Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/borntraeger...

[cascardo/linux.git] / mm / memory.c

diff --git a/mm/memory.c b/mm/memory.c
index 6efe36a..649e7d4 100644 (file)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -2996,6 +2996,12 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
 
        if (set_page_dirty(fault_page))
                dirtied = 1;
+       /*
+        * Take a local copy of the address_space - page.mapping may be zeroed
+        * by truncate after unlock_page().   The address_space itself remains
+        * pinned by vma->vm_file's reference.  We rely on unlock_page()'s
+        * release semantics to prevent the compiler from undoing this copying.
+        */
        mapping = fault_page->mapping;
        unlock_page(fault_page);
        if ((dirtied || vma->vm_ops->page_mkwrite) && mapping) {
@@ -3189,7 +3195,16 @@ static int handle_pte_fault(struct mm_struct *mm,
        pte_t entry;
        spinlock_t *ptl;
 
-       entry = ACCESS_ONCE(*pte);
+       /*
+        * some architectures can have larger ptes than wordsize,
+        * e.g.ppc44x-defconfig has CONFIG_PTE_64BIT=y and CONFIG_32BIT=y,
+        * so READ_ONCE or ACCESS_ONCE cannot guarantee atomic accesses.
+        * The code below just needs a consistent view for the ifs and
+        * we later double check anyway with the ptl lock held. So here
+        * a barrier will do.
+        */
+       entry = *pte;
+       barrier();
        if (!pte_present(entry)) {
                if (pte_none(entry)) {
                        if (vma->vm_ops) {