Re: [git pull] changes for tip, and a nasty x86 page table bug

[Linus Torvalds]

On Thu, 19 Feb 2009, Steven Rostedt wrote:
> > 
> > How do we ever have a PMD that is read-only? That sounds like a bug to 
> > begin with. There's no reason to ever do that.
> 
> Patch 2/6 explains how this happened, and supplies the fix.

I think your fix is for a real bug, but I think it's still bogus.

That whole "ref_prot" code is SH*T. When we do a set_pmd(), the old 
huge-page protections do not matter AT ALL for the new pmd. It matters for 
the new _leaf_ entries (the "ref_prot" 20 lines higher up), but not for 
the upper level. That should have all bits set.

So the whole

        ref_prot = pte_pgprot(pte_mkexec(pte_clrhuge(*kpte)));
        pgprot_val(ref_prot) |= _PAGE_PRESENT;
        __set_pmd_pte(kpte, address, mk_pte(base, ref_prot));

sequence is utter crap, I think. The whole "ref_prot" there should be just 
_pgprot(_KERNPG_TABLE), I think. I don't think there is any other valid 
value.

So I would argue that the comment above that piece of code is total and 
utter crap (all the protection info _and_ all the PAT bits are now in the 
pte, and trying to move them into the pmd is *buggy*), and the three lines 
should basically be

	__set_pmd_pte(kpte, address, mk_pte(base, _pgprot(_KERNPG_TABLE)));

but let's see if somebody can tell me why I'm wrong.

"git blame" attributes this all to Ying Huang and Thomas. And looking at 
the commit that introduced the pte_mkexec(), I really think the code was 
confused and people never thought about it deeply.

Comments?

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/