This is a note to let you know that I've just added the patch titled
ARM: 7658/1: mm: fix race updating mm->context.id on ASID rollover
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm-7658-1-mm-fix-race-updating-mm-context.id-on-asid-rollover.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 37f47e3d62533c931b04cb409f2eb299e6342331 Mon Sep 17 00:00:00 2001
From: Will Deacon <will.deacon@xxxxxxx>
Date: Thu, 28 Feb 2013 17:47:20 +0100
Subject: ARM: 7658/1: mm: fix race updating mm->context.id on ASID rollover
From: Will Deacon <will.deacon@xxxxxxx>
commit 37f47e3d62533c931b04cb409f2eb299e6342331 upstream.
If a thread triggers an ASID rollover, other threads of the same process
must be made to wait until the mm->context.id for the shared mm_struct
has been updated to new generation and associated book-keeping (e.g.
TLB invalidation) has ben performed.
However, there is a *tiny* window where both mm->context.id and the
relevant active_asids entry are updated to the new generation, but the
TLB flush has not been performed, which could allow another thread to
return to userspace with a dirty TLB, potentially leading to data
corruption. In reality this will never occur because one CPU would need
to perform a context-switch in the time it takes another to do a couple
of atomic test/set operations but we should plug the race anyway.
This patch moves the active_asids update until after the potential TLB
flush on context-switch.
Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
Signed-off-by: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/arm/mm/context.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/mm/context.c
+++ b/arch/arm/mm/context.c
@@ -204,11 +204,11 @@ void check_and_switch_context(struct mm_
if ((mm->context.id ^ atomic64_read(&asid_generation)) >> ASID_BITS)
new_context(mm, cpu);
- atomic64_set(&per_cpu(active_asids, cpu), mm->context.id);
- cpumask_set_cpu(cpu, mm_cpumask(mm));
-
if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending))
local_flush_tlb_all();
+
+ atomic64_set(&per_cpu(active_asids, cpu), mm->context.id);
+ cpumask_set_cpu(cpu, mm_cpumask(mm));
raw_spin_unlock_irqrestore(&cpu_asid_lock, flags);
switch_mm_fastpath:
Patches currently in stable-queue which might be from will.deacon@xxxxxxx are
queue-3.8/arm-7659-1-mm-make-mm-context.id-an-atomic64_t-variable.patch
queue-3.8/arm-7663-1-perf-fix-armv7-evtype_mask-to-include-nsh-bit.patch
queue-3.8/arm-7658-1-mm-fix-race-updating-mm-context.id-on-asid-rollover.patch
queue-3.8/arm-7654-1-preserve-l_pte_valid-in-pte_modify.patch
queue-3.8/arm-7657-1-head-fix-swapper-and-idmap-population-with-lpae-and-big-endian.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html