[PATCH] lock PTE before updating it in 440/BookE page fault handler

Fix 44x and BookE page fault handler to correctly lock PTE before trying to pte_update() it, otherwise this PTE might be swapped out after pte_present() check but before pte_uptdate() call, resulting in corrupted PTE. This can happen with enabled preemption and low memory condition. Signed-off-by: Eugene Surovegin <ebs@ebshome.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
author: Eugene Surovegin <ebs@ebshome.net> 2006-03-28 13:13:12 -0500
committer: Paul Mackerras <paulus@samba.org> 2006-03-28 21:44:15 -0500
commit: bab70a4af737f623de5b034976a311055308ab86 (patch)
tree: f8c0e9463de01323db2cb1a62f4eb83adb5ce7ca /arch/powerpc/mm/fault.c
parent: bac30d1a78d0f11c613968fc8b351a91ed465386 (diff)
1 files changed, 17 insertions, 13 deletions
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index ec4adcb4bc28..5aea0909a5ec 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -267,25 +267,29 @@ good_area:
 #endif
 #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
                pte_t *ptep;
+                pmd_t *pmdp;
                /* Since 4xx/Book-E supports per-page execute permission,
                 * we lazily flush dcache to icache. */
                ptep = NULL;
-                if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) {
+                if (get_pteptr(mm, address, &ptep, &pmdp)) {
-                        struct page *page = pte_page(*ptep);
+                        spinlock_t *ptl = pte_lockptr(mm, pmdp);
+                        spin_lock(ptl);
-                        if (! test_bit(PG_arch_1, &page->flags)) {
+                        if (pte_present(*ptep)) {
-                                flush_dcache_icache_page(page);
+                                struct page *page = pte_page(*ptep);
-                                set_bit(PG_arch_1, &page->flags);
+                                if (!test_bit(PG_arch_1, &page->flags)) {
+                                        flush_dcache_icache_page(page);
+                                        set_bit(PG_arch_1, &page->flags);
+                                }
+                                pte_update(ptep, 0, _PAGE_HWEXEC);
+                                _tlbie(address);
+                                pte_unmap_unlock(ptep, ptl);
+                                up_read(&mm->mmap_sem);
+                                return 0;
                        }
-                        pte_update(ptep, 0, _PAGE_HWEXEC);
+                        pte_unmap_unlock(ptep, ptl);
-                        _tlbie(address);
-                        pte_unmap(ptep);
-                        up_read(&mm->mmap_sem);
-                        return 0;
                }
-                if (ptep != NULL)
-                        pte_unmap(ptep);
 #endif
        /* a write */
        } else if (is_write) {
author	Eugene Surovegin <ebs@ebshome.net>	2006-03-28 13:13:12 -0500
committer	Paul Mackerras <paulus@samba.org>	2006-03-28 21:44:15 -0500
commit	bab70a4af737f623de5b034976a311055308ab86 (patch)
tree	f8c0e9463de01323db2cb1a62f4eb83adb5ce7ca /arch/powerpc/mm/fault.c
parent	bac30d1a78d0f11c613968fc8b351a91ed465386 (diff)

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index ec4adcb4bc28..5aea0909a5ec 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c
@@ -267,25 +267,29 @@ good_area:
267	#endif	267	#endif
268	#if defined(CONFIG_4xx) \|\| defined(CONFIG_BOOKE)	268	#if defined(CONFIG_4xx) \|\| defined(CONFIG_BOOKE)
269	pte_t *ptep;	269	pte_t *ptep;
		270	pmd_t *pmdp;
270		271
271	/* Since 4xx/Book-E supports per-page execute permission,	272	/* Since 4xx/Book-E supports per-page execute permission,
272	* we lazily flush dcache to icache. */	273	* we lazily flush dcache to icache. */
273	ptep = NULL;	274	ptep = NULL;
274	if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) {	275	if (get_pteptr(mm, address, &ptep, &pmdp)) {
275	struct page page = pte_page(ptep);	276	spinlock_t *ptl = pte_lockptr(mm, pmdp);
276		277	spin_lock(ptl);
277	if (! test_bit(PG_arch_1, &page->flags)) {	278	if (pte_present(*ptep)) {
278	flush_dcache_icache_page(page);	279	struct page page = pte_page(ptep);
279	set_bit(PG_arch_1, &page->flags);	280
		281	if (!test_bit(PG_arch_1, &page->flags)) {
		282	flush_dcache_icache_page(page);
		283	set_bit(PG_arch_1, &page->flags);
		284	}
		285	pte_update(ptep, 0, _PAGE_HWEXEC);
		286	_tlbie(address);
		287	pte_unmap_unlock(ptep, ptl);
		288	up_read(&mm->mmap_sem);
		289	return 0;
280	}	290	}
281	pte_update(ptep, 0, _PAGE_HWEXEC);	291	pte_unmap_unlock(ptep, ptl);
282	_tlbie(address);
283	pte_unmap(ptep);
284	up_read(&mm->mmap_sem);
285	return 0;
286	}	292	}
287	if (ptep != NULL)
288	pte_unmap(ptep);
289	#endif	293	#endif
290	/* a write */	294	/* a write */
291	} else if (is_write) {	295	} else if (is_write) {