Re: Linux-2.6.12 memory mapping broken

From: Richard B. Johnson
Date: Tue Jun 21 2005 - 15:51:20 EST

On Tue, 21 Jun 2005, Hugh Dickins wrote:

On Mon, 20 Jun 2005, Richard B. Johnson wrote:

To the memory expert that made the massive changes to mm/memory.c:

Code in linux-2.6.12 fails with the following (remap_pfn_range
gets the exact same values):

UNIQUE.dma.len = 04001fe0
About to execute remap_pfn_range
vma->vm_start = 20000000
base address = 30003000
length = 04001fe0 >> PAGE_SHIFT
vma->vm_page_prot = 0000003f
------------[ cut here ]------------
kernel BUG at mm/memory.c:1112!

I can test any patches.

You are right, and it's my fault. May I wriggle a little and point
out that your length is unusual, and even you seem confused whether
you want to map 0x4001 or 0x4002 pages? But the blame lies with me.

The user isn't supposed to be able to map 'my' reserved page, therefore
there is a check in the code which made the number less than what
your code expected, triggering the loop problem.

Please try this patch, which I'll send to Andrew and -stable if you
can confirm that it fixes your problem. remap_pfn_range is, I believe
(and shall recheck), the only exported interface vulnerable to this
loop-termination issue.


--- 2.6.12/mm/memory.c 2005-06-17 20:48:29.000000000 +0100
+++ linux/mm/memory.c 2005-06-21 20:31:42.000000000 +0100
@@ -1164,7 +1164,7 @@ int remap_pfn_range(struct vm_area_struc
pgd_t *pgd;
unsigned long next;
- unsigned long end = addr + size;
+ unsigned long end = addr + PAGE_ALIGN(size);
struct mm_struct *mm = vma->vm_mm;
int err;

Thank you. It works perfectly now.

Dick Johnson
Penguin : Linux version 2.6.12 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at