Re: [PATCH] ppc64: Fix possible race with set_pte on a present PTE

From: Keith M Wesolowski
Date: Tue May 25 2004 - 10:36:36 EST


On Tue, May 25, 2004 at 07:48:24AM -0700, Linus Torvalds wrote:

> > > the equivalent. You can always do it with a simple compare-and-exchange
> > > loop, something any SMP-capable architecture should have.
>
> The race is:
> - one CPU sets the dirty bit (possibly with a hardware walker, but I
> guess on PA it's probably done in sw)
> - the other CPU sets the accessed bit in sw as part of the
> "handle_pte_fault()" processing.
>
> Right now we set the accessed bit with a simple "ptep_establish()", which
> will use "set_pte()", which is just a regular write. So setting the
> accessed bit will basically be a nonatomic sequence of
>
> - read pte entry
> - entry = pte_mkyoung(entry)
> - set_pte(entry)
>
> which is all done under the mm->page_table_lock, but which does NOT
> protect against any hardware page-table walkers or any asynchronous sw
> walkers (if anybody does them).

Some sparc32 CPUs are also vulnerable to this race; in fact the
supersparc manual describes it specifically and even outlines the
compare-exchange loop using our rotten swap instruction. In our case,
the race is with a hardware walker.

--
Keith M Wesolowski
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/