1 files changed, 38 insertions, 22 deletions
diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
index b8c4e259fc8b..f534c29e80b2 100644
--- a/arch/i386/mm/fault.c
+++ b/arch/i386/mm/fault.c
@@ -20,6 +20,7 @@
 #include <linux/tty.h>
 #include <linux/vt_kern.h>              /* For unblank_screen() */
 #include <linux/highmem.h>
+#include <linux/bootmem.h>              /* for max_low_pfn */
 #include <linux/module.h>
 #include <linux/kprobes.h>
 #include <linux/uaccess.h>
@@ -301,7 +302,6 @@ fastcall void __kprobes do_page_fault(struct pt_regs *regs,
        struct mm_struct *mm;
        struct vm_area_struct * vma;
        unsigned long address;
-        unsigned long page;
        int write, si_code;
        /* get the address */
@@ -510,7 +510,9 @@ no_context:
        bust_spinlocks(1);
        if (oops_may_print()) {
-        #ifdef CONFIG_X86_PAE
+                __typeof__(pte_val(__pte(0))) page;
+#ifdef CONFIG_X86_PAE
                if (error_code & 16) {
                        pte_t *pte = lookup_address(address);
@@ -519,7 +521,7 @@ no_context:
                                        "NX-protected page - exploit attempt? "
                                        "(uid: %d)\n", current->uid);
                }
-        #endif
+#endif
                if (address < PAGE_SIZE)
                        printk(KERN_ALERT "BUG: unable to handle kernel NULL "
                                        "pointer dereference");
@@ -529,25 +531,38 @@ no_context:
                printk(" at virtual address %08lx\n",address);
                printk(KERN_ALERT " printing eip:\n");
                printk("%08lx\n", regs->eip);
-        }
-        page = read_cr3();
+                page = read_cr3();
-        page = ((unsigned long *) __va(page))[address >> 22];
+                page = ((__typeof__(page) *) __va(page))[address >> PGDIR_SHIFT];
-        if (oops_may_print())
+#ifdef CONFIG_X86_PAE
+                printk(KERN_ALERT "*pdpt = %016Lx\n", page);
+                if ((page >> PAGE_SHIFT) < max_low_pfn
+                    && page & _PAGE_PRESENT) {
+                        page &= PAGE_MASK;
+                        page = ((__typeof__(page) *) __va(page))[(address >> PMD_SHIFT)
+                                                                 & (PTRS_PER_PMD - 1)];
+                        printk(KERN_ALERT "*pde = %016Lx\n", page);
+                        page &= ~_PAGE_NX;
+                }
+#else
                printk(KERN_ALERT "*pde = %08lx\n", page);
-        /*
-         * We must not directly access the pte in the highpte
-         * case, the page table might be allocated in highmem.
-         * And lets rather not kmap-atomic the pte, just in case
-         * it's allocated already.
-         */
-#ifndef CONFIG_HIGHPTE
-        if ((page & 1) && oops_may_print()) {
-                page &= PAGE_MASK;
-                address &= 0x003ff000;
-                page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT];
-                printk(KERN_ALERT "*pte = %08lx\n", page);
-        }
 #endif
+                /*
+                 * We must not directly access the pte in the highpte
+                 * case if the page table is located in highmem.
+                 * And let's rather not kmap-atomic the pte, just in case
+                 * it's allocated already.
+                 */
+                if ((page >> PAGE_SHIFT) < max_low_pfn
+                    && (page & _PAGE_PRESENT)) {
+                        page &= PAGE_MASK;
+                        page = ((__typeof__(page) *) __va(page))[(address >> PAGE_SHIFT)
+                                                                 & (PTRS_PER_PTE - 1)];
+                        printk(KERN_ALERT "*pte = %0*Lx\n", sizeof(page)*2, (u64)page);
+                }
+        }
        tsk->thread.cr2 = address;
        tsk->thread.trap_no = 14;
        tsk->thread.error_code = error_code;
@@ -588,7 +603,6 @@ do_sigbus:
        force_sig_info_fault(SIGBUS, BUS_ADRERR, address, tsk);
 }
-#ifndef CONFIG_X86_PAE
 void vmalloc_sync_all(void)
 {
        /*
@@ -601,6 +615,9 @@ void vmalloc_sync_all(void)
        static unsigned long start = TASK_SIZE;
        unsigned long address;
+        if (SHARED_KERNEL_PMD)
+                return;
        BUILD_BUG_ON(TASK_SIZE & ~PGDIR_MASK);
        for (address = start; address >= TASK_SIZE; address += PGDIR_SIZE) {
                if (!test_bit(pgd_index(address), insync)) {
@@ -623,4 +640,3 @@ void vmalloc_sync_all(void)
                        start = address + PGDIR_SIZE;
        }
 }
-#endif

diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c index b8c4e259fc8b..f534c29e80b2 100644 --- a/arch/i386/mm/fault.c +++ b/arch/i386/mm/fault.c
@@ -20,6 +20,7 @@
20	#include <linux/tty.h>	20	#include <linux/tty.h>
21	#include <linux/vt_kern.h> /* For unblank_screen() */	21	#include <linux/vt_kern.h> /* For unblank_screen() */
22	#include <linux/highmem.h>	22	#include <linux/highmem.h>
		23	#include <linux/bootmem.h> /* for max_low_pfn */
23	#include <linux/module.h>	24	#include <linux/module.h>
24	#include <linux/kprobes.h>	25	#include <linux/kprobes.h>
25	#include <linux/uaccess.h>	26	#include <linux/uaccess.h>
@@ -301,7 +302,6 @@ fastcall void __kprobes do_page_fault(struct pt_regs *regs,
301	struct mm_struct *mm;	302	struct mm_struct *mm;
302	struct vm_area_struct * vma;	303	struct vm_area_struct * vma;
303	unsigned long address;	304	unsigned long address;
304	unsigned long page;
305	int write, si_code;	305	int write, si_code;
306		306
307	/* get the address */	307	/* get the address */
@@ -510,7 +510,9 @@ no_context:
510	bust_spinlocks(1);	510	bust_spinlocks(1);
511		511
512	if (oops_may_print()) {	512	if (oops_may_print()) {
513	#ifdef CONFIG_X86_PAE	513	__typeof__(pte_val(__pte(0))) page;
		514
		515	#ifdef CONFIG_X86_PAE
514	if (error_code & 16) {	516	if (error_code & 16) {
515	pte_t *pte = lookup_address(address);	517	pte_t *pte = lookup_address(address);
516		518
@@ -519,7 +521,7 @@ no_context:
519	"NX-protected page - exploit attempt? "	521	"NX-protected page - exploit attempt? "
520	"(uid: %d)\n", current->uid);	522	"(uid: %d)\n", current->uid);
521	}	523	}
522	#endif	524	#endif
523	if (address < PAGE_SIZE)	525	if (address < PAGE_SIZE)
524	printk(KERN_ALERT "BUG: unable to handle kernel NULL "	526	printk(KERN_ALERT "BUG: unable to handle kernel NULL "
525	"pointer dereference");	527	"pointer dereference");
@@ -529,25 +531,38 @@ no_context:
529	printk(" at virtual address %08lx\n",address);	531	printk(" at virtual address %08lx\n",address);
530	printk(KERN_ALERT " printing eip:\n");	532	printk(KERN_ALERT " printing eip:\n");
531	printk("%08lx\n", regs->eip);	533	printk("%08lx\n", regs->eip);
532	}	534
533	page = read_cr3();	535	page = read_cr3();
534	page = ((unsigned long *) __va(page))[address >> 22];	536	page = ((__typeof__(page) *) __va(page))[address >> PGDIR_SHIFT];
535	if (oops_may_print())	537	#ifdef CONFIG_X86_PAE
		538	printk(KERN_ALERT "*pdpt = %016Lx\n", page);
		539	if ((page >> PAGE_SHIFT) < max_low_pfn
		540	&& page & _PAGE_PRESENT) {
		541	page &= PAGE_MASK;
		542	page = ((__typeof__(page) *) __va(page))[(address >> PMD_SHIFT)
		543	& (PTRS_PER_PMD - 1)];
		544	printk(KERN_ALERT "*pde = %016Lx\n", page);
		545	page &= ~_PAGE_NX;
		546	}
		547	#else
536	printk(KERN_ALERT "*pde = %08lx\n", page);	548	printk(KERN_ALERT "*pde = %08lx\n", page);
537	/*
538	* We must not directly access the pte in the highpte
539	* case, the page table might be allocated in highmem.
540	* And lets rather not kmap-atomic the pte, just in case
541	* it's allocated already.
542	*/
543	#ifndef CONFIG_HIGHPTE
544	if ((page & 1) && oops_may_print()) {
545	page &= PAGE_MASK;
546	address &= 0x003ff000;
547	page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT];
548	printk(KERN_ALERT "*pte = %08lx\n", page);
549	}
550	#endif	549	#endif
		550
		551	/*
		552	* We must not directly access the pte in the highpte
		553	* case if the page table is located in highmem.
		554	* And let's rather not kmap-atomic the pte, just in case
		555	* it's allocated already.
		556	*/
		557	if ((page >> PAGE_SHIFT) < max_low_pfn
		558	&& (page & _PAGE_PRESENT)) {
		559	page &= PAGE_MASK;
		560	page = ((__typeof__(page) *) __va(page))[(address >> PAGE_SHIFT)
		561	& (PTRS_PER_PTE - 1)];
		562	printk(KERN_ALERT "pte = %0Lx\n", sizeof(page)*2, (u64)page);
		563	}
		564	}
		565
551	tsk->thread.cr2 = address;	566	tsk->thread.cr2 = address;
552	tsk->thread.trap_no = 14;	567	tsk->thread.trap_no = 14;
553	tsk->thread.error_code = error_code;	568	tsk->thread.error_code = error_code;
@@ -588,7 +603,6 @@ do_sigbus:
588	force_sig_info_fault(SIGBUS, BUS_ADRERR, address, tsk);	603	force_sig_info_fault(SIGBUS, BUS_ADRERR, address, tsk);
589	}	604	}
590		605
591	#ifndef CONFIG_X86_PAE
592	void vmalloc_sync_all(void)	606	void vmalloc_sync_all(void)
593	{	607	{
594	/*	608	/*
@@ -601,6 +615,9 @@ void vmalloc_sync_all(void)
601	static unsigned long start = TASK_SIZE;	615	static unsigned long start = TASK_SIZE;
602	unsigned long address;	616	unsigned long address;
603		617
		618	if (SHARED_KERNEL_PMD)
		619	return;
		620
604	BUILD_BUG_ON(TASK_SIZE & ~PGDIR_MASK);	621	BUILD_BUG_ON(TASK_SIZE & ~PGDIR_MASK);
605	for (address = start; address >= TASK_SIZE; address += PGDIR_SIZE) {	622	for (address = start; address >= TASK_SIZE; address += PGDIR_SIZE) {
606	if (!test_bit(pgd_index(address), insync)) {	623	if (!test_bit(pgd_index(address), insync)) {
@@ -623,4 +640,3 @@ void vmalloc_sync_all(void)
623	start = address + PGDIR_SIZE;	640	start = address + PGDIR_SIZE;
624	}	641	}
625	}	642	}
626	#endif