[PATCH] lock PTE before updating it in 440/BookE page fault handler

Fix 44x and BookE page fault handler to correctly lock PTE before trying to pte_update() it, otherwise this PTE might be swapped out after pte_present() check but before pte_uptdate() call, resulting in corrupted PTE. This can happen with enabled preemption and low memory condition. Signed-off-by: Eugene Surovegin <ebs@ebshome.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
author: Eugene Surovegin <ebs@ebshome.net> 2006-03-28 13:13:12 -0500
committer: Paul Mackerras <paulus@samba.org> 2006-03-28 21:44:15 -0500
commit: bab70a4af737f623de5b034976a311055308ab86 (patch)
tree: f8c0e9463de01323db2cb1a62f4eb83adb5ce7ca /arch/ppc/mm/fault.c
parent: bac30d1a78d0f11c613968fc8b351a91ed465386 (diff)
1 files changed, 17 insertions, 13 deletions
diff --git a/arch/ppc/mm/fault.c b/arch/ppc/mm/fault.c
index 0217188ef465..8e08ca32531a 100644
--- a/arch/ppc/mm/fault.c
+++ b/arch/ppc/mm/fault.c
@@ -202,6 +202,7 @@ good_area:
        /* an exec  - 4xx/Book-E allows for per-page execute permission */
        } else if (TRAP(regs) == 0x400) {
                pte_t *ptep;
+                pmd_t *pmdp;
 #if 0
                /* It would be nice to actually enforce the VM execute
@@ -215,21 +216,24 @@ good_area:
                /* Since 4xx/Book-E supports per-page execute permission,
                 * we lazily flush dcache to icache. */
                ptep = NULL;
-                if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) {
+                if (get_pteptr(mm, address, &ptep, &pmdp)) {
-                        struct page *page = pte_page(*ptep);
+                        spinlock_t *ptl = pte_lockptr(mm, pmdp);
+                        spin_lock(ptl);
-                        if (! test_bit(PG_arch_1, &page->flags)) {
+                        if (pte_present(*ptep)) {
-                                flush_dcache_icache_page(page);
+                                struct page *page = pte_page(*ptep);
-                                set_bit(PG_arch_1, &page->flags);
+                                if (!test_bit(PG_arch_1, &page->flags)) {
+                                        flush_dcache_icache_page(page);
+                                        set_bit(PG_arch_1, &page->flags);
+                                }
+                                pte_update(ptep, 0, _PAGE_HWEXEC);
+                                _tlbie(address);
+                                pte_unmap_unlock(ptep, ptl);
+                                up_read(&mm->mmap_sem);
+                                return 0;
                        }
-                        pte_update(ptep, 0, _PAGE_HWEXEC);
+                        pte_unmap_unlock(ptep, ptl);
-                        _tlbie(address);
-                        pte_unmap(ptep);
-                        up_read(&mm->mmap_sem);
-                        return 0;
                }
-                if (ptep != NULL)
-                        pte_unmap(ptep);
 #endif
        /* a read */
        } else {
author	Eugene Surovegin <ebs@ebshome.net>	2006-03-28 13:13:12 -0500
committer	Paul Mackerras <paulus@samba.org>	2006-03-28 21:44:15 -0500
commit	bab70a4af737f623de5b034976a311055308ab86 (patch)
tree	f8c0e9463de01323db2cb1a62f4eb83adb5ce7ca /arch/ppc/mm/fault.c
parent	bac30d1a78d0f11c613968fc8b351a91ed465386 (diff)

diff --git a/arch/ppc/mm/fault.c b/arch/ppc/mm/fault.c index 0217188ef465..8e08ca32531a 100644 --- a/arch/ppc/mm/fault.c +++ b/arch/ppc/mm/fault.c
@@ -202,6 +202,7 @@ good_area:
202	/* an exec - 4xx/Book-E allows for per-page execute permission */	202	/* an exec - 4xx/Book-E allows for per-page execute permission */
203	} else if (TRAP(regs) == 0x400) {	203	} else if (TRAP(regs) == 0x400) {
204	pte_t *ptep;	204	pte_t *ptep;
		205	pmd_t *pmdp;
205		206
206	#if 0	207	#if 0
207	/* It would be nice to actually enforce the VM execute	208	/* It would be nice to actually enforce the VM execute
@@ -215,21 +216,24 @@ good_area:
215	/* Since 4xx/Book-E supports per-page execute permission,	216	/* Since 4xx/Book-E supports per-page execute permission,
216	* we lazily flush dcache to icache. */	217	* we lazily flush dcache to icache. */
217	ptep = NULL;	218	ptep = NULL;
218	if (get_pteptr(mm, address, &ptep) && pte_present(*ptep)) {	219	if (get_pteptr(mm, address, &ptep, &pmdp)) {
219	struct page page = pte_page(ptep);	220	spinlock_t *ptl = pte_lockptr(mm, pmdp);
220		221	spin_lock(ptl);
221	if (! test_bit(PG_arch_1, &page->flags)) {	222	if (pte_present(*ptep)) {
222	flush_dcache_icache_page(page);	223	struct page page = pte_page(ptep);
223	set_bit(PG_arch_1, &page->flags);	224
		225	if (!test_bit(PG_arch_1, &page->flags)) {
		226	flush_dcache_icache_page(page);
		227	set_bit(PG_arch_1, &page->flags);
		228	}
		229	pte_update(ptep, 0, _PAGE_HWEXEC);
		230	_tlbie(address);
		231	pte_unmap_unlock(ptep, ptl);
		232	up_read(&mm->mmap_sem);
		233	return 0;
224	}	234	}
225	pte_update(ptep, 0, _PAGE_HWEXEC);	235	pte_unmap_unlock(ptep, ptl);
226	_tlbie(address);
227	pte_unmap(ptep);
228	up_read(&mm->mmap_sem);
229	return 0;
230	}	236	}
231	if (ptep != NULL)
232	pte_unmap(ptep);
233	#endif	237	#endif
234	/* a read */	238	/* a read */
235	} else {	239	} else {