From: Nick Piggin <nickpiggin@yahoo.com.au>
To: Hugh Dickins <hugh@veritas.com>
Cc: William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, gregkh@suse.de
Subject: Re: [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
Date: Tue, 24 May 2005 18:02:00 +1000 [thread overview]
Message-ID: <4292DF78.5000900@yahoo.com.au> (raw)
In-Reply-To: <Pine.LNX.4.61.0505240535540.5541@goblin.wat.veritas.com>
Hugh Dickins wrote:
> On Mon, 23 May 2005, William Lee Irwin III wrote:
>
>>On Mon, May 23, 2005 at 05:14:06PM -0700, Andrew Morton wrote:
>>
>>>I must say that I continue to find this approach a bit queazifying.
>>>After some reading of the code I'd agree that yes, it's not possible for us
>>>to get here with `pte' pointing at the first slot of the pte page, but it's
>>>not 100% obvious and it's possible that someone will come along later and
>>>will change things in try_to_unmap_cluster() which cause this unmap to
>>>suddenly do the wrong thing in rare circumstances.
>>>IOW: I'd sleep better at night if we took a temporary and actually unmapped
>>>the thing which we we got back from pte_offset_map().. Am I being silly?
>
>
> There's a similar argument for queasiness in all the other (8 or more)
> instances of the idiom. I think we originally adopted (and I furthered)
> this pte_unmap(pte - 1) idiom because in the majority of architecture's
> configurations pte_unmap does nothing at all, so we resented assigning
> a pointless variable in some critical loops.
>
Still, the compiler should be able to eliminate that extra register
as well as it can eliminate the intermediate (pte - 1) result (that
is to say, I hope perfectly in this day and age).
It may be more of an issue with architectures that actually *do* do
something in pte_unmap, in which case perhaps you increase the
register pressure over the critical loop? I guess we can just laugh
at them.
>
>>Not at all. I merely attempt to minimize diffsize by default. An
>>alternative implementation follows (changelog etc. to be taken
>>from the prior patch) in case it saves the time (however short) needed
>>to write it yourself.
>
>
> Either of wli's patches is fine with me. There are several levels on
> which try_to_unmap_cluster is harder to understand than the others,
> and no good reason to resist the variable assignment.
>
> We could rewrite pte_unmap to avoid the issue completely, since its
> job is to unmap (or pretend to unmap) KM_PTE0's pte if the address
> is in the fixmap area: but changing it to tolerate an off-by-one
> address gives a queasy feeling too.
>
Looks like no architecture (other than maybe frv?) even uses the
kvaddr argument to kunmap_atomic unless HIGHMEM_DEBUG/DEBUG_HIGHMEM
is enabled. If you stored that info elsewhere, you wouldn't even
need to pass the argument in.
But hmm... I don't see anyone getting motivated enough to rewrite the
debug code over this issue :)
--
SUSE Labs, Novell Inc.
next prev parent reply other threads:[~2005-05-24 8:02 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-16 9:13 2.6.12-rc4-mm2 Andrew Morton
2005-05-16 9:25 ` 2.6.12-rc4-mm2 Russell King
2005-05-16 10:50 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 11:17 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 11:38 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 12:15 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 17:11 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 17:43 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 19:30 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 12:30 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-16 17:46 ` 2.6.12-rc4-mm2, alpha and mips broke Jan Dittmer
2005-05-16 20:09 ` Andrew Morton
2005-05-16 19:18 ` 2.6.12-rc4-mm2: proc-pid-smaps.patch broke nommu Adrian Bunk
2005-05-21 2:19 ` Mauricio Lin
2005-05-21 2:39 ` Mauricio Lin
2005-07-21 15:04 ` Adrian Bunk
2005-05-17 9:06 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-17 16:38 ` 2.6.12-rc4-mm2 Richard Purdie
2005-05-18 22:45 ` 2.6.12-rc4-mm2 Richard Purdie
2005-05-18 7:14 ` 2.6.12-rc4-mm2 Coywolf Qi Hunt
[not found] ` <20050516021302.13bd285a.akpm-3NddpPZAyC0@public.gmane.org>
2005-05-18 20:26 ` 2.6.12-rc4-mm2 Alexander Nyberg
2005-05-18 20:26 ` 2.6.12-rc4-mm2 Alexander Nyberg
[not found] ` <1116447964.23209.26.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2005-05-24 8:45 ` 2.6.12-rc4-mm2 Andrew Morton
2005-05-19 14:59 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-22 21:27 ` [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap() William Lee Irwin III
2005-05-22 22:00 ` Andrew Morton
2005-05-24 0:14 ` Andrew Morton
2005-05-24 2:48 ` William Lee Irwin III
2005-05-24 4:38 ` Hugh Dickins
2005-05-24 8:02 ` Nick Piggin [this message]
2007-06-27 0:35 ` Problems with fb console [was Re: 2.6.12-rc4-mm2] J.A. Magallón
2007-06-27 0:54 ` Andrew Morton
2007-06-27 14:21 ` H. Peter Anvin
2007-06-27 7:20 ` DervishD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4292DF78.5000900@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=akpm@osdl.org \
--cc=gregkh@suse.de \
--cc=hugh@veritas.com \
--cc=linux-kernel@vger.kernel.org \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.