diff for duplicates of <20120821150618.GJ27696@redhat.com> diff --git a/a/1.txt b/N1/1.txt index fc9576c..5332a79 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -92,88 +92,3 @@ PT lock (set_pte_at_notify must always run under the PT lock of course). How about this: ===== ->From 160a0b1b2be9bf96c45b30d9423f8196ecebe351 Mon Sep 17 00:00:00 2001 -From: Andrea Arcangeli <aarcange@redhat.com> -Date: Tue, 21 Aug 2012 16:48:11 +0200 -Subject: [PATCH] mmu_notifier: fix race in set_pte_at_notify usage - -Whenever we establish a writable spte with set_pte_at_notify the -ptep_clear_flush before it must be a _notify one that clears the spte -too. - -The fundamental problem is that if the primary MMU that writes to the -"newpage" won't fault again if the pte established by -set_pte_at_notify is writable. And so it will fail to serialize -against the PT lock to wait the set_pte_at_notify to finish -updating all secondary MMUs before the write hits the newpage. - -CPU0 CPU1 - oldpage[1] == 0 (all MMUs) -oldpage[0] = 1 -trigger do_wp_page -take PT lock -ptep_clear_flush (secondary MMUs -still have read access to oldpage) -mmu_notifier_change_pte -pte = newpage + writable (primary MMU can write to -newpage) - host write newpage[1] == 1 (no fault, - failed to serialize against PT lock) - vmenter - guest read oldpage[1] == 0 -spte = newpage + writable (too late) - -It's safe to use set_pte_at_notify with a ptep_clear_flush (_notify -not) only if we establish a readonly pte with it (like KSM does) -because in that case the write done by the primary MMU will fault and -serialize against the PT lock. - -set_pte_at_notify is still worth to use even if we have to do -ptep_clear_flush_notify before it, because it will still avoid the -secondary MMU to trigger secondary MMU page faults to access the new -page (if it has sptes and it's not only a TLB with a TLB miss -implemented by follow_page). - -Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> ---- - include/linux/mmu_notifier.h | 7 +++++++ - mm/memory.c | 2 +- - 2 files changed, 8 insertions(+), 1 deletions(-) - -diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h -index ee2baf0..cce4e4f 100644 ---- a/include/linux/mmu_notifier.h -+++ b/include/linux/mmu_notifier.h -@@ -75,6 +75,13 @@ struct mmu_notifier_ops { - /* - * change_pte is called in cases that pte mapping to page is changed: - * for example, when ksm remaps pte to point to a new shared page. -+ * -+ * NOTE: If this method is used to setup a writable pte, it -+ * must be preceded by a secondary MMU invalidate before the -+ * pte is established in the primary MMU. That is required to -+ * avoid the old page won't be still be readable by the -+ * secondary MMUs after the primary MMU gains write access to -+ * the newpage. - */ - void (*change_pte)(struct mmu_notifier *mn, - struct mm_struct *mm, -diff --git a/mm/memory.c b/mm/memory.c -index ec12fc9..88749f3 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -2720,7 +2720,7 @@ gotten: - * seen in the presence of one thread doing SMC and another - * thread doing COW. - */ -- ptep_clear_flush(vma, address, page_table); -+ ptep_clear_flush_notify(vma, address, page_table); - page_add_new_anon_rmap(new_page, vma, address); - /* - * We call the notify macro here because, when using secondary - --- -To unsubscribe, send a message with 'unsubscribe linux-mm' in -the body to majordomo@kvack.org. For more info on Linux MM, -see: http://www.linux-mm.org/ . -Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> diff --git a/a/content_digest b/N1/content_digest index 0463055..3c91462 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -104,91 +104,6 @@ "\n" "How about this:\n" "\n" - "=====\n" - ">From 160a0b1b2be9bf96c45b30d9423f8196ecebe351 Mon Sep 17 00:00:00 2001\n" - "From: Andrea Arcangeli <aarcange@redhat.com>\n" - "Date: Tue, 21 Aug 2012 16:48:11 +0200\n" - "Subject: [PATCH] mmu_notifier: fix race in set_pte_at_notify usage\n" - "\n" - "Whenever we establish a writable spte with set_pte_at_notify the\n" - "ptep_clear_flush before it must be a _notify one that clears the spte\n" - "too.\n" - "\n" - "The fundamental problem is that if the primary MMU that writes to the\n" - "\"newpage\" won't fault again if the pte established by\n" - "set_pte_at_notify is writable. And so it will fail to serialize\n" - "against the PT lock to wait the set_pte_at_notify to finish\n" - "updating all secondary MMUs before the write hits the newpage.\n" - "\n" - "CPU0 \t\t \t \tCPU1\n" - "\t\t\t\toldpage[1] == 0 (all MMUs)\n" - "oldpage[0] = 1\n" - "trigger do_wp_page\n" - "take PT lock\n" - "ptep_clear_flush (secondary MMUs\n" - "still have read access to oldpage)\n" - "mmu_notifier_change_pte\n" - "pte = newpage + writable (primary MMU can write to\n" - "newpage)\n" - "\t\t\t\thost write newpage[1] == 1 (no fault,\n" - "\t\t\t\tfailed to serialize against PT lock)\n" - "\t\t\t\tvmenter\n" - "\t\t\t\tguest read oldpage[1] == 0\n" - "spte = newpage + writable (too late)\n" - "\n" - "It's safe to use set_pte_at_notify with a ptep_clear_flush (_notify\n" - "not) only if we establish a readonly pte with it (like KSM does)\n" - "because in that case the write done by the primary MMU will fault and\n" - "serialize against the PT lock.\n" - "\n" - "set_pte_at_notify is still worth to use even if we have to do\n" - "ptep_clear_flush_notify before it, because it will still avoid the\n" - "secondary MMU to trigger secondary MMU page faults to access the new\n" - "page (if it has sptes and it's not only a TLB with a TLB miss\n" - "implemented by follow_page).\n" - "\n" - "Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>\n" - "---\n" - " include/linux/mmu_notifier.h | 7 +++++++\n" - " mm/memory.c | 2 +-\n" - " 2 files changed, 8 insertions(+), 1 deletions(-)\n" - "\n" - "diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h\n" - "index ee2baf0..cce4e4f 100644\n" - "--- a/include/linux/mmu_notifier.h\n" - "+++ b/include/linux/mmu_notifier.h\n" - "@@ -75,6 +75,13 @@ struct mmu_notifier_ops {\n" - " \t/*\n" - " \t * change_pte is called in cases that pte mapping to page is changed:\n" - " \t * for example, when ksm remaps pte to point to a new shared page.\n" - "+\t *\n" - "+\t * NOTE: If this method is used to setup a writable pte, it\n" - "+\t * must be preceded by a secondary MMU invalidate before the\n" - "+\t * pte is established in the primary MMU. That is required to\n" - "+\t * avoid the old page won't be still be readable by the\n" - "+\t * secondary MMUs after the primary MMU gains write access to\n" - "+\t * the newpage.\n" - " \t */\n" - " \tvoid (*change_pte)(struct mmu_notifier *mn,\n" - " \t\t\t struct mm_struct *mm,\n" - "diff --git a/mm/memory.c b/mm/memory.c\n" - "index ec12fc9..88749f3 100644\n" - "--- a/mm/memory.c\n" - "+++ b/mm/memory.c\n" - "@@ -2720,7 +2720,7 @@ gotten:\n" - " \t\t * seen in the presence of one thread doing SMC and another\n" - " \t\t * thread doing COW.\n" - " \t\t */\n" - "-\t\tptep_clear_flush(vma, address, page_table);\n" - "+\t\tptep_clear_flush_notify(vma, address, page_table);\n" - " \t\tpage_add_new_anon_rmap(new_page, vma, address);\n" - " \t\t/*\n" - " \t\t * We call the notify macro here because, when using secondary\n" - "\n" - "--\n" - "To unsubscribe, send a message with 'unsubscribe linux-mm' in\n" - "the body to majordomo@kvack.org. For more info on Linux MM,\n" - "see: http://www.linux-mm.org/ .\n" - "Don't email: <a href=mailto:\"dont@kvack.org\"> email@kvack.org </a>" + ===== -68f303e520e7044af1fdeaee0fed494ec74913cce98c5a3ee235bd0a38eaca30 +318125aad715db179f6ec25d4d0ae41ebb57804f2f9a5a1efa8271a77a046a0f
diff --git a/a/1.txt b/N2/1.txt index fc9576c..fab6eda 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -171,9 +171,3 @@ index ec12fc9..88749f3 100644 page_add_new_anon_rmap(new_page, vma, address); /* * We call the notify macro here because, when using secondary - --- -To unsubscribe, send a message with 'unsubscribe linux-mm' in -the body to majordomo@kvack.org. For more info on Linux MM, -see: http://www.linux-mm.org/ . -Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a> diff --git a/a/content_digest b/N2/content_digest index 0463055..c744d34 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -183,12 +183,6 @@ "+\t\tptep_clear_flush_notify(vma, address, page_table);\n" " \t\tpage_add_new_anon_rmap(new_page, vma, address);\n" " \t\t/*\n" - " \t\t * We call the notify macro here because, when using secondary\n" - "\n" - "--\n" - "To unsubscribe, send a message with 'unsubscribe linux-mm' in\n" - "the body to majordomo@kvack.org. For more info on Linux MM,\n" - "see: http://www.linux-mm.org/ .\n" - "Don't email: <a href=mailto:\"dont@kvack.org\"> email@kvack.org </a>" + " \t\t * We call the notify macro here because, when using secondary" -68f303e520e7044af1fdeaee0fed494ec74913cce98c5a3ee235bd0a38eaca30 +cb3195d06fd0f8afda0b30e5f6076d0b5335931402e0322ce269ca2e93e65c2d
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.