-
Martin Schwidefsky authored
handle_pte_fault uses pte_present, pte_none and pte_file to find out the type of a pte. That is done without holding the page table lock. This clashes with the way how ptep_clear_flush removes active page table entries from the system. First the ipte instruction is used to invalidate the pte and remove all plt entries for the page. The ipte sets the hardware invalid bit without changing any other bit. After the ipte finished the pte is cleared. A concurrent fault can observe the the previously valid pte with the invalid bit set. With the current encoding of the different pte types an invalidated read-only pte can be misinterpreted as a swap-pte. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
83377484