From: linux@arm.linux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: Kernel related (?) user space crash at ARM11 MPCore
Date: Sun, 25 Oct 2009 13:39:18 +0000 [thread overview]
Message-ID: <20091025133918.GB32406@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <1256038748.32578.14.camel@pc1117.cambridge.arm.com>
On Tue, Oct 20, 2009 at 12:39:08PM +0100, Catalin Marinas wrote:
> On Thu, 2009-10-15 at 16:56 +0100, Catalin Marinas wrote:
> > On Thu, 2009-10-15 at 16:28 +0100, Russell King - ARM Linux wrote:
> > > On Thu, Oct 15, 2009 at 04:20:22PM +0100, Catalin Marinas wrote:
> > > > On Thu, 2009-10-15 at 15:57 +0100, Russell King - ARM Linux wrote:
> > > > > On Mon, Sep 21, 2009 at 11:07:51AM +0100, Russell King - ARM Linux wrote:
> > > > > > On Mon, Sep 21, 2009 at 10:44:23AM +0100, Catalin Marinas wrote:
> > > > > > > We would need to fix this somehow as well. We currently handle the
> > > > > > > I-cache in update_mmu_cache() when a page is first mapped if it has
> > > > > > > VM_EXEC set.
> > > > > >
> > > > > > The reason I'm pushing you hard to separate the two issues is that the
> > > > > > two should be treated separately. I think we need to consider ensuring
> > > > > > that freed pages do not have any I-cache lines associated with them,
> > > > > > rather than waiting for them to be allocated and then dealing with the
> > > > > > I-cache problem.
> > > > >
> > > > > Having now benchmarked this (making flush_cache_* always invalidate
> > > > > the I-cache, so free'd pages are I-cache clean), and to me, the results
> > > > > quite look promising - please try out this patch.
> [...]
> > > > Before trying the patch, I don't entirely agree with the approach. You
> > > > will get speculative fetches in the I-cache via the kernel linear
> > > > mapping (where NX is always cleared) on newer processors and may end up
> > > > with random faults in user space (not that likely but not impossible
> > > > either).
> > >
> > > That means we have no option but to flush the I-cache every time a page
> > > is placed into userspace - we might as well make update_mmu_cache
> > > unconditionally flush the I-cache every time its called.
> [...]
> > We can flush the D-cache in copy_user_page(), maybe lazily via
> > flush_dcache_page() and invalidate the I-cache in update_mmu_cache() if
> > PG_arch_1 (ignoring VM_EXEC).
>
> Something like below (based on your original suggestion for flushing the
> D-cache in copy_user_highpage).
>
> BTW, the cache flushing code in Linux can be optimised a bit more on
> VIPT caches:
>
> * __cpuc_flush_dcache_page() could cope with just D-cache clean
> rather than clean+invalidate
No it can not - that breaks shared mappings. The problem is that
flush_dcache_page() is used in two circumstances. These are described
in more detail in cachetlb.txt, but briefly:
1. After the kernel writes to its mapping for a page cache page, and needs
to ensure that those writes are visible to shared mmap()s in userspace.
2. Before the kernel reads from its mapping for a page cache page, and
needs to ensure that it reads up to date data written by userspace
into those mappings.
So just cleaning the D-cache means that (2) will return stale data.
> * whole I-cache invalidation was needed for some ARM1136 erratum.
> We can conditionally revert it to invalidating a range
That's not what the commit (826cbda) says which implemented it. Also,
since we have broken I-cache flushes even with the erratum enabled,
let's fix the work-around and re-evaluate the situation before changing
anything.
It could be that some of the I-cache problems are caused by the improperly
fixed erratum.
> Flush the D-cache during copy_user_highpage()
>
> From: Catalin Marinas <catalin.marinas@arm.com>
>
> The I and D caches for copy-on-write pages on processors with
> write-allocate caches become incoherent causing problems on application
> relying on CoW for text pages (dynamic linker relocating symbols in a
> text page). This patch flushes the D-cache for such pages (possibly
> lazily via update_mmu_cache which also takes care of the I-cache).
Actually, I think this is caused by a missing I-cache flush in
flush_cache_range(). Adding that flush should resolve this problem
in hand (and make VIPT aliasing and VIPT non-aliasing behave in the
same manner.) That's something which my patch previously posted in
this thread did.
Note also that with ASID tagged VIVT I-cache, we are missing out
on cache flushing. As you've identified, it's entirely possible
for text page translations to be changed, and according to B3.4.1
bullet 2, a flush is required.
next prev parent reply other threads:[~2009-10-25 13:39 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4A7AEEB6.5060903@googlemail.com>
[not found] ` <1250184014.14019.40.camel@pc1117.cambridge.arm.com>
[not found] ` <1250501311.9858.24.camel@pc1117.cambridge.arm.com>
[not found] ` <20090817140422.GA10764@n2100.arm.linux.org.uk>
2009-08-29 12:27 ` Kernel related (?) user space crash at ARM11 MPCore Catalin Marinas
2009-08-31 8:30 ` Catalin Marinas
2009-09-07 15:29 ` Catalin Marinas
2009-09-07 15:56 ` Dirk Behme
2009-09-07 16:43 ` Catalin Marinas
2009-09-07 17:31 ` Mikael Pettersson
2009-09-07 21:40 ` Catalin Marinas
2009-09-03 11:58 ` Dirk Behme
[not found] ` <1250529916.11185.80.camel@pc1117.cambridge.arm.com>
[not found] ` <20090919224022.GA738@n2100.arm.linux.org.uk>
[not found] ` <1253435940.498.15.camel@pc1117.cambridge.arm.com>
2009-09-20 9:31 ` Russell King - ARM Linux
2009-09-20 19:02 ` Russell King - ARM Linux
2009-09-20 22:46 ` Catalin Marinas
2009-09-21 8:31 ` Jamie Lokier
2009-09-21 8:41 ` Russell King - ARM Linux
2009-09-21 9:41 ` Jamie Lokier
2009-09-21 10:08 ` Catalin Marinas
2009-09-21 8:49 ` Catalin Marinas
2009-09-21 8:54 ` Russell King - ARM Linux
2009-09-21 9:44 ` Catalin Marinas
2009-09-21 10:07 ` Russell King - ARM Linux
2009-09-21 10:42 ` Catalin Marinas
2009-09-21 20:10 ` Jamie Lokier
2009-09-21 21:26 ` Russell King - ARM Linux
2009-09-21 22:14 ` Catalin Marinas
2009-09-21 22:25 ` Jamie Lokier
2009-09-22 8:43 ` Catalin Marinas
2009-09-21 21:58 ` Catalin Marinas
2009-09-21 22:12 ` Jamie Lokier
2009-09-21 22:31 ` Russell King - ARM Linux
2009-09-21 22:34 ` Catalin Marinas
2009-09-21 21:38 ` Russell King - ARM Linux
2009-09-21 22:28 ` Catalin Marinas
2009-09-21 22:37 ` Jamie Lokier
2009-09-21 22:33 ` Jamie Lokier
2009-09-22 9:21 ` Catalin Marinas
2009-09-22 10:19 ` Catalin Marinas
2009-09-22 17:17 ` Catalin Marinas
2009-09-23 6:03 ` Dirk Behme
2009-09-23 9:13 ` Catalin Marinas
2009-09-23 10:38 ` Catalin Marinas
2009-09-23 12:12 ` Mikael Pettersson
2009-09-23 12:42 ` Russell King - ARM Linux
2009-09-23 12:51 ` Catalin Marinas
2009-09-23 12:55 ` Catalin Marinas
2009-10-15 14:57 ` Russell King - ARM Linux
2009-10-15 15:20 ` Catalin Marinas
2009-10-15 15:28 ` Russell King - ARM Linux
2009-10-15 15:56 ` Catalin Marinas
2009-10-20 11:39 ` Catalin Marinas
2009-10-25 13:39 ` Russell King - ARM Linux [this message]
2009-10-26 18:40 ` Catalin Marinas
2009-10-25 14:48 ` Russell King - ARM Linux
2009-10-26 18:45 ` Catalin Marinas
2009-10-26 19:17 ` Russell King - ARM Linux
2009-10-15 15:48 ` Dirk Behme
2009-10-15 15:53 ` Catalin Marinas
2009-10-25 13:04 ` Russell King - ARM Linux
2009-10-26 18:18 ` Catalin Marinas
2009-09-20 22:02 ` Catalin Marinas
2009-09-22 5:44 ` Shilimkar, Santosh
2009-09-22 9:01 ` Catalin Marinas
2009-09-22 9:34 ` Shilimkar, Santosh
[not found] ` <1249981883.27150.14.camel@pc1117.cambridge.arm.com>
[not found] ` <4A818CBC.8040000@googlemail.com>
[not found] ` <1250006770.30628.1.camel@pc1117.cambridge.arm.com>
[not found] ` <4A819C54.3080606@googlemail.com>
[not found] ` <1250009043.30628.9.camel@pc1117.cambridge.arm.com>
[not found] ` <87ab25vazg.fsf@brigitte.kvy.fi>
[not found] ` <1250080338.20332.32.camel@pc1117.cambridge.arm.com>
[not found] ` <87k518yc8a.fsf@brigitte.kvy.fi>
2009-09-11 9:21 ` smsc911x.c driver and SMP (was Re: Kernel related (?) user space crash at ARM11 MPCore) Catalin Marinas
2009-09-11 12:55 ` Bill Gatliff
2009-09-11 13:00 ` Catalin Marinas
2009-09-11 15:20 ` Bill Gatliff
2009-09-11 16:06 ` Catalin Marinas
2009-10-06 6:12 ` smsc911x.c driver and SMP Antti P Miettinen
2010-08-31 0:07 ` Shinya Kuribayashi
2010-08-31 6:22 ` Antti P Miettinen
2010-08-31 9:10 ` Shinya Kuribayashi
2010-08-31 8:33 ` Catalin Marinas
2010-08-31 8:42 ` Shinya Kuribayashi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091025133918.GB32406@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).