On Fri, 14 May 2021 10:50:01 +0100, Catalin Marinas wrote:
> To ensure that instructions are observable in a new mapping, the arm64
> set_pte_at() implementation cleans the D-cache and invalidates the
> I-cache to the PoU. As an optimisation, this is only done on executable
> mappings and the PG_dcache_clean page flag is set to avoid future cache
> maintenance on the same page.
>
> When two different processes map the same page (e.g. private executable
> file or shared mapping) there's a potential race on checking and setting
> PG_dcache_clean via set_pte_at() -> __sync_icache_dcache(). While on the
> fault paths the page is locked (PG_locked), mprotect() does not take the
> page lock. The result is that one process may see the PG_dcache_clean
> flag set but the I/D cache maintenance not yet performed.
>
> [...]
Applied to arm64 (for-next/fixes), thanks!
[1/1] arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache()
https://git.kernel.org/arm64/c/588a513d3425
--
Catalin
