 20273941f2
			
		
	
	
	20273941f2
	
	
	
		
			
			Christoph reported a nice splat which illustrated a race in the new stack based kmap_atomic implementation. The problem is that we pop our stack slot before we're completely done resetting its state -- in particular clearing the PTE (sometimes that's CONFIG_DEBUG_HIGHMEM). If an interrupt happens before we actually clear the PTE used for the last slot, that interrupt can reuse the slot in a dirty state, which triggers a BUG in kmap_atomic(). Fix this by introducing kmap_atomic_idx() which reports the current slot index without actually releasing it and use that to find the PTE and delay the _pop() until after we're completely done. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Reported-by: Christoph Hellwig <hch@infradead.org> Acked-by: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
		
			
				
	
	
		
			119 lines
		
	
	
	
		
			3.3 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			119 lines
		
	
	
	
		
			3.3 KiB
			
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Copyright © 2008 Ingo Molnar
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU General Public License as published by
 | |
|  * the Free Software Foundation; either version 2 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful, but
 | |
|  * WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 | |
|  * General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License along
 | |
|  * with this program; if not, write to the Free Software Foundation, Inc.,
 | |
|  * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
 | |
|  */
 | |
| 
 | |
| #include <asm/iomap.h>
 | |
| #include <asm/pat.h>
 | |
| #include <linux/module.h>
 | |
| #include <linux/highmem.h>
 | |
| 
 | |
| static int is_io_mapping_possible(resource_size_t base, unsigned long size)
 | |
| {
 | |
| #if !defined(CONFIG_X86_PAE) && defined(CONFIG_PHYS_ADDR_T_64BIT)
 | |
| 	/* There is no way to map greater than 1 << 32 address without PAE */
 | |
| 	if (base + size > 0x100000000ULL)
 | |
| 		return 0;
 | |
| #endif
 | |
| 	return 1;
 | |
| }
 | |
| 
 | |
| int iomap_create_wc(resource_size_t base, unsigned long size, pgprot_t *prot)
 | |
| {
 | |
| 	unsigned long flag = _PAGE_CACHE_WC;
 | |
| 	int ret;
 | |
| 
 | |
| 	if (!is_io_mapping_possible(base, size))
 | |
| 		return -EINVAL;
 | |
| 
 | |
| 	ret = io_reserve_memtype(base, base + size, &flag);
 | |
| 	if (ret)
 | |
| 		return ret;
 | |
| 
 | |
| 	*prot = __pgprot(__PAGE_KERNEL | flag);
 | |
| 	return 0;
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(iomap_create_wc);
 | |
| 
 | |
| void iomap_free(resource_size_t base, unsigned long size)
 | |
| {
 | |
| 	io_free_memtype(base, base + size);
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(iomap_free);
 | |
| 
 | |
| void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
 | |
| {
 | |
| 	unsigned long vaddr;
 | |
| 	int idx, type;
 | |
| 
 | |
| 	pagefault_disable();
 | |
| 
 | |
| 	type = kmap_atomic_idx_push();
 | |
| 	idx = type + KM_TYPE_NR * smp_processor_id();
 | |
| 	vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
 | |
| 	set_pte(kmap_pte - idx, pfn_pte(pfn, prot));
 | |
| 	arch_flush_lazy_mmu_mode();
 | |
| 
 | |
| 	return (void *)vaddr;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Map 'pfn' using protections 'prot'
 | |
|  */
 | |
| void __iomem *
 | |
| iomap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
 | |
| {
 | |
| 	/*
 | |
| 	 * For non-PAT systems, promote PAGE_KERNEL_WC to PAGE_KERNEL_UC_MINUS.
 | |
| 	 * PAGE_KERNEL_WC maps to PWT, which translates to uncached if the
 | |
| 	 * MTRR is UC or WC.  UC_MINUS gets the real intention, of the
 | |
| 	 * user, which is "WC if the MTRR is WC, UC if you can't do that."
 | |
| 	 */
 | |
| 	if (!pat_enabled && pgprot_val(prot) == pgprot_val(PAGE_KERNEL_WC))
 | |
| 		prot = PAGE_KERNEL_UC_MINUS;
 | |
| 
 | |
| 	return (void __force __iomem *) kmap_atomic_prot_pfn(pfn, prot);
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(iomap_atomic_prot_pfn);
 | |
| 
 | |
| void
 | |
| iounmap_atomic(void __iomem *kvaddr)
 | |
| {
 | |
| 	unsigned long vaddr = (unsigned long) kvaddr & PAGE_MASK;
 | |
| 
 | |
| 	if (vaddr >= __fix_to_virt(FIX_KMAP_END) &&
 | |
| 	    vaddr <= __fix_to_virt(FIX_KMAP_BEGIN)) {
 | |
| 		int idx, type;
 | |
| 
 | |
| 		type = kmap_atomic_idx();
 | |
| 		idx = type + KM_TYPE_NR * smp_processor_id();
 | |
| 
 | |
| #ifdef CONFIG_DEBUG_HIGHMEM
 | |
| 		WARN_ON_ONCE(vaddr != __fix_to_virt(FIX_KMAP_BEGIN + idx));
 | |
| #endif
 | |
| 		/*
 | |
| 		 * Force other mappings to Oops if they'll try to access this
 | |
| 		 * pte without first remap it.  Keeping stale mappings around
 | |
| 		 * is a bad idea also, in case the page changes cacheability
 | |
| 		 * attributes or becomes a protected page in a hypervisor.
 | |
| 		 */
 | |
| 		kpte_clear_flush(kmap_pte-idx, vaddr);
 | |
| 		kmap_atomic_idx_pop();
 | |
| 	}
 | |
| 
 | |
| 	pagefault_enable();
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(iounmap_atomic);
 |