From: Ard Biesheuvel <[email protected]> Sashiko reports:
| If pmd_set_huge() rejects an unsafe page table transition (such as | mapping a different physical address over an existing block mapping), | it returns 0 and leaves the page table entry unmodified. | | Because *pmdp remains unmodified, READ_ONCE(pmd_val(*pmdp)) will equal | pmd_val(old_pmd). The transition from old_pmd to old_pmd is evaluated | as safe by pgattr_change_is_safe(), so the BUG_ON never triggers. | | This allows invalid and unsafe mapping updates to be silently dropped | instead of panicking, leaving stale memory mappings active while the | caller assumes the update was successful. The same applies to pud_set_huge() in alloc_init_pud(). Given how it is generally preferred to limp on rather than blow up the system if an unexpected condition such as this one occurs, and the fact that there are no known cases where this disparity results in real problems, let's WARN on these failures rather than BUG, allowing the system to survive to the point where it can actually report them. Signed-off-by: Ard Biesheuvel <[email protected]> --- arch/arm64/mm/mmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index aa0e2c6435f7..b2ba5b35c35f 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -257,7 +257,7 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, unsigned long end, /* try section mapping first */ if (((addr | next | phys) & ~PMD_MASK) == 0 && (flags & NO_BLOCK_MAPPINGS) == 0) { - pmd_set_huge(pmdp, phys, prot); + WARN_ON(!pmd_set_huge(pmdp, phys, prot)); /* * After the PMD entry has been populated once, we @@ -380,7 +380,7 @@ static int alloc_init_pud(p4d_t *p4dp, unsigned long addr, unsigned long end, if (pud_sect_supported() && ((addr | next | phys) & ~PUD_MASK) == 0 && (flags & NO_BLOCK_MAPPINGS) == 0) { - pud_set_huge(pudp, phys, prot); + WARN_ON(!pud_set_huge(pudp, phys, prot)); /* * After the PUD entry has been populated once, we -- 2.54.0.794.g4f17f83d09-goog
