From: lauraa@codeaurora.org (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC][PATCH] arm: highmem: Add support for flushing kmap_atomic mappings
Date: Mon, 08 Apr 2013 11:18:46 -0700 [thread overview]
Message-ID: <51630A06.90702@codeaurora.org> (raw)
In-Reply-To: <alpine.LFD.2.03.1304061006530.1171@syhkavp.arg>
On 4/6/2013 7:22 AM, Nicolas Pitre wrote:
> On Fri, 5 Apr 2013, Laura Abbott wrote:
>
>> The highmem code provides kmap_flush_unused to ensure all kmap
>> mappings are really removed if they are used. This code does not
>
> You meant "if they are *not* used", right?
>
Yes, missed a word there
>> handle kmap_atomic mappings since they are managed separately.
>> This prevents an issue for any code which relies on having absolutely
>> no mappings for a particular page. Rather than pay the penalty of
>> having CONFIG_DEBUG_HIGHMEM on all the time, add functionality
>> to remove the kmap_atomic mappings in a similar way to kmap_flush_unused.
>
> Could you elaborate on that code that relies on having absolutely no
> mappings for a particular page please?
>
We have a use case where we pass memory to trustzone to have it
protected such that the non-secure environment may not read or write
that memory. The protecting/unprotecting can happen at runtime. If there
are any valid mappings in the page tables, the CPU is free to
speculatively access that memory. If the CPU speculates into a protected
region while in the non-secure world, we get a fault violation.
Essentially this means that even if we reserve the memory at bootup time
with memblock_reserve, if the memory was ever previously mapped with
kmap_atomic (to flush caches for example) we could still end up with
stray mappings which can lead to faults.
In general, it seems like this is missing functionality from the
intended behavior of kmap_flush_unused which is to get rid of all stray
mappings.
>> This is intended to be an RFC to make sure this approach is
>> reasonable. The goal is to have kmap_atomic_flush_unused be a public
>> API.
>
> The clearing code is going to be costly since you do a
> set_top_pte(vaddr, __pte(0)) unconditionally on the whole range,
> regardless if the PTE is already set to 0.
>
Good point. I'll add a check for that.
> Using it via an hotplug callback is rather strange, but I'm assuming
> that this was only for testing?
>
The hotplug callback is needed because we clear the mappings per-CPU. If
a CPU is hotplugged out with stray mappings they will not be cleared
since on_each_cpu only works on online CPUs.
>
> Nicolas
>
Thanks,
Laura
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2013-04-08 18:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-05 21:42 [RFC][PATCH] arm: highmem: Add support for flushing kmap_atomic mappings Laura Abbott
2013-04-06 14:22 ` Nicolas Pitre
2013-04-08 18:18 ` Laura Abbott [this message]
2013-04-19 16:40 ` Russell King - ARM Linux
2013-04-22 17:47 ` Laura Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51630A06.90702@codeaurora.org \
--to=lauraa@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).