From: toshi.kani@hpe.com (Kani, Toshi)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC patch] ioremap: don't set up huge I/O mappings when p4d/pud/pmd is zero
Date: Fri, 5 Jan 2018 22:15:57 +0000 [thread overview]
Message-ID: <1515193319.2108.24.camel@hpe.com> (raw)
In-Reply-To: <1514460261-65222-1-git-send-email-guohanjun@huawei.com>
On Thu, 2017-12-28 at 19:24 +0800, Hanjun Guo wrote:
> From: Hanjun Guo <hanjun.guo@linaro.org>
>
> When we using iounmap() to free the 4K mapping, it just clear the PTEs
> but leave P4D/PUD/PMD unchanged, also will not free the memory of page
> tables.
>
> This will cause issues on ARM64 platform (not sure if other archs have
> the same issue) for this case:
>
> 1. ioremap a 4K size, valid page table will build,
> 2. iounmap it, pte0 will set to 0;
> 3. ioremap the same address with 2M size, pgd/pmd is unchanged,
> then set the a new value for pmd;
> 4. pte0 is leaked;
> 5. CPU may meet exception because the old pmd is still in TLB,
> which will lead to kernel panic.
>
> Fix it by skip setting up the huge I/O mappings when p4d/pud/pmd is
> zero.
Hi Hanjun,
I tested the above steps on my x86 box, but was not able to reproduce
your kernel panic. On x86, a 4K vaddr gets allocated from a small
fragmented free range, whereas a 2MB vaddr is from a larger free range.
Their addrs have different alignments (4KB & 2MB) as well. So, the
steps did not lead to use a same pmd entry.
However, I agree that zero'd pte entries will be leaked when a pmd map
is set if they are present under the pmd.
I also tested your patch on my x86 box. Unfortunately, it effectively
disabled 2MB mappings. While a 2MB vaddr gets allocated from a larger
free range, it sill comes from a free range covered by zero'd pte
entries. So, it ends up with 4KB mappings with your changes.
I think we need to come up with other approach.
Thanks,
-Toshi
next prev parent reply other threads:[~2018-01-05 22:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-28 11:24 [RFC patch] ioremap: don't set up huge I/O mappings when p4d/pud/pmd is zero Hanjun Guo
2017-12-29 8:00 ` Hanjun Guo
2018-01-05 22:15 ` Kani, Toshi [this message]
2018-01-06 9:46 ` Hanjun Guo
2018-01-08 23:36 ` Kani, Toshi
2018-02-20 9:24 ` Chintan Pandya
2018-02-21 0:34 ` Kani, Toshi
[not found] ` <etPan.5a8d2180.1dbfd272.49b8@localhost>
2018-02-21 11:57 ` 答复: " Will Deacon
2018-02-26 10:57 ` Hanjun Guo
2018-02-26 11:04 ` Will Deacon
2018-02-26 12:53 ` Hanjun Guo
2018-02-27 19:49 ` Kani, Toshi
2018-02-27 19:59 ` Will Deacon
2018-02-27 20:02 ` Kani, Toshi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515193319.2108.24.camel@hpe.com \
--to=toshi.kani@hpe.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).