| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 May 2019 11:35:55 -0700
From: Yang Shi <yang.shi@...ux.alibaba.com>
To: Peter Zijlstra <peterz@...radead.org>,
Will Deacon <will.deacon@....com>
Cc: jstancek@...hat.com, akpm@...ux-foundation.org,
stable@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, aneesh.kumar@...ux.vnet.ibm.com,
npiggin@...il.com, namit@...are.com, minchan@...nel.org,
Mel Gorman <mgorman@...e.de>
Subject: Re: [PATCH] mm: mmu_gather: remove __tlb_reset_range() for force
flush
On 5/9/19 3:54 AM, Peter Zijlstra wrote:
> On Thu, May 09, 2019 at 12:38:13PM +0200, Peter Zijlstra wrote:
>
>> That's tlb->cleared_p*, and yes agreed. That is, right until some
>> architecture has level dependent TLBI instructions, at which point we'll
>> need to have them all set instead of cleared.
>> Anyway; am I correct in understanding that the actual problem is that
>> we've cleared freed_tables and the ARM64 tlb_flush() will then not
>> invalidate the cache and badness happens?
>>
>> Because so far nobody has actually provided a coherent description of
>> the actual problem we're trying to solve. But I'm thinking something
>> like the below ought to do.
> There's another 'fun' issue I think. For architectures like ARM that
> have range invalidation and care about VM_EXEC for I$ invalidation, the
> below doesn't quite work right either.
>
> I suspect we also have to force: tlb->vma_exec = 1.
Isn't the below code in tlb_flush enough to guarantee this?
...
} else if (tlb->end) {
struct vm_area_struct vma = {
.vm_mm = tlb->mm,
.vm_flags = (tlb->vma_exec ? VM_EXEC : 0) |
(tlb->vma_huge ? VM_HUGETLB : 0),
};
...
>
> And I don't think there's an architecture that cares, but depending on
> details I can construct cases where any setting of tlb->vm_hugetlb is
> wrong, so that is _awesome_. But I suspect the sane thing for now is to
> force it 0.
>
>> diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c
>> index 99740e1dd273..fe768f8d612e 100644
>> --- a/mm/mmu_gather.c
>> +++ b/mm/mmu_gather.c
>> @@ -244,15 +244,20 @@ void tlb_finish_mmu(struct mmu_gather *tlb,
>> unsigned long start, unsigned long end)
>> {
>> /*
>> - * If there are parallel threads are doing PTE changes on same range
>> - * under non-exclusive lock(e.g., mmap_sem read-side) but defer TLB
>> - * flush by batching, a thread has stable TLB entry can fail to flush
>> - * the TLB by observing pte_none|!pte_dirty, for example so flush TLB
>> - * forcefully if we detect parallel PTE batching threads.
>> + * Sensible comment goes here..
>> */
>> - if (mm_tlb_flush_nested(tlb->mm)) {
>> - __tlb_reset_range(tlb);
>> - __tlb_adjust_range(tlb, start, end - start);
>> + if (mm_tlb_flush_nested(tlb->mm) && !tlb->full_mm) {
>> + /*
>> + * Since we're can't tell what we actually should have
>> + * flushed flush everything in the given range.
>> + */
>> + tlb->start = start;
>> + tlb->end = end;
>> + tlb->freed_tables = 1;
>> + tlb->cleared_ptes = 1;
>> + tlb->cleared_pmds = 1;
>> + tlb->cleared_puds = 1;
>> + tlb->cleared_p4ds = 1;
>> }
>>
>> tlb_flush_mmu(tlb);
Powered by blists - more mailing lists