Commit bdc6340f authored by Pallipadi, Venkatesh's avatar Pallipadi, Venkatesh Committed by H. Peter Anvin

x86, pat: Fix set_memory_wc related corruption

Changeset 3869c4aa
that went in after 2.6.30-rc1 was a seemingly small change to _set_memory_wc()
to make it complaint with SDM requirements. But, introduced a nasty bug, which
can result in crash and/or strange corruptions when set_memory_wc is used.
One such crash reported here
http://lkml.org/lkml/2009/7/30/94

Actually, that changeset introduced two bugs.
* change_page_attr_set() takes &addr as first argument and can the addr value
  might have changed on return, even for single page change_page_attr_set()
  call. That will make the second change_page_attr_set() in this routine
  operate on unrelated addr, that can eventually cause strange corruptions
  and bad page state crash.
* The second change_page_attr_set() call, before setting _PAGE_CACHE_WC, should
  clear the earlier _PAGE_CACHE_UC_MINUS, as otherwise cache attribute will not
  be WC (will be UC instead).

The patch below fixes both these problems. Sending a single patch to fix both
the problems, as the change is to the same line of code. The change to have a
addr_copy is not very clean. But, it is simpler than making more changes
through various routines in pageattr.c.

A huge thanks to Jerome for reporting this problem and providing a simple test
case that helped us root cause the problem.
Reported-by: default avatarJerome Glisse <glisse@freedesktop.org>
Signed-off-by: default avatarVenkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: default avatarSuresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <20090730214319.GA1889@linux-os.sc.intel.com>
Acked-by: default avatarDave Airlie <airlied@redhat.com>
Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
parent 0e83815b
...@@ -997,12 +997,15 @@ EXPORT_SYMBOL(set_memory_array_uc); ...@@ -997,12 +997,15 @@ EXPORT_SYMBOL(set_memory_array_uc);
int _set_memory_wc(unsigned long addr, int numpages) int _set_memory_wc(unsigned long addr, int numpages)
{ {
int ret; int ret;
unsigned long addr_copy = addr;
ret = change_page_attr_set(&addr, numpages, ret = change_page_attr_set(&addr, numpages,
__pgprot(_PAGE_CACHE_UC_MINUS), 0); __pgprot(_PAGE_CACHE_UC_MINUS), 0);
if (!ret) { if (!ret) {
ret = change_page_attr_set(&addr, numpages, ret = change_page_attr_set_clr(&addr_copy, numpages,
__pgprot(_PAGE_CACHE_WC), 0); __pgprot(_PAGE_CACHE_WC),
__pgprot(_PAGE_CACHE_MASK),
0, 0, NULL);
} }
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment