+ mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
has been added to the -mm tree.  Its filename is
     mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Lars Persson <lars.persson@xxxxxxxx>
Subject: mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate

Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and
SIGSEGV that could not be traced back to a userspace code bug.  They had
all the magic signs of an I/D cache coherency issue.

Now recently we noticed that the /proc/sys/vm/compact_memory interface was
quite efficient at provoking this class of userspace crashes.

Studying the code in mm/migrate.c there is a distinction made between
migrating a page that is mapped at the instant of migration and one that
is not mapped.  Our problem turned out to be the non-mapped pages.

For the non-mapped page the code performs a copy of the page content and
all relevant meta-data of the page without doing the required D-cache
maintenance.  This leaves dirty data in the D-cache of the CPU and on the
1004K cores this data is not visible to the I-cache.  A subsequent
page-fault that triggers a mapping of the page will happily serve the
process with potentially stale code.

What about ARM then, this bug should have seen greater exposure?  Well ARM
became immune to this flaw back in 2010, see commit c01778001a4f ("ARM:
6379/1: Assume new page cache pages have dirty D-cache").

My proposed fix moves the D-cache maintenance inside move_to_new_page to
make it common for both cases.

Link: http://lkml.kernel.org/r/20190315083502.11849-1-larper@xxxxxxxx
Fixes: 97ee0524614 ("flush cache before installing new page at migraton")
Signed-off-by: Lars Persson <larper@xxxxxxxx>
Reviewed-by: Paul Burton <paul.burton@xxxxxxxx>
Acked-by: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
Cc: Ralf Baechle <ralf@xxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---


--- a/mm/migrate.c~mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate
+++ a/mm/migrate.c
@@ -248,10 +248,8 @@ static bool remove_migration_pte(struct
 				pte = swp_entry_to_pte(entry);
 			} else if (is_device_public_page(new)) {
 				pte = pte_mkdevmap(pte);
-				flush_dcache_page(new);
 			}
-		} else
-			flush_dcache_page(new);
+		}
 
 #ifdef CONFIG_HUGETLB_PAGE
 		if (PageHuge(new)) {
@@ -995,6 +993,13 @@ static int move_to_new_page(struct page
 		 */
 		if (!PageMappingFlags(page))
 			page->mapping = NULL;
+
+		if (unlikely(is_zone_device_page(newpage))) {
+			if (is_device_public_page(newpage))
+				flush_dcache_page(newpage);
+		} else
+			flush_dcache_page(newpage);
+
 	}
 out:
 	return rc;
_

Patches currently in -mm which might be from lars.persson@xxxxxxxx are

mm-migrate-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux