Darin Johnson (
Sat, 16 Aug 1997 21:05:28 -0700 (PDT)

In arch/i386/mm/fault.c, the do_page_fault function, there is a
section of code:

> if (wp_works_ok < 0 && address == 0xc0000000 && (error_code & 1)) {
> wp_works_ok = 1;
> pg0[0] = pte_val(mk_pte(0, PAGE_SHARED));
> flush_tlb();
> goto out;
> }
> if (address < PAGE_SIZE) {
> printk(KERN_ALERT "Unable to handle kernel NULL pointer derefere
> pg0[0] = pte_val(mk_pte(0, PAGE_SHARED));
> } else

This is when a kernel accesses a bad page.

However, the two "mk_pte"s seem incorrect. The mk_pte macro assumes
that kernel virtual memory addresses are passed and will subtract
0xc0000000 from that address. Thus, pg0[0] will get set to the wrong
value (0x40000000 | PAGE_SHARED).

Also, why is pg0[0] being set anyway? Any access to that location
would seem to always be an error. In the first case, the mem_init
code resets pg0[0] to the original value so any change here is
ignored. In the second case, pg0[0] does not seem to be the correct
PTE either (swapper_pg_dir[0] is cleared in paging_init).