From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, John David Anglin <dave.anglin@bell.net>,
Helge Deller <deller@gmx.de>, Sasha Levin <sashal@kernel.org>,
stable@kernel.org
Subject: [PATCH 5.10 05/39] parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page
Date: Wed, 21 Sep 2022 17:46:10 +0200 [thread overview]
Message-ID: <20220921153645.891734199@linuxfoundation.org> (raw)
In-Reply-To: <20220921153645.663680057@linuxfoundation.org>
From: John David Anglin <dave.anglin@bell.net>
[ Upstream commit 38860b2c8bb1b92f61396eb06a63adff916fc31d ]
For years, there have been random segmentation faults in userspace on
SMP PA-RISC machines. It occurred to me that this might be a problem in
set_pte_at(). MIPS and some other architectures do cache flushes when
installing PTEs with the present bit set.
Here I have adapted the code in update_mmu_cache() to flush the kernel
mapping when the kernel flush is deferred, or when the kernel mapping
may alias with the user mapping. This simplifies calls to
update_mmu_cache().
I also changed the barrier in set_pte() from a compiler barrier to a
full memory barrier. I know this change is not sufficient to fix the
problem. It might not be needed.
I have had a few days of operation with 5.14.16 to 5.15.1 and haven't
seen any random segmentation faults on rp3440 or c8000 so far.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@kernel.org # 5.12+
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/pgtable.h | 10 ++++++++--
arch/parisc/kernel/cache.c | 4 ++--
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h
index 39017210dbf0..8964798b8274 100644
--- a/arch/parisc/include/asm/pgtable.h
+++ b/arch/parisc/include/asm/pgtable.h
@@ -76,6 +76,8 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr)
purge_tlb_end(flags);
}
+extern void __update_cache(pte_t pte);
+
/* Certain architectures need to do special things when PTEs
* within a page table are directly modified. Thus, the following
* hook is made available.
@@ -83,11 +85,14 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr)
#define set_pte(pteptr, pteval) \
do { \
*(pteptr) = (pteval); \
- barrier(); \
+ mb(); \
} while(0)
#define set_pte_at(mm, addr, pteptr, pteval) \
do { \
+ if (pte_present(pteval) && \
+ pte_user(pteval)) \
+ __update_cache(pteval); \
*(pteptr) = (pteval); \
purge_tlb_entries(mm, addr); \
} while (0)
@@ -305,6 +310,7 @@ extern unsigned long *empty_zero_page;
#define pte_none(x) (pte_val(x) == 0)
#define pte_present(x) (pte_val(x) & _PAGE_PRESENT)
+#define pte_user(x) (pte_val(x) & _PAGE_USER)
#define pte_clear(mm, addr, xp) set_pte_at(mm, addr, xp, __pte(0))
#define pmd_flag(x) (pmd_val(x) & PxD_FLAG_MASK)
@@ -412,7 +418,7 @@ extern void paging_init (void);
#define PG_dcache_dirty PG_arch_1
-extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *);
+#define update_mmu_cache(vms,addr,ptep) __update_cache(*ptep)
/* Encode and de-code a swap entry */
diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c
index 86a1a63563fd..c81ab0cb8925 100644
--- a/arch/parisc/kernel/cache.c
+++ b/arch/parisc/kernel/cache.c
@@ -83,9 +83,9 @@ EXPORT_SYMBOL(flush_cache_all_local);
#define pfn_va(pfn) __va(PFN_PHYS(pfn))
void
-update_mmu_cache(struct vm_area_struct *vma, unsigned long address, pte_t *ptep)
+__update_cache(pte_t pte)
{
- unsigned long pfn = pte_pfn(*ptep);
+ unsigned long pfn = pte_pfn(pte);
struct page *page;
/* We don't have pte special. As a result, we can be called with
--
2.35.1
next prev parent reply other threads:[~2022-09-21 16:00 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-21 15:46 [PATCH 5.10 00/39] 5.10.145-rc1 review Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 01/39] KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 02/39] KVM: PPC: Tick accounting should defer vtime accounting til after IRQ handling Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 03/39] serial: 8250: Fix reporting real baudrate value in c_ospeed field Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 04/39] parisc: Optimize per-pagetable spinlocks Greg Kroah-Hartman
2022-09-21 15:46 ` Greg Kroah-Hartman [this message]
2022-09-21 15:46 ` [PATCH 5.10 06/39] dmaengine: bestcomm: fix system boot lockups Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 07/39] powerpc/pseries/mobility: refactor node lookup during DT update Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 08/39] powerpc/pseries/mobility: ignore ibm, platform-facilities updates Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 09/39] usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 10/39] platform/x86/intel: hid: add quirk to support Surface Go 3 Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 11/39] net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 12/39] of: fdt: fix off-by-one error in unflatten_dt_nodes() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 13/39] pinctrl: sunxi: Fix name for A100 R_PIO Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 14/39] NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 15/39] gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 16/39] drm/meson: Correct OSD1 global alpha value Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 17/39] drm/meson: Fix OSD1 RGB to YCbCr coefficient Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 18/39] parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 19/39] tracing: hold caller_addr to hardirq_{enable,disable}_ip Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 20/39] of/device: Fix up of_dma_configure_id() stub Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 21/39] cifs: revalidate mapping when doing direct writes Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 22/39] cifs: dont send down the destination address to sendmsg for a SOCK_STREAM Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 23/39] tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 24/39] video: fbdev: i740fb: Error out if pixclock equals zero Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 25/39] Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field" Greg Kroah-Hartman
2022-09-21 20:05 ` Pavel Machek
2022-09-22 6:59 ` Greg Kroah-Hartman
2022-09-25 15:20 ` Sasha Levin
2022-09-21 15:46 ` [PATCH 5.10 26/39] ASoC: nau8824: Fix semaphore unbalance at error paths Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 27/39] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 28/39] rxrpc: Fix local destruction being repeated Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 29/39] rxrpc: Fix calc of resend age Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 30/39] wifi: mac80211_hwsim: check length for virtio packets Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 31/39] ALSA: hda/sigmatel: Keep power up while beep is enabled Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 32/39] ALSA: hda/tegra: Align BDL entry to 4KB boundary Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 33/39] net: usb: qmi_wwan: add Quectel RM520N Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 34/39] afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 35/39] MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 36/39] mksysmap: Fix the mismatch of L0 symbols in System.map Greg Kroah-Hartman
2022-09-21 20:06 ` Pavel Machek
2022-09-21 15:46 ` [PATCH 5.10 37/39] video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 38/39] cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.10 39/39] ALSA: hda/sigmatel: Fix unused variable warning for beep power change Greg Kroah-Hartman
2022-09-21 20:03 ` [PATCH 5.10 00/39] 5.10.145-rc1 review Pavel Machek
2022-09-21 20:18 ` Allen Pais
2022-09-21 22:48 ` Florian Fainelli
2022-09-21 22:56 ` Shuah Khan
2022-09-22 7:25 ` Jon Hunter
2022-09-22 9:46 ` Naresh Kamboju
2022-09-22 10:28 ` Sudip Mukherjee (Codethink)
2022-09-22 16:44 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220921153645.891734199@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dave.anglin@bell.net \
--cc=deller@gmx.de \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.