3 files changed, 41 insertions, 34 deletions

diff --git a/arch/x86_64/mm/fault.c b/arch/x86_64/mm/fault.c
index 3751b4788e28..a65fc6f1dcaf 100644
--- a/arch/x86_64/mm/fault.c
+++ b/arch/x86_64/mm/fault.c
@@ -23,9 +23,9 @@
 #include <linux/compiler.h>
 #include <linux/module.h>
 #include <linux/kprobes.h>
+#include <linux/uaccess.h>
 
 #include <asm/system.h>
-#include <asm/uaccess.h>
 #include <asm/pgalloc.h>
 #include <asm/smp.h>
 #include <asm/tlbflush.h>
@@ -96,7 +96,7 @@ void bust_spinlocks(int yes)
 static noinline int is_prefetch(struct pt_regs *regs, unsigned long addr,
                                 unsigned long error_code)
 { 
-        unsigned char __user *instr;
+        unsigned char *instr;
         int scan_more = 1;
         int prefetch = 0; 
         unsigned char *max_instr;
@@ -116,7 +116,7 @@ static noinline int is_prefetch(struct pt_regs *regs, unsigned long addr,
                 unsigned char instr_hi;
                 unsigned char instr_lo;
 
-                if (__get_user(opcode, (char __user *)instr))
+                if (probe_kernel_address(instr, opcode))
                         break; 
 
                 instr_hi = opcode & 0xf0; 
@@ -154,7 +154,7 @@ static noinline int is_prefetch(struct pt_regs *regs, unsigned long addr,
                 case 0x00:
                         /* Prefetch instruction is 0x0F0D or 0x0F18 */
                         scan_more = 0;
-                        if (__get_user(opcode, (char __user *)instr))
+                        if (probe_kernel_address(instr, opcode))
                                 break;
                         prefetch = (instr_lo == 0xF) &&
                                 (opcode == 0x0D || opcode == 0x18);
@@ -170,7 +170,7 @@ static noinline int is_prefetch(struct pt_regs *regs, unsigned long addr,
 static int bad_address(void *p) 
 { 
         unsigned long dummy;
-        return __get_user(dummy, (unsigned long __user *)p);
+        return probe_kernel_address((unsigned long *)p, dummy);
 } 
 
 void dump_pagetable(unsigned long address)
diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
index 4c0c00ef3ca7..2968b90ef8ad 100644
--- a/arch/x86_64/mm/init.c
+++ b/arch/x86_64/mm/init.c
@@ -730,14 +730,15 @@ static __init int x8664_sysctl_init(void)
 __initcall(x8664_sysctl_init);
 #endif
 
-/* A pseudo VMAs to allow ptrace access for the vsyscall page.   This only
+/* A pseudo VMA to allow ptrace access for the vsyscall page.  This only
    covers the 64bit vsyscall page now. 32bit has a real VMA now and does
    not need special handling anymore. */
 
 static struct vm_area_struct gate_vma = {
         .vm_start = VSYSCALL_START,
-        .vm_end = VSYSCALL_END,
-        .vm_page_prot = PAGE_READONLY
+        .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES << PAGE_SHIFT),
+        .vm_page_prot = PAGE_READONLY_EXEC,
+        .vm_flags = VM_READ | VM_EXEC
 };
 
 struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
diff --git a/arch/x86_64/mm/pageattr.c b/arch/x86_64/mm/pageattr.c
index 3e231d762aaa..ccb91dd996a9 100644
--- a/arch/x86_64/mm/pageattr.c
+++ b/arch/x86_64/mm/pageattr.c
@@ -61,34 +61,40 @@ static struct page *split_large_page(unsigned long address, pgprot_t prot,
         return base;
 } 
 
-
-static void flush_kernel_map(void *address) 
+static void cache_flush_page(void *adr)
 {
-        if (0 && address && cpu_has_clflush) {
-                /* is this worth it? */ 
-                int i;
-                for (i = 0; i < PAGE_SIZE; i += boot_cpu_data.x86_clflush_size) 
-                        asm volatile("clflush (%0)" :: "r" (address + i)); 
-        } else
-                asm volatile("wbinvd":::"memory"); 
-        if (address)
-                __flush_tlb_one(address);
-        else
-                __flush_tlb_all();
+        int i;
+        for (i = 0; i < PAGE_SIZE; i += boot_cpu_data.x86_clflush_size)
+                asm volatile("clflush (%0)" :: "r" (adr + i));
 }
 
+static void flush_kernel_map(void *arg)
+{
+        struct list_head *l = (struct list_head *)arg;
+        struct page *pg;
+
+        /* When clflush is available always use it because it is
+           much cheaper than WBINVD */
+        if (!cpu_has_clflush)
+                asm volatile("wbinvd" ::: "memory");
+        list_for_each_entry(pg, l, lru) {
+                void *adr = page_address(pg);
+                if (cpu_has_clflush)
+                        cache_flush_page(adr);
+                __flush_tlb_one(adr);
+        }
+}
 
-static inline void flush_map(unsigned long address)
+static inline void flush_map(struct list_head *l)
 {       
-        on_each_cpu(flush_kernel_map, (void *)address, 1, 1);
+        on_each_cpu(flush_kernel_map, l, 1, 1);
 }
 
-static struct page *deferred_pages; /* protected by init_mm.mmap_sem */
+static LIST_HEAD(deferred_pages); /* protected by init_mm.mmap_sem */
 
 static inline void save_page(struct page *fpage)
 {
-        fpage->lru.next = (struct list_head *)deferred_pages;
-        deferred_pages = fpage;
+        list_add(&fpage->lru, &deferred_pages);
 }
 
 /* 
@@ -207,18 +213,18 @@ int change_page_attr(struct page *page, int numpages, pgprot_t prot)
 
 void global_flush_tlb(void)
 { 
-        struct page *dpage;
+        struct page *pg, *next;
+        struct list_head l;
 
         down_read(&init_mm.mmap_sem);
-        dpage = xchg(&deferred_pages, NULL);
+        list_replace_init(&deferred_pages, &l);
         up_read(&init_mm.mmap_sem);
 
-        flush_map((dpage && !dpage->lru.next) ? (unsigned long)page_address(dpage) : 0);
-        while (dpage) {
-                struct page *tmp = dpage;
-                dpage = (struct page *)dpage->lru.next;
-                ClearPagePrivate(tmp);
-                __free_page(tmp);
+        flush_map(&l);
+
+        list_for_each_entry_safe(pg, next, &l, lru) {
+                ClearPagePrivate(pg);
+                __free_page(pg);
         } 
 }