Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751328AbWBVDzV (ORCPT ); Tue, 21 Feb 2006 22:55:21 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751329AbWBVDzV (ORCPT ); Tue, 21 Feb 2006 22:55:21 -0500 Received: from xproxy.gmail.com ([66.249.82.192]:39247 "EHLO xproxy.gmail.com") by vger.kernel.org with ESMTP id S1751328AbWBVDzV convert rfc822-to-8bit (ORCPT ); Tue, 21 Feb 2006 22:55:21 -0500 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fXMahmXfRnPWICbXMVZ164iw4EA1XsAbJ98O0eyywDAA3G53U5AuF9KBz53pFvw650rrIUoMCv33FMLyQs4asfAD4ruy9vRPXi6oWoeBshZBwpIYGGrOD68MslGyZxjAHRhNmdcIXf0FvlR5bQh0DSccVtLofgnlQ5bZRGNJ9jg= Message-ID: Date: Tue, 21 Feb 2006 20:55:15 -0700 From: David Mosberger-Tang To: "Chen, Kenneth W" Subject: Re: IA64 non-contiguous memory space bugs Cc: David Gibson , linux-ia64@vger.kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <200602220253.k1M2rWg10346@unix-os.sc.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Content-Disposition: inline References: <20060222001359.GA23574@localhost.localdomain> <200602220253.k1M2rWg10346@unix-os.sc.intel.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1572 Lines: 39 I'm only following this superficially, but keep in mind that a vm-area MUST NEVER cross a hole. --david On 2/21/06, Chen, Kenneth W wrote: > David Gibson wrote on Tuesday, February 21, 2006 4:14 PM > > First bug (confirmed many months ago by Chris Wedgwood) - you can get > > weird effects if you attempt to mmap() something into one of the > > address space gaps. The ia64 outer wrapper for mmap2() tries to > > prevent it, but doesn't do a good enough job, it's still possible > > indirectly with shmat() and maybe mremap(). Basic trouble is that > > most of the checks applied by the generic code assume that everything > > between 0 and TASK_SIZE is valid. > > Ha ha ha. > > On ia64, the low level tlb fault handler (vhpt_miss and nested_dtlb_miss) > checks that all unused address bits (between REGION_NUMBER and PGDIR_SHIFT) > should be all zero. If they are not zero, it will fall into page fault > handler and in there, ia64 should just send SEGV instead of happily hand > over a page. Buggy buggy.... > > - Ken > > - > To unsubscribe from this list: send the line "unsubscribe linux-ia64" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Mosberger Consulting LLC, http://www.mosberger-consulting.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/