Red Hat Bugzilla – Bug 452666
CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
Last modified: 2010-12-23 14:02:41 EST
Description of problem:
KAMEZAWA Hiroyuki and Oleg Nesterov point out that since the commit
557ed1fa2620dc119adb86b34c614e152a629a80 ("remove ZERO_PAGE") removed
the ZERO_PAGE from the VM mappings, any users of get_user_pages() will
generally now populate the VM with real empty pages needlessly.
We used to get the ZERO_PAGE when we did the "handle_mm_fault()", but
since fault handling no longer uses ZERO_PAGE for new anonymous pages,
we now need to handle that special case in follow_page() instead.
In particular, the removal of ZERO_PAGE effectively removed the core
file writing optimization where we would skip writing pages that had not
been populated at all, and increased memory pressure a lot by allocating
all those useless newly zeroed pages.
This reinstates the optimization by making the unmapped PTE case the
same as for a non-existent page table, which already did this correctly.
While at it, this also fixes the XIP case for follow_page(), where the
caller could not differentiate between the case of a page that simply
could not be used (because it had no "struct page" associated with it)
and a page that just wasn't mapped.
We do that by simply returning an error pointer for pages that could not
be turned into a "struct page *". The error is arbitrarily picked to be
EFAULT, since that was what get_user_pages() already used for the
equivalent IO-mapped page case.
Version-Release number of selected component (if applicable):
All kernel versions after commit b5810039a54e5babf428e9a1e89fc1940fabff11
Proposed upstream patch to fix this issue:
Please NOTE, the original patch from KAMEZAWA Hiroyuki and Oleg Nesterov
(the above link) did break out the vmware functionality. There is also
upstream fix to resolve these by 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
introduced issues -- the upstream patch to fix the vmware breakage:
This was addressed via:
MRG Realtime for RHEL 5 Server (RHSA-2008:0585)
Red Hat Enterprise Linux version 5 (RHSA-2008:0957)