Hi all, While reviewing Shameer's reworked VMID allocator [1] and discussing with Marc, we spotted a race between TLB invalidation (which typically takes an ASID or VMID argument) and reallocation of ASID/VMID for the context being targetted. The first patch spells out an example with try_to_unmap_one() in a comment, which Catalin has kindly modelled in TLA+ at [2]. Although I'm posting all this together for ease of review, the intention is that the first patch will go via arm64 with the latter going via kvm. Cheers, Will [1] https://lore.kernel.org/r/20210729104009.382-1-shameerali.kolothum.thodi@xxxxxxxxxx [2] https://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/kernel-tla.git/commit/ Cc: Catalin Marinas <catalin.marinas@xxxxxxx> Cc: Marc Zyngier <maz@xxxxxxxxxx> Cc: Jade Alglave <jade.alglave@xxxxxxx> Cc: Shameer Kolothum <shameerali.kolothum.thodi@xxxxxxxxxx> Cc: <kvmarm@xxxxxxxxxxxxxxxxxxxxx> Cc: <linux-arch@xxxxxxxxxxxxxxx> --->8 Marc Zyngier (3): KVM: arm64: Move kern_hyp_va() usage in __load_guest_stage2() into the callers KVM: arm64: Convert the host S2 over to __load_guest_stage2() KVM: arm64: Upgrade VMID accesses to {READ,WRITE}_ONCE Will Deacon (1): arm64: mm: Fix TLBI vs ASID rollover arch/arm64/include/asm/kvm_mmu.h | 17 ++++++----- arch/arm64/include/asm/mmu.h | 29 ++++++++++++++++--- arch/arm64/include/asm/tlbflush.h | 11 +++---- arch/arm64/kvm/arm.c | 2 +- arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 6 ++-- arch/arm64/kvm/hyp/nvhe/switch.c | 4 ++- arch/arm64/kvm/hyp/nvhe/tlb.c | 2 +- arch/arm64/kvm/hyp/vhe/switch.c | 2 +- arch/arm64/kvm/hyp/vhe/tlb.c | 2 +- arch/arm64/kvm/mmu.c | 2 +- 11 files changed, 52 insertions(+), 27 deletions(-) -- 2.32.0.605.g8dce9f2422-goog