From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753531AbdHKRqB (ORCPT ); Fri, 11 Aug 2017 13:46:01 -0400 Received: from imap0.codethink.co.uk ([185.43.218.159]:51497 "EHLO imap0.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752724AbdHKRp7 (ORCPT ); Fri, 11 Aug 2017 13:45:59 -0400 Message-ID: <1502473549.2047.36.camel@codethink.co.uk> Subject: Re: [PATCH 4.4 18/58] mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries From: Ben Hutchings To: Mel Gorman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Nadav Amit , Andy Lutomirski , Andrew Morton , Linus Torvalds , Greg Kroah-Hartman Date: Fri, 11 Aug 2017 18:45:49 +0100 In-Reply-To: <20170809194147.234463750@linuxfoundation.org> References: <20170809194146.501519882@linuxfoundation.org> <20170809194147.234463750@linuxfoundation.org> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2017-08-09 at 12:41 -0700, Greg Kroah-Hartman wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Mel Gorman > > commit 3ea277194daaeaa84ce75180ec7c7a2075027a68 upstream. [...] > +/* > + * Reclaim unmaps pages under the PTL but do not flush the TLB prior to > + * releasing the PTL if TLB flushes are batched. It's possible for a parallel > + * operation such as mprotect or munmap to race between reclaim unmapping > + * the page and flushing the page. If this race occurs, it potentially allows > + * access to data via a stale TLB entry. Tracking all mm's that have TLB > + * batching in flight would be expensive during reclaim so instead track > + * whether TLB batching occurred in the past and if so then do a flush here > + * if required. This will cost one additional flush per reclaim cycle paid > + * by the first operation at risk such as mprotect and mumap. > + * > + * This must be called under the PTL so that an access to tlb_flush_batched > + * that is potentially a "reclaim vs mprotect/munmap/etc" race will synchronise > + * via the PTL. What about USE_SPLIT_PTE_PTLOCKS? I don't see how you can use "the PTL" to synchronise access to a per-mm flag. Ben. > + */ > +void flush_tlb_batched_pending(struct mm_struct *mm) > +{ > + if (mm->tlb_flush_batched) { > + flush_tlb_mm(mm); > + > + /* > + * Do not allow the compiler to re-order the clearing of > + * tlb_flush_batched before the tlb is flushed. > + */ > + barrier(); > + mm->tlb_flush_batched = false; > + } > +} > #else > static void set_tlb_ubc_flush_pending(struct mm_struct *mm, > struct page *page, bool writable) > > -- Ben Hutchings Software Developer, Codethink Ltd.