5.10-stable review patch. If anyone has any objections, please let me know. ------------------ From: Alexandre Ghiti <alexghiti@xxxxxxxxxxxx> commit a50420c79731fc5cf27ad43719c1091e842a2606 upstream. flush_cache_vmap() must be called after new vmalloc mappings are installed in the page table in order to allow architectures to make sure the new mapping is visible. It could lead to a panic since on some architectures (like powerpc), the page table walker could see the wrong pte value and trigger a spurious page fault that can not be resolved (see commit f1cb8f9beba8 ("powerpc/64s/radix: avoid ptesync after set_pte and ptep_set_access_flags")). But actually the patch is aiming at riscv: the riscv specification allows the caching of invalid entries in the TLB, and since we recently removed the vmalloc page fault handling, we now need to emit a tlb shootdown whenever a new vmalloc mapping is emitted (https://lore.kernel.org/linux-riscv/20230725132246.817726-1-alexghiti@xxxxxxxxxxxx/). That's a temporary solution, there are ways to avoid that :) Link: https://lkml.kernel.org/r/20230809164633.1556126-1-alexghiti@xxxxxxxxxxxx Fixes: 3e9a9e256b1e ("mm: add a vmap_pfn function") Reported-by: Dylan Jhong <dylan@xxxxxxxxxxxxx> Closes: https://lore.kernel.org/linux-riscv/ZMytNY2J8iyjbPPy@xxxxxxxxxxxxxxxxxxxx/ Signed-off-by: Alexandre Ghiti <alexghiti@xxxxxxxxxxxx> Reviewed-by: Christoph Hellwig <hch@xxxxxx> Reviewed-by: Palmer Dabbelt <palmer@xxxxxxxxxxxx> Acked-by: Palmer Dabbelt <palmer@xxxxxxxxxxxx> Reviewed-by: Dylan Jhong <dylan@xxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- mm/vmalloc.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2453,6 +2453,10 @@ void *vmap_pfn(unsigned long *pfns, unsi free_vm_area(area); return NULL; } + + flush_cache_vmap((unsigned long)area->addr, + (unsigned long)area->addr + count * PAGE_SIZE); + return area->addr; } EXPORT_SYMBOL_GPL(vmap_pfn);