4 files changed, 7 insertions, 20 deletions
diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c
index 9ee007be9142..369cf065b6a4 100644
--- a/arch/x86/mm/pgtable_32.c
+++ b/arch/x86/mm/pgtable_32.c
@@ -172,10 +172,3 @@ void reserve_top_address(unsigned long reserve)
        __FIXADDR_TOP = -reserve - PAGE_SIZE;
        __VMALLOC_RESERVE += reserve;
 }
-int pmd_bad(pmd_t pmd)
-{
-        WARN_ON_ONCE(pmd_bad_v1(pmd) != pmd_bad_v2(pmd));
-        return pmd_bad_v1(pmd);
-}
diff --git a/include/asm-x86/pgtable_32.h b/include/asm-x86/pgtable_32.h
index 577ab79c4c27..d7f0403bbecb 100644
--- a/include/asm-x86/pgtable_32.h
+++ b/include/asm-x86/pgtable_32.h
@@ -88,14 +88,7 @@ extern unsigned long pg0[];
 /* To avoid harmful races, pmd_none(x) should check only the lower when PAE */
 #define pmd_none(x)     (!(unsigned long)pmd_val((x)))
 #define pmd_present(x)  (pmd_val((x)) & _PAGE_PRESENT)
+#define pmd_bad(x) ((pmd_val(x) & (~PAGE_MASK & ~_PAGE_USER)) != _KERNPG_TABLE)
-extern int pmd_bad(pmd_t pmd);
-#define pmd_bad_v1(x)                                                   \
-        (_KERNPG_TABLE != (pmd_val((x)) & ~(PAGE_MASK | _PAGE_USER)))
-#define pmd_bad_v2(x)                                                   \
-        (_KERNPG_TABLE != (pmd_val((x)) & ~(PAGE_MASK | _PAGE_USER |    \
-                                            _PAGE_PSE | _PAGE_NX)))
 #define pages_to_mb(x) ((x) >> (20-PAGE_SHIFT))
diff --git a/include/asm-x86/pgtable_64.h b/include/asm-x86/pgtable_64.h
index a3bbf8766c1d..efe83dcbd412 100644
--- a/include/asm-x86/pgtable_64.h
+++ b/include/asm-x86/pgtable_64.h
@@ -158,14 +158,12 @@ static inline unsigned long pgd_bad(pgd_t pgd)
 static inline unsigned long pud_bad(pud_t pud)
 {
-        return pud_val(pud) &
+        return pud_val(pud) & ~(PTE_MASK | _KERNPG_TABLE | _PAGE_USER);
-                ~(PTE_MASK | _KERNPG_TABLE | _PAGE_USER | _PAGE_PSE | _PAGE_NX);
 }
 static inline unsigned long pmd_bad(pmd_t pmd)
 {
-        return pmd_val(pmd) &
+        return pmd_val(pmd) & ~(PTE_MASK | _KERNPG_TABLE | _PAGE_USER);
-                ~(PTE_MASK | _KERNPG_TABLE | _PAGE_USER | _PAGE_PSE | _PAGE_NX);
 }
 #define pte_none(x)     (!pte_val((x)))
diff --git a/mm/memory.c b/mm/memory.c
index bbab1e37055e..48c122d42ed7 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -969,7 +969,7 @@ struct page *follow_page(struct vm_area_struct *vma, unsigned long address,
                goto no_page_table;
        
        pmd = pmd_offset(pud, address);
-        if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd)))
+        if (pmd_none(*pmd))
                goto no_page_table;
        if (pmd_huge(*pmd)) {
@@ -978,6 +978,9 @@ struct page *follow_page(struct vm_area_struct *vma, unsigned long address,
                goto out;
        }
+        if (unlikely(pmd_bad(*pmd)))
+                goto no_page_table;
        ptep = pte_offset_map_lock(mm, pmd, address, &ptl);
        if (!ptep)
                goto out;

diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c index 9ee007be9142..369cf065b6a4 100644 --- a/arch/x86/mm/pgtable_32.c +++ b/arch/x86/mm/pgtable_32.c
@@ -172,10 +172,3 @@ void reserve_top_address(unsigned long reserve)
172	__FIXADDR_TOP = -reserve - PAGE_SIZE;	172	__FIXADDR_TOP = -reserve - PAGE_SIZE;
173	__VMALLOC_RESERVE += reserve;	173	__VMALLOC_RESERVE += reserve;
174	}	174	}
175
176	int pmd_bad(pmd_t pmd)
177	{
178	WARN_ON_ONCE(pmd_bad_v1(pmd) != pmd_bad_v2(pmd));
179
180	return pmd_bad_v1(pmd);
181	}


diff --git a/include/asm-x86/pgtable_32.h b/include/asm-x86/pgtable_32.h index 577ab79c4c27..d7f0403bbecb 100644 --- a/include/asm-x86/pgtable_32.h +++ b/include/asm-x86/pgtable_32.h
@@ -88,14 +88,7 @@ extern unsigned long pg0[];
88	/* To avoid harmful races, pmd_none(x) should check only the lower when PAE */	88	/* To avoid harmful races, pmd_none(x) should check only the lower when PAE */
89	#define pmd_none(x) (!(unsigned long)pmd_val((x)))	89	#define pmd_none(x) (!(unsigned long)pmd_val((x)))
90	#define pmd_present(x) (pmd_val((x)) & _PAGE_PRESENT)	90	#define pmd_present(x) (pmd_val((x)) & _PAGE_PRESENT)
91		91	#define pmd_bad(x) ((pmd_val(x) & (~PAGE_MASK & ~_PAGE_USER)) != _KERNPG_TABLE)
92	extern int pmd_bad(pmd_t pmd);
93
94	#define pmd_bad_v1(x) \
95	(_KERNPG_TABLE != (pmd_val((x)) & ~(PAGE_MASK \| _PAGE_USER)))
96	#define pmd_bad_v2(x) \
97	(_KERNPG_TABLE != (pmd_val((x)) & ~(PAGE_MASK \| _PAGE_USER \| \
98	_PAGE_PSE \| _PAGE_NX)))
99		92
100	#define pages_to_mb(x) ((x) >> (20-PAGE_SHIFT))	93	#define pages_to_mb(x) ((x) >> (20-PAGE_SHIFT))
101		94


diff --git a/include/asm-x86/pgtable_64.h b/include/asm-x86/pgtable_64.h index a3bbf8766c1d..efe83dcbd412 100644 --- a/include/asm-x86/pgtable_64.h +++ b/include/asm-x86/pgtable_64.h
@@ -158,14 +158,12 @@ static inline unsigned long pgd_bad(pgd_t pgd)
158		158
159	static inline unsigned long pud_bad(pud_t pud)	159	static inline unsigned long pud_bad(pud_t pud)
160	{	160	{
161	return pud_val(pud) &	161	return pud_val(pud) & ~(PTE_MASK \| _KERNPG_TABLE \| _PAGE_USER);
162	~(PTE_MASK \| _KERNPG_TABLE \| _PAGE_USER \| _PAGE_PSE \| _PAGE_NX);
163	}	162	}
164		163
165	static inline unsigned long pmd_bad(pmd_t pmd)	164	static inline unsigned long pmd_bad(pmd_t pmd)
166	{	165	{
167	return pmd_val(pmd) &	166	return pmd_val(pmd) & ~(PTE_MASK \| _KERNPG_TABLE \| _PAGE_USER);
168	~(PTE_MASK \| _KERNPG_TABLE \| _PAGE_USER \| _PAGE_PSE \| _PAGE_NX);
169	}	167	}
170		168
171	#define pte_none(x) (!pte_val((x)))	169	#define pte_none(x) (!pte_val((x)))


diff --git a/mm/memory.c b/mm/memory.c index bbab1e37055e..48c122d42ed7 100644 --- a/mm/memory.c +++ b/mm/memory.c
@@ -969,7 +969,7 @@ struct page follow_page(struct vm_area_struct vma, unsigned long address,
969	goto no_page_table;	969	goto no_page_table;
970		970
971	pmd = pmd_offset(pud, address);	971	pmd = pmd_offset(pud, address);
972	if (pmd_none(pmd) \|\| unlikely(pmd_bad(pmd)))	972	if (pmd_none(*pmd))
973	goto no_page_table;	973	goto no_page_table;
974		974
975	if (pmd_huge(*pmd)) {	975	if (pmd_huge(*pmd)) {
@@ -978,6 +978,9 @@ struct page follow_page(struct vm_area_struct vma, unsigned long address,
978	goto out;	978	goto out;
979	}	979	}
980		980
		981	if (unlikely(pmd_bad(*pmd)))
		982	goto no_page_table;
		983
981	ptep = pte_offset_map_lock(mm, pmd, address, &ptl);	984	ptep = pte_offset_map_lock(mm, pmd, address, &ptl);
982	if (!ptep)	985	if (!ptep)
983	goto out;	986	goto out;