Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vspmd_populate SMP race condition

From: Linus Torvalds
Date: Thu Jun 07 2012 - 13:47:05 EST

Next message: Andi Kleen: "Re: [PATCH 10/11] Introduce single user mode"
Previous message: Khalid Aziz: "Re: [PATCH] Disable Bus Master on PCI device shutdown"
In reply to: Andrea Arcangeli: "Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vspmd_populate SMP race condition"
Next in thread: Andrea Arcangeli: "Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vspmd_populate SMP race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 7, 2012 at 7:42 AM, Andrea Arcangeli <aarcange@xxxxxxxxxx> wrote:
>
> From the oops it looks like atomic64_read trips on a dangling pmdp
> pointer, but if the problem doesn't happen with Xen then the pointer
> value shouldn't be the problem, and in turn the lock cmpxchg8b used to
> access the pointer is likely the problem.

So I assume that Xen just turns the page tables read-only in order to
track them, and then assumes that nobody modifies them in the
particular section. And the cmpxchg64 looks like a modification, even
if we only use it to read things.

Andrea, do we have any guarantees like "once it has turned into a
regular page table, we won't see it turn back if we hold the mmap
sem"? Or anything like that? Because it is possible that we could do
this entirely with some ordering guarantee - something like the
attached patch?

Totally untested, of course.

Linus

Attachment: patch.diff
Description: Binary data

Next message: Andi Kleen: "Re: [PATCH 10/11] Introduce single user mode"
Previous message: Khalid Aziz: "Re: [PATCH] Disable Bus Master on PCI device shutdown"
In reply to: Andrea Arcangeli: "Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vspmd_populate SMP race condition"
Next in thread: Andrea Arcangeli: "Re: [ 08/82] mm: pmd_read_atomic: fix 32bit PAE pmd walk vspmd_populate SMP race condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]