From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] flush_tlb_range() needs ->page_table_lock when ->mmap_sem is not held
Date: Sat, 10 Mar 2012 08:06:06 +1100 [thread overview]
Message-ID: <1331327166.3105.68.camel@pasglop> (raw)
In-Reply-To: <20120305205354.GM23916@ZenIV.linux.org.uk>
On Mon, 2012-03-05 at 20:53 +0000, Al Viro wrote:
> On Mon, Mar 05, 2012 at 12:30:19PM -0800, Linus Torvalds wrote:
> > Is this safe? And why does it need it? Please add more explanations.
>
> a) safety - as the matter of fact, all other callers either hold either
> ->mmap_sem (exclusive) or ->page_table_lock. flush_tlb_range() is
> called under ->page_table_lock in a lot of places, e.g.
> page_referenced_one() -> pmdp_clear_flush_young_notify() ->
> -> pmdp_clear_flush_young() -> flush_tlb_range(), with
> /* go ahead even if the pmd is pmd_trans_splitting() */
> if (pmdp_clear_flush_young_notify(vma, address, pmd))
> referenced++;
> spin_unlock(&mm->page_table_lock);
> in page_referenced_one().
>
> b) there are instances that work with page tables. See e.g.
> arch/powerpc/mm/tlb_hash32.c, flush_tlb_range() and flush_range() in there.
> The same goes for uml, with a lot more extensive playing with page tables.
Yes, we need to make sure they don't go away. Without any of these locks
page table pages may be freed... however, I don't see the page table
lock ensuring that anymore. The hugetlb_free_pgd_range implementation in
powerpc seemed to have old comments about expecting the PTL to be held
but that doesn't appear to be the case anymore.
In fact I always worry with the whole walking of page tables vs. freeing
them. We use sched RCU to delay the freeing so we -should- be ok if we
keep interrupts off on the walking side but it's fishy.
> Almost all callers are actually fine - flush_tlb_range() may have no need
> to bother playing with page tables, but it can do so safely; again, this
> caller is the sole exception - everything else either has exclusive ->mmap_sem
> on the mm in question, or mm->page_table_lock is held.
mmap_sem will protect vs. page tables freeing. page_table_lock on the
other hand...
Cheers,
Ben.
next prev parent reply other threads:[~2012-03-09 21:06 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-05 6:37 [patches] VM-related fixes Al Viro
2012-03-05 6:38 ` [PATCH 1/3] aout: move setup_arg_pages() prior to reading/mapping the binary Al Viro
2012-03-05 6:39 ` [PATCH 2/3] VM_GROWS{UP,DOWN} shouldn't be set on shmem VMAs Al Viro
2012-03-05 6:40 ` [PATCH 3/3] flush_tlb_range() needs ->page_table_lock when ->mmap_sem is not held Al Viro
2012-03-05 20:30 ` Linus Torvalds
2012-03-05 20:53 ` Al Viro
2012-03-09 21:06 ` Benjamin Herrenschmidt [this message]
2012-03-06 3:38 ` [patches] VM-related fixes Arve Hjønnevåg
2012-03-06 4:10 ` Al Viro
2012-03-06 5:25 ` Arve Hjønnevåg
2012-03-06 5:57 ` Al Viro
2012-03-06 6:36 ` Arve Hjønnevåg
2012-03-08 23:43 ` [PATCH] Staging: android: binder: Fix use-after-free bug Arve Hjønnevåg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1331327166.3105.68.camel@pasglop \
--to=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.