aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2006-10-18 12:30:51 -0400
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2006-10-18 12:30:51 -0400
commit833774849d50a59f58e9bdfc3d9c88e682b3596d (patch)
tree5527a4f8e21233a72af48c369917ebe2dc2883df /include
parent2c91971f84be168a35f937dd6c61e56e492b2185 (diff)
[S390] Fix pte type checking.
handle_pte_fault uses pte_present, pte_none and pte_file to find out the type of a pte. That is done without holding the page table lock. This clashes with the way how ptep_clear_flush removes active page table entries from the system. First the ipte instruction is used to invalidate the pte and remove all plt entries for the page. The ipte sets the hardware invalid bit without changing any other bit. After the ipte finished the pte is cleared. A concurrent fault can observe the the previously valid pte with the invalid bit set. With the current encoding of the different pte types an invalidated read-only pte can be misinterpreted as a swap-pte. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'include')
-rw-r--r--include/asm-s390/pgtable.h50
1 files changed, 40 insertions, 10 deletions
diff --git a/include/asm-s390/pgtable.h b/include/asm-s390/pgtable.h
index 519f0a5ff181..36bb6dacf008 100644
--- a/include/asm-s390/pgtable.h
+++ b/include/asm-s390/pgtable.h
@@ -200,18 +200,45 @@ extern char empty_zero_page[PAGE_SIZE];
200 */ 200 */
201 201
202/* Hardware bits in the page table entry */ 202/* Hardware bits in the page table entry */
203#define _PAGE_RO 0x200 /* HW read-only */ 203#define _PAGE_RO 0x200 /* HW read-only bit */
204#define _PAGE_INVALID 0x400 /* HW invalid */ 204#define _PAGE_INVALID 0x400 /* HW invalid bit */
205#define _PAGE_SWT 0x001 /* SW pte type bit t */
206#define _PAGE_SWX 0x002 /* SW pte type bit x */
205 207
206/* Mask and six different types of pages. */ 208/* Six different types of pages. */
207#define _PAGE_TYPE_MASK 0x601
208#define _PAGE_TYPE_EMPTY 0x400 209#define _PAGE_TYPE_EMPTY 0x400
209#define _PAGE_TYPE_NONE 0x401 210#define _PAGE_TYPE_NONE 0x401
210#define _PAGE_TYPE_SWAP 0x600 211#define _PAGE_TYPE_SWAP 0x403
211#define _PAGE_TYPE_FILE 0x601 212#define _PAGE_TYPE_FILE 0x601 /* bit 0x002 is used for offset !! */
212#define _PAGE_TYPE_RO 0x200 213#define _PAGE_TYPE_RO 0x200
213#define _PAGE_TYPE_RW 0x000 214#define _PAGE_TYPE_RW 0x000
214 215
216/*
217 * PTE type bits are rather complicated. handle_pte_fault uses pte_present,
218 * pte_none and pte_file to find out the pte type WITHOUT holding the page
219 * table lock. ptep_clear_flush on the other hand uses ptep_clear_flush to
220 * invalidate a given pte. ipte sets the hw invalid bit and clears all tlbs
221 * for the page. The page table entry is set to _PAGE_TYPE_EMPTY afterwards.
222 * This change is done while holding the lock, but the intermediate step
223 * of a previously valid pte with the hw invalid bit set can be observed by
224 * handle_pte_fault. That makes it necessary that all valid pte types with
225 * the hw invalid bit set must be distinguishable from the four pte types
226 * empty, none, swap and file.
227 *
228 * irxt ipte irxt
229 * _PAGE_TYPE_EMPTY 1000 -> 1000
230 * _PAGE_TYPE_NONE 1001 -> 1001
231 * _PAGE_TYPE_SWAP 1011 -> 1011
232 * _PAGE_TYPE_FILE 11?1 -> 11?1
233 * _PAGE_TYPE_RO 0100 -> 1100
234 * _PAGE_TYPE_RW 0000 -> 1000
235 *
236 * pte_none is true for bits combinations 1000, 1100
237 * pte_present is true for bits combinations 0000, 0010, 0100, 0110, 1001
238 * pte_file is true for bits combinations 1101, 1111
239 * swap pte is 1011 and 0001, 0011, 0101, 0111, 1010 and 1110 are invalid.
240 */
241
215#ifndef __s390x__ 242#ifndef __s390x__
216 243
217/* Bits in the segment table entry */ 244/* Bits in the segment table entry */
@@ -365,18 +392,21 @@ static inline int pmd_bad(pmd_t pmd)
365 392
366static inline int pte_none(pte_t pte) 393static inline int pte_none(pte_t pte)
367{ 394{
368 return (pte_val(pte) & _PAGE_TYPE_MASK) == _PAGE_TYPE_EMPTY; 395 return (pte_val(pte) & _PAGE_INVALID) && !(pte_val(pte) & _PAGE_SWT);
369} 396}
370 397
371static inline int pte_present(pte_t pte) 398static inline int pte_present(pte_t pte)
372{ 399{
373 return !(pte_val(pte) & _PAGE_INVALID) || 400 unsigned long mask = _PAGE_RO | _PAGE_INVALID | _PAGE_SWT | _PAGE_SWX;
374 (pte_val(pte) & _PAGE_TYPE_MASK) == _PAGE_TYPE_NONE; 401 return (pte_val(pte) & mask) == _PAGE_TYPE_NONE ||
402 (!(pte_val(pte) & _PAGE_INVALID) &&
403 !(pte_val(pte) & _PAGE_SWT));
375} 404}
376 405
377static inline int pte_file(pte_t pte) 406static inline int pte_file(pte_t pte)
378{ 407{
379 return (pte_val(pte) & _PAGE_TYPE_MASK) == _PAGE_TYPE_FILE; 408 unsigned long mask = _PAGE_RO | _PAGE_INVALID | _PAGE_SWT;
409 return (pte_val(pte) & mask) == _PAGE_TYPE_FILE;
380} 410}
381 411
382#define pte_same(a,b) (pte_val(a) == pte_val(b)) 412#define pte_same(a,b) (pte_val(a) == pte_val(b))