Re: [PATCH v3 1/2] mm: migrate: prevent racy access to tlb_flush_pending

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2017-07-27 at 04:40 -0700, Nadav Amit wrote:
> From: Nadav Amit <nadav.amit@xxxxxxxxx>
> 
> Setting and clearing mm->tlb_flush_pending can be performed by
> multiple
> threads, since mmap_sem may only be acquired for read in
> task_numa_work(). If this happens, tlb_flush_pending might be cleared
> while one of the threads still changes PTEs and batches TLB flushes.
> 
> This can lead to the same race between migration and
> change_protection_range() that led to the introduction of
> tlb_flush_pending. The result of this race was data corruption, which
> means that this patch also addresses a theoretically possible data
> corruption.
> 
> An actual data corruption was not observed, yet the race was
> was confirmed by adding assertion to check tlb_flush_pending is not
> set
> by two threads, adding artificial latency in
> change_protection_range()
> and using sysctl to reduce kernel.numa_balancing_scan_delay_ms.
> 
> Fixes: 20841405940e ("mm: fix TLB flush race between migration, and
> change_protection_range")
> 
> Cc: stable@xxxxxxxxxxxxxxx
> 
> Signed-off-by: Nadav Amit <namit@xxxxxxxxxx>
> Acked-by: Mel Gorman <mgorman@xxxxxxx>
> 
Acked-by: Rik van Riel <riel@xxxxxxxxxx>



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]