Re: [PATCH 2/7] x86,tlb: leave lazy TLB mode at page table free time

From: Andy Lutomirski
Date: Wed Aug 15 2018 - 21:55:07 EST

Next message: Sergey Senozhatsky: "Re: [PATCH] zram: fix bug storing backing_dev"
Previous message: Ryan Lee: "[PATCH] ASoC: max98373: Added speaker FS gain cotnrol register to volatile."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 16, 2018 at 12:03 PM, Rik van Riel <riel@xxxxxxxxxxx> wrote:
> Andy discovered that speculative memory accesses while in lazy
> TLB mode can crash a system, when a CPU tries to dereference a
> speculative access using memory contents that used to be valid
> page table memory, but have since been reused for something else
> and point into la-la land.

Hi Rik-

I was looking through this, and I see:

> -static void tlb_remove_table_one(void *table)
> +static void tlb_remove_table_one(void *table, struct mmu_gather *tlb)
> {
> /*
> * This isn't an RCU grace period and hence the page-tables cannot be
> @@ -344,7 +348,7 @@ static void tlb_remove_table_one(void *table)
> * It is however sufficient for software page-table walkers that rely on
> * IRQ disabling. See the comment near struct mmu_table_batch.
> */
> - smp_call_function(tlb_remove_table_smp_sync, NULL, 1);
> + smp_call_function(tlb_remove_table_smp_sync, tlb->mm, 1);
> __tlb_remove_table(table);
> }

But tlb_remove_table() doesn't always call tlb_remove_table_one(). Do
the other paths through tlb_remove_table() do the right thing?

--Andy

Next message: Sergey Senozhatsky: "Re: [PATCH] zram: fix bug storing backing_dev"
Previous message: Ryan Lee: "[PATCH] ASoC: max98373: Added speaker FS gain cotnrol register to volatile."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]