From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EBE31EFCE23 for ; Wed, 4 Mar 2026 17:37:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uuyCsr5o+JidLSWRw/91AGUcrNTLFhdmWYvBwfnlct0=; b=j5ErmbKVV8PZZtsT3YEECw44bj OJPKFBvd9nn1gDFnhFHmPmWMUYbx8zSB7rzjQ9Nwo58wvA9TTJU3sPhWh+w9A0RoXdGUruIM4bCzO MzZ/GJPQ5/AehvL3ymxxTMUM2wZ8jvamioU2L5Kjfq84EOxLMIoMCYUK/XSOZJE7eRjiBnSG+8Kev LOvjBkyBLOSHKeZ4bwlGE/9peZxqZz1hJpk1XLkw39h/bTMEY7tve1MQ5RHjNWhLyA+jgdwO+5GUd 58bdnfmh2GLY93ncbVPkg9v/MdWM8/qycGpkmx3m+070SGoNMIbqXPJF68IPuS5bj2I1ZLEbwkrZz 6z/ULchg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1vxqAJ-00000000CMd-13NS; Wed, 04 Mar 2026 17:37:43 +0000 Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1vxqAH-00000000CM6-0CfQ for linux-arm-kernel@lists.infradead.org; Wed, 04 Mar 2026 17:37:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=uuyCsr5o+JidLSWRw/91AGUcrNTLFhdmWYvBwfnlct0=; b=caze7pYFvcyVMiEYXzYpXuTAXQ tdP41ORKTes8QS0ud/mQoCbt/xBsvN79xXVvRHWv7XyfbPUVrV9zRVSNIZCJzkbnKdWbsgC/oyxK7 RSZ73r181y7XF1WFFjBfNnWtVli1OZ0Rkg8Lh6HH8IG3spYaENh+j2UCmHzm5iXRddOKKXLAR7bY2 0lDo3psav2Ty0zNVYaDnfjSgZdeQWxLjWDClJobF0JueVolpH48n2l1f460wqCYYK+riGdDVqlK2y Axv2+7D3yHkzAMQ31ly7/393EV5Bnsh1tR4GolA0TsX6PFuWptCebIbnLuvG/3/PQKhR6OaWzPRLj Cp7X3V2Q==; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2) (envelope-from ) id 1vxqA6-00G7Tn-Ka; Wed, 04 Mar 2026 17:37:30 +0000 Date: Wed, 4 Mar 2026 09:37:25 -0800 From: Breno Leitao To: Piotr Jaroszynski Cc: Ryan Roberts , Will Deacon , Catalin Marinas , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, Alistair Popple , Jason Gunthorpe , John Hubbard , Zi Yan , stable@vger.kernel.org Subject: Re: [PATCH] arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults Message-ID: References: <20260303063751.2531716-1-pjaroszynski@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260303063751.2531716-1-pjaroszynski@nvidia.com> X-Debian-User: leitao X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260304_093741_149450_DA34D6E9 X-CRM114-Status: GOOD ( 14.57 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Mar 02, 2026 at 10:37:51PM -0800, Piotr Jaroszynski wrote: > contpte_ptep_set_access_flags() compared the gathered ptep_get() value > against the requested entry to detect no-ops. ptep_get() ORs AF/dirty > from all sub-PTEs in the CONT block, so a dirty sibling can make the > target appear already-dirty. When the gathered value matches entry, the > function returns 0 even though the target sub-PTE still has PTE_RDONLY > set in hardware. > > For CPU page-table walks this is benign: with FEAT_HAFDBS the hardware > may set AF/dirty on any sub-PTE and the CPU TLB treats the gathered > result as authoritative for the entire range. But an SMMU without HTTU > (or with HA/HD disabled in CD.TCR) evaluates each descriptor > individually and will keep raising F_PERMISSION on the unchanged target > sub-PTE, causing an infinite fault loop. > > Gathering can therefore cause false no-ops when only a sibling has been > updated: > - write faults: target still has PTE_RDONLY (needs PTE_RDONLY cleared) > - read faults: target still lacks PTE_AF > > Fix by checking all sub-PTEs' access flags individually (not via the > gathered view) before returning no-op, and use the raw target PTE for > the write-bit unfold decision. The access-flag mask matches the one > used by __ptep_set_access_flags(). > > Per Arm ARM (DDI 0487) D8.7.1 ("The Contiguous bit"), any sub-PTE in a CONT > range may become the effective cached translation and software must > maintain consistent attributes across the range. > > Fixes: 4602e5757bcc ("arm64/mm: wire up PTE_CONT for user mappings") > > Reviewed-by: Alistair Popple > Cc: Ryan Roberts > Cc: Catalin Marinas > Cc: Will Deacon > Cc: Jason Gunthorpe > Cc: John Hubbard > Cc: Zi Yan > Cc: Breno Leitao > Cc: stable@vger.kernel.org > Signed-off-by: Piotr Jaroszynski Tested-by: Breno Leitao