From: Nick Piggin <nickpiggin@yahoo.com.au>
To: Hugh Dickins <hugh@veritas.com>
Cc: William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, gregkh@suse.de
Subject: Re: [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap()
Date: Tue, 24 May 2005 18:02:00 +1000 [thread overview]
Message-ID: <4292DF78.5000900@yahoo.com.au> (raw)
In-Reply-To: <Pine.LNX.4.61.0505240535540.5541@goblin.wat.veritas.com>
Hugh Dickins wrote:
> On Mon, 23 May 2005, William Lee Irwin III wrote:
>
>>On Mon, May 23, 2005 at 05:14:06PM -0700, Andrew Morton wrote:
>>
>>>I must say that I continue to find this approach a bit queazifying.
>>>After some reading of the code I'd agree that yes, it's not possible for us
>>>to get here with `pte' pointing at the first slot of the pte page, but it's
>>>not 100% obvious and it's possible that someone will come along later and
>>>will change things in try_to_unmap_cluster() which cause this unmap to
>>>suddenly do the wrong thing in rare circumstances.
>>>IOW: I'd sleep better at night if we took a temporary and actually unmapped
>>>the thing which we we got back from pte_offset_map().. Am I being silly?
>
>
> There's a similar argument for queasiness in all the other (8 or more)
> instances of the idiom. I think we originally adopted (and I furthered)
> this pte_unmap(pte - 1) idiom because in the majority of architecture's
> configurations pte_unmap does nothing at all, so we resented assigning
> a pointless variable in some critical loops.
>
Still, the compiler should be able to eliminate that extra register
as well as it can eliminate the intermediate (pte - 1) result (that
is to say, I hope perfectly in this day and age).
It may be more of an issue with architectures that actually *do* do
something in pte_unmap, in which case perhaps you increase the
register pressure over the critical loop? I guess we can just laugh
at them.
>
>>Not at all. I merely attempt to minimize diffsize by default. An
>>alternative implementation follows (changelog etc. to be taken
>>from the prior patch) in case it saves the time (however short) needed
>>to write it yourself.
>
>
> Either of wli's patches is fine with me. There are several levels on
> which try_to_unmap_cluster is harder to understand than the others,
> and no good reason to resist the variable assignment.
>
> We could rewrite pte_unmap to avoid the issue completely, since its
> job is to unmap (or pretend to unmap) KM_PTE0's pte if the address
> is in the fixmap area: but changing it to tolerate an off-by-one
> address gives a queasy feeling too.
>
Looks like no architecture (other than maybe frv?) even uses the
kvaddr argument to kunmap_atomic unless HIGHMEM_DEBUG/DEBUG_HIGHMEM
is enabled. If you stored that info elsewhere, you wouldn't even
need to pass the argument in.
But hmm... I don't see anyone getting motivated enough to rewrite the
debug code over this issue :)
--
SUSE Labs, Novell Inc.
next prev parent reply other threads:[~2005-05-24 8:02 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-16 9:13 2.6.12-rc4-mm2 Andrew Morton
2005-05-16 9:25 ` 2.6.12-rc4-mm2 Russell King
2005-05-16 10:50 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 11:17 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 11:38 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 12:15 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 17:11 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 17:43 ` 2.6.12-rc4-mm2 Alexey Dobriyan
2005-05-16 19:30 ` 2.6.12-rc4-mm2 Danny ter Haar
2005-05-16 12:30 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-16 17:46 ` 2.6.12-rc4-mm2, alpha and mips broke Jan Dittmer
2005-05-16 20:09 ` Andrew Morton
2005-05-16 19:18 ` 2.6.12-rc4-mm2: proc-pid-smaps.patch broke nommu Adrian Bunk
2005-05-21 2:19 ` Mauricio Lin
2005-05-21 2:39 ` Mauricio Lin
2005-07-21 15:04 ` Adrian Bunk
2005-05-17 9:06 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-17 16:38 ` 2.6.12-rc4-mm2 Richard Purdie
2005-05-18 22:45 ` 2.6.12-rc4-mm2 Richard Purdie
2005-05-18 7:14 ` 2.6.12-rc4-mm2 Coywolf Qi Hunt
2005-05-18 20:26 ` 2.6.12-rc4-mm2 Alexander Nyberg
2005-05-19 14:59 ` 2.6.12-rc4-mm2 Brice Goglin
2005-05-22 21:27 ` [bugfix] try_to_unmap_cluster() passes out-of-bounds pte to pte_unmap() William Lee Irwin III
2005-05-22 22:00 ` Andrew Morton
2005-05-24 0:14 ` Andrew Morton
2005-05-24 2:48 ` William Lee Irwin III
2005-05-24 4:38 ` Hugh Dickins
2005-05-24 8:02 ` Nick Piggin [this message]
2007-06-27 0:35 ` Problems with fb console [was Re: 2.6.12-rc4-mm2] J.A. Magallón
2007-06-27 0:54 ` Andrew Morton
2007-06-27 14:21 ` H. Peter Anvin
2007-06-27 7:20 ` DervishD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4292DF78.5000900@yahoo.com.au \
--to=nickpiggin@yahoo.com.au \
--cc=akpm@osdl.org \
--cc=gregkh@suse.de \
--cc=hugh@veritas.com \
--cc=linux-kernel@vger.kernel.org \
--cc=wli@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox