From: Dave Hansen <dave.hansen@intel.com>
To: Matthew Wilcox <willy@infradead.org>,
Yin Fengwei <fengwei.yin@intel.com>
Cc: syzbot <syzbot+55cc72f8cc3a549119df@syzkaller.appspotmail.com>,
akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [mm?] BUG: Bad page map (7)
Date: Mon, 11 Sep 2023 08:34:57 -0700 [thread overview]
Message-ID: <f3379aeb-f394-8c99-5143-f93e82400320@intel.com> (raw)
In-Reply-To: <ZP8VcUIXTjvR3z54@casper.infradead.org>
On 9/11/23 06:26, Matthew Wilcox wrote:
> @@ -231,7 +235,10 @@ static inline void set_ptes(struct mm_struct *mm, unsigned long addr,
> if (--nr == 0)
> break;
> ptep++;
> - pte = __pte(pte_val(pte) + (1UL << PFN_PTE_SHIFT));
> + if (__pte_needs_invert(pte_val(pte)))
> + pte = __pte(pte_val(pte) - (1UL << PFN_PTE_SHIFT));
> + else
> + pte = __pte(pte_val(pte) + (1UL << PFN_PTE_SHIFT));
> }
> arch_leave_lazy_mmu_mode();
> }
This is much better than a whole x86 fork of set_ptes(). But it's still
a bit wonky because it exposes the PTE inversion logic to generic code.
Could we do something like this instead? It'll (probably) end up
repeating the PTE inversion logic each way though the loop, so it's less
efficient than what you have above. But unless I buggered something, it
"just works" without exposing any of the inversion logic to generic code.
The trick is that pte_pfn() undoes the inversion and then pfn_pte()
re-does it on each trip through the loop.
static inline void set_ptes(struct mm_struct *mm, unsigned long addr,
pte_t *ptep, pte_t pte, unsigned int nr)
{
pgprot_t prot = pte_pgprot(x);
unsigned long pfn = pte_pfn(pte);
page_table_check_ptes_set(mm, ptep, pte, nr);
arch_enter_lazy_mmu_mode();
for (;;) {
set_pte(ptep, pte);
if (--nr == 0)
break;
ptep++;
pfn++;
pte = pfn_pte(pfn, pgprot);
}
arch_leave_lazy_mmu_mode();
}
Obviously completely untested. :)
next prev parent reply other threads:[~2023-09-11 15:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-09 17:12 syzbot
2023-09-10 3:02 ` Matthew Wilcox
2023-09-10 3:29 ` syzbot
2023-09-10 3:40 ` Yin, Fengwei
2023-09-11 7:24 ` Yin Fengwei
2023-09-11 7:32 ` Yin Fengwei
2023-09-11 7:12 ` Yin Fengwei
2023-09-11 7:48 ` syzbot
2023-09-11 13:26 ` Matthew Wilcox
2023-09-11 14:00 ` syzbot
2023-09-11 15:34 ` Dave Hansen [this message]
2023-09-11 16:44 ` Matthew Wilcox
2023-09-11 16:55 ` Dave Hansen
2023-09-11 19:12 ` Matthew Wilcox
2023-09-11 20:22 ` Dave Hansen
2023-09-12 4:59 ` Matthew Wilcox
2023-09-12 16:07 ` Dave Hansen
2023-09-12 18:01 ` Dave Hansen
2023-09-14 7:33 ` Yin Fengwei
2023-09-14 8:37 ` Yin Fengwei
2023-09-19 1:11 ` Yin Fengwei
2023-09-19 16:11 ` Dave Hansen
2023-09-20 1:29 ` Yin Fengwei
2023-09-20 1:47 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f3379aeb-f394-8c99-5143-f93e82400320@intel.com \
--to=dave.hansen@intel.com \
--cc=akpm@linux-foundation.org \
--cc=fengwei.yin@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzbot+55cc72f8cc3a549119df@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox