From: catalin.marinas@arm.com (Catalin Marinas)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH 2/2] ARMv7: Invalidate the TLB before freeing page tables
Date: Tue, 15 Feb 2011 11:02:28 +0000 [thread overview]
Message-ID: <1297767748.14691.15.camel@e102109-lin.cambridge.arm.com> (raw)
In-Reply-To: <20110215103127.GC4152@n2100.arm.linux.org.uk>
On Tue, 2011-02-15 at 10:31 +0000, Russell King - ARM Linux wrote:
> On Mon, Feb 14, 2011 at 05:39:58PM +0000, Catalin Marinas wrote:
> > Newer processors like Cortex-A15 may cache entries in the higher page
> > table levels. These cached entries are ASID-tagged and are invalidated
> > during normal TLB operations.
> >
> > When a level 2 (pte) page table is removed, the current code sequence
> > first clears the level 1 (pmd) entry, flushes the cache, frees the level
> > 2 table and then invalidates the TLB. Because of the caching of the
> > higher page table entries, the processor may speculatively create a TLB
> > entry after the level 2 page table has been freed but before the TLB
> > invalidation. If such speculative PTW accesses random data, it could
> > create a global TLB entry that gets used for subsequent user space
> > accesses.
> >
> > The patch ensures that the TLB is invalidated before the page table is
> > freed (pte_free_tlb). Since pte_free_tlb() does not get a vma structure,
> > the patch also introduces flush_tlb_user_page() which takes an mm_struct
> > rather than vma_struct. The original flush_tlb_page() is implemented as
> > a call to flush_tlb_user_page().
>
> We already have support for doing this, and Peter Zijlstra posted patches
> to convert ARM to use a generic implementation of the TLB shootdown code.
>
> http://marc.info/?l=linux-kernel&m=129604765010347&w=2
>
> Does this patch solve your problem?
I don't think it does. Peter's patch moves the ARM TLB support to the
generic one which is a good clean-up, however it doesn't look like
anything is invalidating the TLB entry between pmd_clear() and
pte_free(), only after. This is too late because we may speculatively
get a global TLB entry (which isn't invalidated by the ASID TLB
operations). So with Peter's patch we still have to implement
__pte_free_tlb().
An alternative would be that flush_tlb_page() flushes all the ASIDs for
the corresponding user address and this would include any speculatively
fetched global TLB entries.
--
Catalin
next prev parent reply other threads:[~2011-02-15 11:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-14 17:39 [RFC PATCH 2/2] ARMv7: Invalidate the TLB before freeing page tables Catalin Marinas
2011-02-15 10:31 ` Russell King - ARM Linux
2011-02-15 11:02 ` Catalin Marinas [this message]
2011-02-15 11:32 ` Russell King - ARM Linux
2011-02-15 12:14 ` Russell King - ARM Linux
2011-02-15 14:42 ` Catalin Marinas
2011-02-20 12:12 ` Russell King - ARM Linux
2011-02-21 9:39 ` Catalin Marinas
2011-02-21 10:30 ` Russell King - ARM Linux
2011-02-21 11:04 ` Catalin Marinas
2011-02-21 11:17 ` Russell King - ARM Linux
2011-03-09 15:40 ` Catalin Marinas
2011-03-09 18:35 ` Russell King - ARM Linux
2011-03-11 17:32 ` Catalin Marinas
2011-03-11 19:24 ` Russell King - ARM Linux
2011-03-14 11:15 ` Catalin Marinas
2011-03-14 11:19 ` Russell King - ARM Linux
2011-02-15 12:29 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1297767748.14691.15.camel@e102109-lin.cambridge.arm.com \
--to=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).