Commit 92dc6fcc authored by Hugh Dickins's avatar Hugh Dickins Committed by Linus Torvalds

[PATCH] mm: parisc pte atomicity

There's a worrying function translation_exists in parisc cacheflush.h,
unaffected by split ptlock since flush_dcache_page is using it on some other
mm, without any relevant lock.  Oh well, make it a slightly more robust by
factoring the pfn check within it.  And it looked liable to confuse a
camouflaged swap or file entry with a good pte: fix that too.
Signed-off-by: default avatarHugh Dickins <hugh@veritas.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 69b04754
...@@ -270,7 +270,6 @@ void flush_dcache_page(struct page *page) ...@@ -270,7 +270,6 @@ void flush_dcache_page(struct page *page)
unsigned long offset; unsigned long offset;
unsigned long addr; unsigned long addr;
pgoff_t pgoff; pgoff_t pgoff;
pte_t *pte;
unsigned long pfn = page_to_pfn(page); unsigned long pfn = page_to_pfn(page);
...@@ -301,22 +300,17 @@ void flush_dcache_page(struct page *page) ...@@ -301,22 +300,17 @@ void flush_dcache_page(struct page *page)
* taking a page fault if the pte doesn't exist. * taking a page fault if the pte doesn't exist.
* This is just for speed. If the page translation * This is just for speed. If the page translation
* isn't there, there's no point exciting the * isn't there, there's no point exciting the
* nadtlb handler into a nullification frenzy */ * nadtlb handler into a nullification frenzy.
*
* Make sure we really have this page: the private
if(!(pte = translation_exists(mpnt, addr)))
continue;
/* make sure we really have this page: the private
* mappings may cover this area but have COW'd this * mappings may cover this area but have COW'd this
* particular page */ * particular page.
if(pte_pfn(*pte) != pfn) */
continue; if (translation_exists(mpnt, addr, pfn)) {
__flush_cache_page(mpnt, addr); __flush_cache_page(mpnt, addr);
break; break;
} }
}
flush_dcache_mmap_unlock(mapping); flush_dcache_mmap_unlock(mapping);
} }
EXPORT_SYMBOL(flush_dcache_page); EXPORT_SYMBOL(flush_dcache_page);
......
...@@ -100,30 +100,34 @@ static inline void flush_cache_range(struct vm_area_struct *vma, ...@@ -100,30 +100,34 @@ static inline void flush_cache_range(struct vm_area_struct *vma,
/* Simple function to work out if we have an existing address translation /* Simple function to work out if we have an existing address translation
* for a user space vma. */ * for a user space vma. */
static inline pte_t *__translation_exists(struct mm_struct *mm, static inline int translation_exists(struct vm_area_struct *vma,
unsigned long addr) unsigned long addr, unsigned long pfn)
{ {
pgd_t *pgd = pgd_offset(mm, addr); pgd_t *pgd = pgd_offset(vma->vm_mm, addr);
pmd_t *pmd; pmd_t *pmd;
pte_t *pte; pte_t pte;
if(pgd_none(*pgd)) if(pgd_none(*pgd))
return NULL; return 0;
pmd = pmd_offset(pgd, addr); pmd = pmd_offset(pgd, addr);
if(pmd_none(*pmd) || pmd_bad(*pmd)) if(pmd_none(*pmd) || pmd_bad(*pmd))
return NULL; return 0;
pte = pte_offset_map(pmd, addr); /* We cannot take the pte lock here: flush_cache_page is usually
* called with pte lock already held. Whereas flush_dcache_page
* takes flush_dcache_mmap_lock, which is lower in the hierarchy:
* the vma itself is secure, but the pte might come or go racily.
*/
pte = *pte_offset_map(pmd, addr);
/* But pte_unmap() does nothing on this architecture */
/* The PA flush mappings show up as pte_none, but they're /* Filter out coincidental file entries and swap entries */
* valid none the less */ if (!(pte_val(pte) & (_PAGE_FLUSH|_PAGE_PRESENT)))
if(pte_none(*pte) && ((pte_val(*pte) & _PAGE_FLUSH) == 0)) return 0;
return NULL;
return pte;
}
#define translation_exists(vma, addr) __translation_exists((vma)->vm_mm, addr)
return pte_pfn(pte) == pfn;
}
/* Private function to flush a page from the cache of a non-current /* Private function to flush a page from the cache of a non-current
* process. cr25 contains the Page Directory of the current user * process. cr25 contains the Page Directory of the current user
...@@ -175,9 +179,8 @@ flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long ...@@ -175,9 +179,8 @@ flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long
{ {
BUG_ON(!vma->vm_mm->context); BUG_ON(!vma->vm_mm->context);
if(likely(translation_exists(vma, vmaddr))) if (likely(translation_exists(vma, vmaddr, pfn)))
__flush_cache_page(vma, vmaddr); __flush_cache_page(vma, vmaddr);
} }
#endif #endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment