[PATCH] Flush dcache before writing into page to avoid alias

[PATCH] Flush dcache before writing into page to avoid alias

[anfei zhou]

The cache alias problem will happen if the changes of user shared mapping
is not flushed before copying, then user and kernel mapping may be mapped
into two different cache line, it is impossible to guarantee the coherence
after iov_iter_copy_from_user_atomic.  So the right steps should be:
	flush_dcache_page(page);
	kmap_atomic(page);
	write to page;
	kunmap_atomic(page);
	flush_dcache_page(page);
More precisely, we might create two new APIs flush_dcache_user_page and
flush_dcache_kern_page to replace the two flush_dcache_page accordingly.

Here is a snippet tested on omap2430 with VIPT cache, and I think it is
not ARM-specific:
	int val = 0x11111111;
	fd = open("abc", O_RDWR);
	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
	*(addr+0) = 0x44444444;
	tmp = *(addr+0);
	*(addr+1) = 0x77777777;
	write(fd, &val, sizeof(int));
	close(fd);
The results are not always 0x11111111 0x77777777 at the beginning as expected.

Signed-off-by: Anfei <anfei.zhou@gmail.com>
---
 fs/fuse/file.c |    3 +++
 mm/filemap.c   |    3 +++
 2 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index c18913a..a9f5e13 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -828,6 +828,9 @@ static ssize_t fuse_fill_write_pages(struct fuse_req *req,
 		if (!page)
 			break;

+		if (mapping_writably_mapped(mapping))
+			flush_dcache_page(page);
+
 		pagefault_disable();
 		tmp = iov_iter_copy_from_user_atomic(page, ii, offset, bytes);
 		pagefault_enable();
diff --git a/mm/filemap.c b/mm/filemap.c
index 96ac6b0..07056fb 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2196,6 +2196,9 @@ again:
 		if (unlikely(status))
 			break;

+		if (mapping_writably_mapped(mapping))
+			flush_dcache_page(page);
+
 		pagefault_disable();
 		copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
 		pagefault_enable();
-- 
1.6.3.1

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[anfei]

Hi Andrew,

On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
> The cache alias problem will happen if the changes of user shared mapping
> is not flushed before copying, then user and kernel mapping may be mapped
> into two different cache line, it is impossible to guarantee the coherence
> after iov_iter_copy_from_user_atomic.  So the right steps should be:
> 	flush_dcache_page(page);
> 	kmap_atomic(page);
> 	write to page;
> 	kunmap_atomic(page);
> 	flush_dcache_page(page);
> More precisely, we might create two new APIs flush_dcache_user_page and
> flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
> 
> Here is a snippet tested on omap2430 with VIPT cache, and I think it is
> not ARM-specific:
> 	int val = 0x11111111;
> 	fd = open("abc", O_RDWR);
> 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> 	*(addr+0) = 0x44444444;
> 	tmp = *(addr+0);
> 	*(addr+1) = 0x77777777;
> 	write(fd, &val, sizeof(int));
> 	close(fd);
> The results are not always 0x11111111 0x77777777 at the beginning as expected.
> 
Is this a real bug or not necessary to support?

Thanks,
Anfei.

> Signed-off-by: Anfei <anfei.zhou@gmail.com>
> ---
>  fs/fuse/file.c |    3 +++
>  mm/filemap.c   |    3 +++
>  2 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index c18913a..a9f5e13 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -828,6 +828,9 @@ static ssize_t fuse_fill_write_pages(struct fuse_req *req,
>  		if (!page)
>  			break;
> 
> +		if (mapping_writably_mapped(mapping))
> +			flush_dcache_page(page);
> +
>  		pagefault_disable();
>  		tmp = iov_iter_copy_from_user_atomic(page, ii, offset, bytes);
>  		pagefault_enable();
> diff --git a/mm/filemap.c b/mm/filemap.c
> index 96ac6b0..07056fb 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -2196,6 +2196,9 @@ again:
>  		if (unlikely(status))
>  			break;
> 
> +		if (mapping_writably_mapped(mapping))
> +			flush_dcache_page(page);
> +
>  		pagefault_disable();
>  		copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
>  		pagefault_enable();
> -- 
> 1.6.3.1

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[Andrew Morton]

On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@gmail.com> wrote:

> Hi Andrew,
> 
> On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
> > The cache alias problem will happen if the changes of user shared mapping
> > is not flushed before copying, then user and kernel mapping may be mapped
> > into two different cache line, it is impossible to guarantee the coherence
> > after iov_iter_copy_from_user_atomic.  So the right steps should be:
> > 	flush_dcache_page(page);
> > 	kmap_atomic(page);
> > 	write to page;
> > 	kunmap_atomic(page);
> > 	flush_dcache_page(page);
> > More precisely, we might create two new APIs flush_dcache_user_page and
> > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
> > 
> > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
> > not ARM-specific:
> > 	int val = 0x11111111;
> > 	fd = open("abc", O_RDWR);
> > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> > 	*(addr+0) = 0x44444444;
> > 	tmp = *(addr+0);
> > 	*(addr+1) = 0x77777777;
> > 	write(fd, &val, sizeof(int));
> > 	close(fd);
> > The results are not always 0x11111111 0x77777777 at the beginning as expected.
> > 
> Is this a real bug or not necessary to support?

Bug.  If variable `addr' has type int* then the contents of that file
should be 0x11111111 0x77777777.  You didn't tell us what the contents
were in the incorrect case, but I guess it doesn't matter.


--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[Russell King - ARM Linux]

On Mon, Jan 25, 2010 at 11:58:14AM -0800, Andrew Morton wrote:
> On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@gmail.com> wrote:
> 
> > Hi Andrew,
> > 
> > On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
> > > The cache alias problem will happen if the changes of user shared mapping
> > > is not flushed before copying, then user and kernel mapping may be mapped
> > > into two different cache line, it is impossible to guarantee the coherence
> > > after iov_iter_copy_from_user_atomic.  So the right steps should be:
> > > 	flush_dcache_page(page);
> > > 	kmap_atomic(page);
> > > 	write to page;
> > > 	kunmap_atomic(page);
> > > 	flush_dcache_page(page);
> > > More precisely, we might create two new APIs flush_dcache_user_page and
> > > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
> > > 
> > > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
> > > not ARM-specific:
> > > 	int val = 0x11111111;
> > > 	fd = open("abc", O_RDWR);
> > > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
> > > 	*(addr+0) = 0x44444444;
> > > 	tmp = *(addr+0);
> > > 	*(addr+1) = 0x77777777;
> > > 	write(fd, &val, sizeof(int));
> > > 	close(fd);
> > > The results are not always 0x11111111 0x77777777 at the beginning as expected.
> > > 
> > Is this a real bug or not necessary to support?
> 
> Bug.  If variable `addr' has type int* then the contents of that file
> should be 0x11111111 0x77777777.  You didn't tell us what the contents
> were in the incorrect case, but I guess it doesn't matter.

FYI, from a previous email from anfei:

0x44444444 0x77777777

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[anfei zhou]

On Tue, Jan 26, 2010 at 3:58 AM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@gmail.com> wrote:
>
>> Hi Andrew,
>>
>> On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
>> > The cache alias problem will happen if the changes of user shared mapping
>> > is not flushed before copying, then user and kernel mapping may be mapped
>> > into two different cache line, it is impossible to guarantee the coherence
>> > after iov_iter_copy_from_user_atomic.  So the right steps should be:
>> >     flush_dcache_page(page);
>> >     kmap_atomic(page);
>> >     write to page;
>> >     kunmap_atomic(page);
>> >     flush_dcache_page(page);
>> > More precisely, we might create two new APIs flush_dcache_user_page and
>> > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
>> >
>> > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
>> > not ARM-specific:
>> >     int val = 0x11111111;
>> >     fd = open("abc", O_RDWR);
>> >     addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
>> >     *(addr+0) = 0x44444444;
>> >     tmp = *(addr+0);
>> >     *(addr+1) = 0x77777777;
>> >     write(fd, &val, sizeof(int));
>> >     close(fd);
>> > The results are not always 0x11111111 0x77777777 at the beginning as expected.
>> >
>> Is this a real bug or not necessary to support?
>
> Bug.  If variable `addr' has type int* then the contents of that file
> should be 0x11111111 0x77777777.  You didn't tell us what the contents
> were in the incorrect case, but I guess it doesn't matter.
>
Sorry, I didn't give the details, here is the old thread with more details:
  http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-01/msg07124.html

Regards,
Anfei.
>
>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[Sebastian Andrzej Siewior]

* Russell King - ARM Linux | 2010-01-25 20:00:04 [+0000]:

>On Mon, Jan 25, 2010 at 11:58:14AM -0800, Andrew Morton wrote:
>> On Mon, 25 Jan 2010 21:33:08 +0800 anfei <anfei.zhou@gmail.com> wrote:
>> 
>> > Hi Andrew,
>> > 
>> > On Thu, Jan 21, 2010 at 01:07:57PM +0800, anfei zhou wrote:
>> > > The cache alias problem will happen if the changes of user shared mapping
>> > > is not flushed before copying, then user and kernel mapping may be mapped
>> > > into two different cache line, it is impossible to guarantee the coherence
>> > > after iov_iter_copy_from_user_atomic.  So the right steps should be:
>> > > 	flush_dcache_page(page);
>> > > 	kmap_atomic(page);
>> > > 	write to page;
>> > > 	kunmap_atomic(page);
>> > > 	flush_dcache_page(page);
>> > > More precisely, we might create two new APIs flush_dcache_user_page and
>> > > flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
>> > > 
>> > > Here is a snippet tested on omap2430 with VIPT cache, and I think it is
>> > > not ARM-specific:
>> > > 	int val = 0x11111111;
>> > > 	fd = open("abc", O_RDWR);
>> > > 	addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
>> > > 	*(addr+0) = 0x44444444;
>> > > 	tmp = *(addr+0);
>> > > 	*(addr+1) = 0x77777777;
>> > > 	write(fd, &val, sizeof(int));
>> > > 	close(fd);
>> > > The results are not always 0x11111111 0x77777777 at the beginning as expected.
>> > > 
>> > Is this a real bug or not necessary to support?
>> 
>> Bug.  If variable `addr' has type int* then the contents of that file
>> should be 0x11111111 0x77777777.  You didn't tell us what the contents
>> were in the incorrect case, but I guess it doesn't matter.
>
>FYI, from a previous email from anfei:
>
>0x44444444 0x77777777

I just wanted to query what the status of this patch is. This patch
seems to fix a real bug which causes a test suite to fail on ARM [0].
The test suite passes on my VIVT ARM with this patch.

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524003

Sebastian

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] Flush dcache before writing into page to avoid alias

[Andrew Morton]

On Wed, 27 Jan 2010 22:59:59 +0100
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> wrote:

> I just wanted to query what the status of this patch is. This patch
> seems to fix a real bug which causes a test suite to fail on ARM [0].
> The test suite passes on my VIVT ARM with this patch.
> 
> [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524003

I have it queued for 2.6.33, backportable to 2.6.32.x, assuming that
nobody sees any issues with it.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>