On Mon, Sep 03, 2018 at 01:28:44PM +1000, David Gibson wrote: > On Fri, Aug 31, 2018 at 04:08:50PM +1000, Alexey Kardashevskiy wrote: > > At the moment the real mode handler of H_PUT_TCE calls iommu_tce_xchg_rm() > > which in turn reads the old TCE and if it was a valid entry - marks > > the physical page dirty if it was mapped for writing. Since it is > > the real mode, realmode_pfn_to_page() is used instead of pfn_to_page() > > to get the page struct. However SetPageDirty() itself reads the compound > > page head and returns a virtual address for the head page struct and > > setting dirty bit for that kills the system. > > > > This moves dirty bit setting before updating the hardware table > > Um.. but now you're setting DIRTY based on the *new* TCE's > permissions, instead of the old TCE's permissions, which I don't think > is correct. He's setting dirty on the page which is about to be mapped if the new TCE allows the page to be written by the device. Given that the page is pinned, I don't see any reason why the dirty setting has to be done when the page is unmapped rather than when it is mapped. Do you see a reason? Paul.
