| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180729155451.7a1eb1a5@imladris.surriel.com>
Date: Sun, 29 Jul 2018 15:54:51 -0400
From: Rik van Riel <riel@...riel.com>
To: Andy Lutomirski <luto@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
kernel-team <kernel-team@...com>,
Peter Zijlstra <peterz@...radead.org>, X86 ML <x86@...nel.org>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Ingo Molnar <mingo@...nel.org>, Mike Galbraith <efault@....de>,
Dave Hansen <dave.hansen@...el.com>,
Catalin Marinas <catalin.marinas@....com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>
Subject: [PATCH v2 10/11] x86,tlb: really leave mm on shootdown
On Sat, 28 Jul 2018 21:21:17 -0700
Andy Lutomirski <luto@...nel.org> wrote:
> On Sat, Jul 28, 2018 at 2:53 PM, Rik van Riel <riel@...riel.com> wrote:
> > Conditionally skip lazy TLB mm refcounting. When an architecture has
> > CONFIG_ARCH_NO_ACTIVE_MM_REFCOUNTING enabled, an mm that is used in
> > lazy TLB mode anywhere will get shot down from exit_mmap, and there
> > in no need to incur the cache line bouncing overhead of refcounting
> > a lazy TLB mm.
>
> Unless I've misunderstood something, this patch results in idle tasks
> whose active_mm has been freed still having active_mm pointing at
> freed memory.
Below (plus the next email) should fix the bug you pointed
out, in a somewhat non-invasive way. Patches have survived
a few simple tests on my test system, I have not thrown a
full load at them yet.
I would like to save the full rewrite to remove ->active_mm
for a later series, because this is already as much churn
as I am comfortable with for this code :)
---8<---
Author: Rik van Riel <riel@...riel.com>
Subject: [PATCH 10/11] x86,tlb: really leave mm on shootdown
When getting an mm shot down from under us in lazy TLB mode, don't
just switch the TLB over to the init_mm page tables, but really drop
our references to the lazy TLB mm.
This allows for faster (instant) freeing of a lazy TLB mm, which is
a precondition to getting rid of the refcounting of mms in lazy TLB mode.
Signed-off-by: Rik van Riel <riel@...riel.com>
---
arch/x86/mm/tlb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 7b1add904396..425cb9fa2640 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -140,6 +140,8 @@ void leave_mm(void *dummy)
WARN_ON(!this_cpu_read(cpu_tlbstate.is_lazy));
switch_mm(NULL, &init_mm, NULL);
+ current->active_mm = &init_mm;
+ mmdrop(loaded_mm);
}
EXPORT_SYMBOL_GPL(leave_mm);
@@ -483,6 +485,8 @@ static void flush_tlb_func_common(const struct flush_tlb_info *f,
* IPIs to lazy TLB mode CPUs.
*/
switch_mm_irqs_off(NULL, &init_mm, NULL);
+ current->active_mm = &init_mm;
+ mmdrop(loaded_mm);
return;
}
--
2.14.4
Powered by blists - more mailing lists