Bug 12800 - x86 PAT invalid vm_insert_pfn assumptions
Summary: x86 PAT invalid vm_insert_pfn assumptions
Status: CLOSED CODE_FIX
Alias: None
Product: Platform Specific/Hardware
Classification: Unclassified
Component: i386 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Venkatesh Pallipadi
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-02 01:40 UTC by Thomas Hellstrom
Modified: 2010-01-19 21:35 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.29 rc series
Tree: Mainline
Regression: Yes


Attachments

Description Thomas Hellstrom 2009-03-02 01:40:28 UTC
Latest working kernel version: 2.6.28-xx
Earliest failing kernel version: 2.6.29-rc series
Distribution:
Hardware Environment:
Software Environment:
X86-Pat enabled

Problem Description:

There are a number of incorrect assumptions in the PAT code entered for 2.6.29:

1) The code incorrectly assumest that no PTEs set up by vm_insert_pfn() are pointing to RAM memory.
Such PTEs will hit
vm_insert_pfn()
track_pfn_vma_new()
reserve_pfn_range()
WARN_ON_ONCE() -> arch/x86/mm/pat.c aroucn line 637

2) If is_linear_pfn_mapping() returns true, the code incorrectly reserves the whole VMA each time vm_insert_pfn is called.
vm_insert_pfn()
track_pfn_vma_new()
is_linear_pfn_mapping() -> reserve_pfn_range(paddr, vma_size, prot, 0);

3) The implementation of is_linear_pfn_mapping in include/linux/mm.h is just incorrect and depends on the device offset user-space enters in mmap()

static inline int is_linear_pfn_mapping(struct vm_area_struct *vma)
{
	return ((vma->vm_flags & VM_PFNMAP) && vma->vm_pgoff);
}

A perhaps correct implementation would be 

static inline int is_linear_pfn_mapping(struct vm_area_struct *vma)
{
	return ((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags));
}

but then again, it would make no sense to test this from vm_insert_pfn.

4) When this is fixed, track_pfn_vma_new() should also be called from
vm_insert_mixed() when that function inserts a PTE pointing to IO / space.
Comment 1 Thomas Hellstrom 2009-03-23 00:23:42 UTC
Items 1) through 3) are fixed.

Keeping item 4 as a reminder, but since that's no regression, clearing the regression flag.
Comment 2 Alan 2009-03-26 16:29:04 UTC
Seems to be linked to the mmap regressions in pwc and savage so re-enabling regression flag
Comment 3 Venkatesh Pallipadi 2009-03-26 16:39:29 UTC
Alan,

Does the patch here
http://marc.info/?l=linux-kernel&m=123691716419111&w=2

resolve the regressions you are seeing?

This fix (a cleaner version of it) was supposed to be in mainline, but I dont see it in git yet.

Note You need to log in before you can comment on or make changes to this bug.