On Thu, 2018-03-08 at 22:38 +0000, Andy Lutomirski wrote: > On Thu, Mar 8, 2018 at 9:43 PM, Kani, Toshi <toshi.kani@xxxxxxx> wrote: > > On Thu, 2018-03-08 at 14:34 -0600, Gratian Crisan wrote: : > > > > Thanks for the report and analysis! I believe pud_large() and > > pmd_large() should have been used here. I will try to reproduce the > > issue and verify the fix. > > Indeed. I find myself wondering why pud_huge() exists at all. > > While you're at it, I think there may be more bugs in there. > Specifically, the code walks the reference and current tables at the > same time without any synchronization and without READ_ONCE() > protection. I think that all of the BUG() calls below the comment: > > /* > * Below here mismatches are bugs because these lower tables > * are shared: > */ > > are bogus and could be hit due to races. I also think they're > pointless -- we've already asserted that the reference and loaded > tables are literally the same pointers. I think the right fix is to > remove pud_ref, pmd_ref and pte_ref entirely and to get rid of those > BUG() calls. > > What do you think? I agree that these BUG() checks are pointless. I will remove them in this opportunity. Thanks, -Toshi
