ARM: 6255/1: Workaround infinity loop in handling of translation faults

On ARM one Linux PGD entry contains two hardware entries (see page
tables layout in pgtable.h). We normally guarantee that we always
fill both L1 entries. But create_mapping() doesn't follow the rule.
It can create inidividual L1 entries, so here we have to call
pmd_none() check in do_translation_fault() for the entry really
corresponded to address, not for the first of pair.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
index 84131c832430b129b4db1d9999e86dba926f8a9c..564b1c4829e413ddf957b6fa160db6c7034ed6f8 100644 (file)
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -413,7 +413,16 @@ do_translation_fault(unsigned long addr, unsigned int fsr,
        pmd_k = pmd_offset(pgd_k, addr);
        pmd   = pmd_offset(pgd, addr);
 
-       if (pmd_none(*pmd_k))
+       /*
+        * On ARM one Linux PGD entry contains two hardware entries (see page
+        * tables layout in pgtable.h). We normally guarantee that we always
+        * fill both L1 entries. But create_mapping() doesn't follow the rule.
+        * It can create inidividual L1 entries, so here we have to call
+        * pmd_none() check for the entry really corresponded to address, not
+        * for the first of pair.
+        */
+       index = (addr >> SECTION_SHIFT) & 1;
+       if (pmd_none(pmd_k[index]))
                goto bad_area;
 
        copy_pmd(pmd, pmd_k);