Re: [RFC][PATCH 4/6] arm, mm: Convert arm to generic tlb

From: Catalin Marinas
Date: Thu May 17 2012 - 08:15:16 EST

Next message: Fengguang Wu: "0day kernel testing back-end"
Previous message: Artem Bityutskiy: "Re: [PATCH 1/7] [RFC] UBI: Export next_sqnum()"
In reply to: Peter Zijlstra: "Re: [RFC][PATCH 4/6] arm, mm: Convert arm to generic tlb"
Next in thread: Catalin Marinas: "Re: [RFC][PATCH 4/6] arm, mm: Convert arm to generic tlb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 17, 2012 at 12:28:06PM +0100, Peter Zijlstra wrote:
> On Thu, 2012-05-17 at 10:51 +0100, Russell King wrote:
> > On Thu, May 17, 2012 at 10:30:23AM +0100, Catalin Marinas wrote:
> > > Another minor thing is that on newer ARM processors (Cortex-A15) we
> > > need the TLB shootdown even on UP systems, so tlb_fast_mode should
> > > always return 0. Something like below (untested):
> >
> > No Catalin, we need this for virtually all ARMv7 CPUs whether they're UP
> > or SMP, not just for A15, because of the speculative prefetch which can
> > re-load TLB entries from the page tables at _any_ time.
>
> Hmm,. so this is mostly because of the confusion/coupling between
> tlb_remove_page() and tlb_remove_table() I guess. Since I don't see the
> freeing of the actual pages being a problem with speculative TLB
> reloads, just the page-tables.

The TLB on newer ARM cores can cache intermediate entries (e.g. pmd) as
long as they are valid, even if the full translation is not possible
(e.g. because the pte entry is 0). With fast_mode, this could lead to
the MMU reading the already freed pte page as it was pointed at by the
old pmd.

Older ARMv7 CPUs (Cortex-A8), don't do this intermediate caching and UP
should be fine with fast_mode==1 as we already track the pte range via
tlb_remove_tlb_entry(). The MMU on ARM is treated like any another agent
that accesses the memory, so standard memory ordering issues apply In
theory Linux can clear the pmd, free the page and it is re-used shortly
after while the MMU hasn't observed the pmd_clear() yet (we don't have a
barrier in this function).

> Should we introduce a tlb_remove_table() regardless of
> HAVE_RCU_TABLE_FREE which always queues the tables regardless of
> tlb_fast_mode()?

This would probably work as well (or we just add support for
HAVE_RCU_TABLE_FREE on ARM).

--
Catalin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fengguang Wu: "0day kernel testing back-end"
Previous message: Artem Bityutskiy: "Re: [PATCH 1/7] [RFC] UBI: Export next_sqnum()"
In reply to: Peter Zijlstra: "Re: [RFC][PATCH 4/6] arm, mm: Convert arm to generic tlb"
Next in thread: Catalin Marinas: "Re: [RFC][PATCH 4/6] arm, mm: Convert arm to generic tlb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]