	Subject: [PATCH 155/165] xen/pte: Fix crashes when trying to see non-existent
	5	PGD/PMD/PUD/PTEs
	6
	7	commit b7e5ffe5d83fa40d702976d77452004abbe35791 upstream.
	8
	9	If I try to do "cat /sys/kernel/debug/kernel_page_tables"
	10	I end up with:
	11
	12	BUG: unable to handle kernel paging request at ffffc7fffffff000
	13	IP: [<ffffffff8106aa51>] ptdump_show+0x221/0x480
	14	PGD 0
	15	Oops: 0000 [#1] SMP
	16	CPU 0
	17	.. snip..
	18	RAX: 0000000000000000 RBX: ffffc00000000fff RCX: 0000000000000000
	19	RDX: 0000800000000000 RSI: 0000000000000000 RDI: ffffc7fffffff000
	20
	21	which is due to the fact we are trying to access a PFN that is not
	22	accessible to us. The reason (at least in this case) was that
	23	PGD[256] is set to __HYPERVISOR_VIRT_START which was setup (by the
	24	hypervisor) to point to a read-only linear map of the MFN->PFN array.
	25	During our parsing we would get the MFN (a valid one), try to look
	26	it up in the MFN->PFN tree and find it invalid and return ~0 as PFN.
	27	Then pte_mfn_to_pfn would happilly feed that in, attach the flags
	28	and return it back to the caller. 'ptdump_show' bitshifts it and
	29	gets and invalid value that it tries to dereference.
	30
	31	Instead of doing all of that, we detect the ~0 case and just
	32	return !_PAGE_PRESENT.
	33
	34	This bug has been in existence .. at least until 2.6.37 (yikes!)
	35
	36	Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	37	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	38	---
	39	arch/x86/xen/mmu.c \| 7 ++++++-
	40	1 files changed, 6 insertions(+), 1 deletions(-)
	41
	42	diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
	43	index 87f6673..ec3d603 100644
	44	--- a/arch/x86/xen/mmu.c
	45	+++ b/arch/x86/xen/mmu.c
	46	@@ -353,8 +353,13 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
	47	{
	48	if (val & _PAGE_PRESENT) {
	49	unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
	50	+ unsigned long pfn = mfn_to_pfn(mfn);
	51	+
	52	pteval_t flags = val & PTE_FLAGS_MASK;
	53	- val = ((pteval_t)mfn_to_pfn(mfn) << PAGE_SHIFT) \| flags;
	54	+ if (unlikely(pfn == ~0))
	55	+ val = flags & ~_PAGE_PRESENT;
	56	+ else
	57	+ val = ((pteval_t)pfn << PAGE_SHIFT) \| flags;
	58	}
	59
	60	return val;
	61	--
	62	1.7.7.6
	63