On 4/6/2013 7:22 AM, Nicolas Pitre wrote:
On Fri, 5 Apr 2013, Laura Abbott wrote:
The highmem code provides kmap_flush_unused to ensure all kmap
mappings are really removed if they are used. This code does not
You meant "if they are *not* used", right?
Yes, missed a word there
handle kmap_atomic mappings since they are managed separately.
This prevents an issue for any code which relies on having absolutely
no mappings for a particular page. Rather than pay the penalty of
having CONFIG_DEBUG_HIGHMEM on all the time, add functionality
to remove the kmap_atomic mappings in a similar way to kmap_flush_unused.
Could you elaborate on that code that relies on having absolutely no
mappings for a particular page please?
We have a use case where we pass memory to trustzone to have it
protected such that the non-secure environment may not read or write
that memory. The protecting/unprotecting can happen at runtime. If there
are any valid mappings in the page tables, the CPU is free to
speculatively access that memory. If the CPU speculates into a protected
region while in the non-secure world, we get a fault violation.
Essentially this means that even if we reserve the memory at bootup time
with memblock_reserve, if the memory was ever previously mapped with
kmap_atomic (to flush caches for example) we could still end up with
stray mappings which can lead to faults.
In general, it seems like this is missing functionality from the
intended behavior of kmap_flush_unused which is to get rid of all stray
mappings.
This is intended to be an RFC to make sure this approach is
reasonable. The goal is to have kmap_atomic_flush_unused be a public
API.
The clearing code is going to be costly since you do a
set_top_pte(vaddr, __pte(0)) unconditionally on the whole range,
regardless if the PTE is already set to 0.
Good point. I'll add a check for that.
Using it via an hotplug callback is rather strange, but I'm assuming
that this was only for testing?
The hotplug callback is needed because we clear the mappings per-CPU. If
a CPU is hotplugged out with stray mappings they will not be cleared
since on_each_cpu only works on online CPUs.
Nicolas
Thanks,
Laura
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
--
To unsubscribe from this list: send the line "unsubscribe linux-arm-msm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
