On Fri, Mar 06, 2009 at 05:26:24PM -0500, Steven Walter wrote:
> I've been tracking down an instance of userspace data corruption, and I
> believe I have found a window during fork where data can be lost. The
> corruption is occurring on an ARMv5 system with VIVT caches. Here's the
> scenario in question. Thread A is forking, Thread B is running in
> userspace:
With VIVT caches, you're missing a few things here:
> Thread A: flush_cache_mm (dup_mmap)
-- cache written back and invalidated
> Thread B: writes to a page in the above mm
-- cache written back and invalidated
> Thread A: pte_wrprotect the above page (copy_one_pte)
-- cache written back and invalidated
> Thread B: writes to the same page again
>
> During thread B's second write, he'll take a fault and enter the do_wp_page
> case. We'll end up calling copy_page, which notably uses the kernel virtual
> addresses for the old and new pages. This means that the new page does not
> necessarily have the data from the first write.
Given the additional flushing I've mentioned above, where could the
problem be?