* [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range()
@ 2008-04-09 10:08 Roel Kluin
2008-04-09 13:30 ` Johannes Weiner
0 siblings, 1 reply; 5+ messages in thread
From: Roel Kluin @ 2008-04-09 10:08 UTC (permalink / raw)
To: linux-mm, lkml
This is right isn't it?
---
Don't pte_unmap a NULL pointer, but the previous.
Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
---
diff --git a/mm/pagewalk.c b/mm/pagewalk.c
index 1cf1417..6615f0b 100644
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c
@@ -15,7 +15,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
break;
} while (pte++, addr += PAGE_SIZE, addr != end);
- pte_unmap(pte);
+ pte_unmap(pte - 1);
return err;
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range()
2008-04-09 10:08 [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range() Roel Kluin
@ 2008-04-09 13:30 ` Johannes Weiner
2008-04-10 11:42 ` Roel Kluin
2008-04-10 12:09 ` Andreas Schwab
0 siblings, 2 replies; 5+ messages in thread
From: Johannes Weiner @ 2008-04-09 13:30 UTC (permalink / raw)
To: Roel Kluin; +Cc: linux-mm, lkml
Hi,
Roel Kluin <12o3l@tiscali.nl> writes:
> This is right isn't it?
> ---
> Don't pte_unmap a NULL pointer, but the previous.
Which NULL pointer?
> Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
> ---
> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
> index 1cf1417..6615f0b 100644
> --- a/mm/pagewalk.c
> +++ b/mm/pagewalk.c
> @@ -15,7 +15,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
> break;
> } while (pte++, addr += PAGE_SIZE, addr != end);
>
> - pte_unmap(pte);
> + pte_unmap(pte - 1);
> return err;
> }
This does not make any sense to me.
Hannes
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range()
2008-04-09 13:30 ` Johannes Weiner
@ 2008-04-10 11:42 ` Roel Kluin
2008-04-10 12:09 ` Andreas Schwab
1 sibling, 0 replies; 5+ messages in thread
From: Roel Kluin @ 2008-04-10 11:42 UTC (permalink / raw)
To: Johannes Weiner; +Cc: linux-mm, lkml
Johannes Weiner wrote:
> Hi,
>
> Roel Kluin <12o3l@tiscali.nl> writes:
>
>> This is right isn't it?
>> ---
>> Don't pte_unmap a NULL pointer, but the previous.
>
> Which NULL pointer?
>
>> Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
>> ---
>> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
>> index 1cf1417..6615f0b 100644
>> --- a/mm/pagewalk.c
>> +++ b/mm/pagewalk.c
>> @@ -15,7 +15,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
>> break;
>> } while (pte++, addr += PAGE_SIZE, addr != end);
>>
>> - pte_unmap(pte);
>> + pte_unmap(pte - 1);
>> return err;
>> }
>
> This does not make any sense to me.
you are right, please ignore.
> Hannes
thanks,
Roel
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range()
2008-04-09 13:30 ` Johannes Weiner
2008-04-10 11:42 ` Roel Kluin
@ 2008-04-10 12:09 ` Andreas Schwab
2008-04-10 14:01 ` [PATCH] Stay below upper pmd boundary on pte range walk Johannes Weiner
1 sibling, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2008-04-10 12:09 UTC (permalink / raw)
To: Johannes Weiner; +Cc: Roel Kluin, linux-mm, lkml
Johannes Weiner <hannes@saeurebad.de> writes:
>> Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
>> ---
>> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
>> index 1cf1417..6615f0b 100644
>> --- a/mm/pagewalk.c
>> +++ b/mm/pagewalk.c
>> @@ -15,7 +15,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
>> break;
>> } while (pte++, addr += PAGE_SIZE, addr != end);
>>
>> - pte_unmap(pte);
>> + pte_unmap(pte - 1);
>> return err;
>> }
>
> This does not make any sense to me.
There is something fishy here. If the loop ends because addr == end
then pte has been incremented past the pmd page for addr, no?
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstrasse 5, 90409 Nurnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] Stay below upper pmd boundary on pte range walk
2008-04-10 12:09 ` Andreas Schwab
@ 2008-04-10 14:01 ` Johannes Weiner
0 siblings, 0 replies; 5+ messages in thread
From: Johannes Weiner @ 2008-04-10 14:01 UTC (permalink / raw)
To: Andreas Schwab; +Cc: Roel Kluin, linux-mm, lkml, akpm
Hi,
Andreas Schwab <schwab@suse.de> writes:
> Johannes Weiner <hannes@saeurebad.de> writes:
>
>>> Signed-off-by: Roel Kluin <12o3l@tiscali.nl>
>>> ---
>>> diff --git a/mm/pagewalk.c b/mm/pagewalk.c
>>> index 1cf1417..6615f0b 100644
>>> --- a/mm/pagewalk.c
>>> +++ b/mm/pagewalk.c
>>> @@ -15,7 +15,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
>>> break;
>>> } while (pte++, addr += PAGE_SIZE, addr != end);
>>>
>>> - pte_unmap(pte);
>>> + pte_unmap(pte - 1);
>>> return err;
>>> }
>>
>> This does not make any sense to me.
>
> There is something fishy here. If the loop ends because addr == end
> then pte has been incremented past the pmd page for addr, no?
Whoops, yes. But Roel's fix breaks if the break is taken in the first
iteration of the loop, because the pte is then out of the lower bounds
of the pmd page. Please see attached fix.
Hannes
---
After the loop in walk_pte_range() pte might point to the first address
after the pmd it walks. The pte_unmap() is then applied to something
bad.
Spotted by Roel Kluin and Andreas Schwab.
Signed-off-by: Johannes Weiner <hannes@saeurebad.de>
---
A bug is unlikely, though. kunmap_atomic() looks up the kmap entry by
map-type instead of the address the pte points. So the worst thing I
could find with a quick grep was that a wrong TLB entry is being
flushed. Still, the code is wrong :)
diff --git a/mm/pagewalk.c b/mm/pagewalk.c
index 1cf1417..cf3c004 100644
--- a/mm/pagewalk.c
+++ b/mm/pagewalk.c
@@ -13,7 +13,7 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
err = walk->pte_entry(pte, addr, addr + PAGE_SIZE, private);
if (err)
break;
- } while (pte++, addr += PAGE_SIZE, addr != end);
+ } while (addr += PAGE_SIZE, addr != end && pte++);
pte_unmap(pte);
return err;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-04-10 14:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-04-09 10:08 [PATCH] pagewalk: don't pte_unmap(NULL) in walk_pte_range() Roel Kluin
2008-04-09 13:30 ` Johannes Weiner
2008-04-10 11:42 ` Roel Kluin
2008-04-10 12:09 ` Andreas Schwab
2008-04-10 14:01 ` [PATCH] Stay below upper pmd boundary on pte range walk Johannes Weiner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox