iommu/amd: Fix BUG when faulting a PROT_NONE VMA

handle_mm_fault indirectly triggers a BUG in do_numa_page when given a VMA without read/write/execute access. Check this condition in do_fault. do_fault -> handle_mm_fault -> handle_pte_fault -> do_numa_page mm/memory.c 3147 static int do_numa_page(struct mm_struct *mm, struct vm_area_struct *vma, .... 3159 /* A PROT_NONE fault should not end up here */ 3160 BUG_ON(!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))); Signed-off-by: Jay Cornwall <jay@jcornwall.me> Cc: <stable@vger.kernel.org> # v4.1+ Signed-off-by: Joerg Roedel <jroedel@suse.de>
author: Jay Cornwall <jay@jcornwall.me> 2015-09-16 14:10:03 -0500
committer: Joerg Roedel <jroedel@suse.de> 2015-10-15 16:13:07 +0200
commit: d14f6fced5f9360edca5a1325ddb7077aab1203b (patch)
tree: 316e2d46b4987b04d6a8a6c7aae18bdef9fbc7c9 /drivers/iommu/amd_iommu_v2.c
parent: 5adad9915472e180712030d730cdc476c6f8a60b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/iommu/amd_iommu_v2.c b/drivers/iommu/amd_iommu_v2.c
index 1131664b918b..d21d4edf7236 100644
--- a/drivers/iommu/amd_iommu_v2.c
+++ b/drivers/iommu/amd_iommu_v2.c
@@ -516,6 +516,13 @@ static void do_fault(struct work_struct *work)
 		goto out;
 	}
 
+	if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) {
+		/* handle_mm_fault would BUG_ON() */
+		up_read(&mm->mmap_sem);
+		handle_fault_error(fault);
+		goto out;
+	}
+
 	ret = handle_mm_fault(mm, vma, address, write);
 	if (ret & VM_FAULT_ERROR) {
 		/* failed to service fault */
author	Jay Cornwall <jay@jcornwall.me>	2015-09-16 14:10:03 -0500
committer	Joerg Roedel <jroedel@suse.de>	2015-10-15 16:13:07 +0200
commit	d14f6fced5f9360edca5a1325ddb7077aab1203b (patch)
tree	316e2d46b4987b04d6a8a6c7aae18bdef9fbc7c9 /drivers/iommu/amd_iommu_v2.c
parent	5adad9915472e180712030d730cdc476c6f8a60b (diff)