Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1614603imm; Wed, 15 Aug 2018 22:49:17 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzelhBWdki+Jx8C/w5XYG1fMH1OatK+S58pECLVXuiHg3sFYBtR+/Bx0kaFibF4TFfC6kkJ X-Received: by 2002:a62:2646:: with SMTP id m67-v6mr30976667pfm.254.1534398556953; Wed, 15 Aug 2018 22:49:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534398556; cv=none; d=google.com; s=arc-20160816; b=H6xaOVB2pJdgQSrPSSIqJ0CqoTpaAr7poqMkNAUyqBddfjO8euIRYci/ykElDH6DLX jCLdFLw1koC8iRtpioILWISqgryZyDp4tQPsEODgLpjZTp9QMWGOAffOtFz2iUxvvH3Y zYr4vDs3pBEaDqlsNY2AtGmAmfm3l8QwN1OiMUehRluMsji8NMTGEiSRilz6+lxp2+hV myVoynQhlkuEfXXVKDDKlg/D3zSHcCkfZ24yStx0z4GPK8vxQ0KaOV/vw6mPHfyLL/SW /7V2/bPfhjq6PkmvVrqtGj5L64JsxZKfmJGOMGXcURHBg8y1KpUTbk5abYmyne9xcs+T otog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=LKoO9eSN0G8IZTJuNp00PhSlWRC6/jYaE4eRsV71nlc=; b=RwV3DM+jOy0myVbdpkyvd4XqBWgM0N+sQK6iIL2dGmbcxTl1OqQWrKphFLSV87J1WJ cVts+g4PUAfbkukwTNLCq67uNPPL9OCcEH1FeAl6E4akEFcMWHTK7XZPmhdeaVrz9PoB B5d6CV/eC1W9hAg8VxDixp3K0YEobtsl1coBE9cvz9fSzxBk17FOZVWDzwRFaovL/6lJ OutKaZotIqGs2D77kqKxStjf19HI0OCC7WCNhpcEbPRndhYDgVNJQA3o+zYvFQSAIsY6 7QAaO8253eWJbVuGUY3WIe3w/OJLup7NA16pGC2aTSgFidel2Nwkswna/WbItb4PbimJ Ohkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i0AlZAkQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cb1-v6si21689357plb.128.2018.08.15.22.48.50; Wed, 15 Aug 2018 22:49:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i0AlZAkQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387516AbeHPEuC (ORCPT + 99 others); Thu, 16 Aug 2018 00:50:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:45262 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727233AbeHPEuB (ORCPT ); Thu, 16 Aug 2018 00:50:01 -0400 Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3F605208E5 for ; Thu, 16 Aug 2018 01:55:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1534384504; bh=oataPW0xsz541UBVQnFcTyY7H4mr7x8BSqHkeai5ASw=; h=In-Reply-To:References:From:Date:Subject:To:Cc:From; b=i0AlZAkQnJmMCGTO6C6bfrdDXUksfItU48RXnsUP0yozxcsOe3Qx6pvx6soKOdOfe nJfTimZ7wd5TigItDEAvGwZrWJGKgOUTzAh0dbcuozsWxvUi4e7YiZ9V5IrSVjhSgD /Cj74lsEy/xT1/PYJIw0+t8RvzMIgSuw8gMAPAIg= Received: by mail-wr1-f42.google.com with SMTP id h10-v6so2662019wre.6 for ; Wed, 15 Aug 2018 18:55:04 -0700 (PDT) X-Gm-Message-State: AOUpUlH7JaXQcNb882wdmISF09LwtoM+lMZWLw3JD7FJOuPSMgrMTsFc vKHM2FaoDYi+hBnndHSiwaxn2nLm7OHVyRzlPkRfdg== X-Received: by 2002:adf:eec9:: with SMTP id a9-v6mr18390596wrp.21.1534384502615; Wed, 15 Aug 2018 18:55:02 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:548:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 18:54:42 -0700 (PDT) In-Reply-To: <20180716190337.26133-3-riel@surriel.com> References: <20180716190337.26133-1-riel@surriel.com> <20180716190337.26133-3-riel@surriel.com> From: Andy Lutomirski Date: Wed, 15 Aug 2018 18:54:42 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/7] x86,tlb: leave lazy TLB mode at page table free time To: Rik van Riel Cc: LKML , X86 ML , Andrew Lutomirski , Mike Galbraith , kernel-team , Ingo Molnar , Dave Hansen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 16, 2018 at 12:03 PM, Rik van Riel wrote: > Andy discovered that speculative memory accesses while in lazy > TLB mode can crash a system, when a CPU tries to dereference a > speculative access using memory contents that used to be valid > page table memory, but have since been reused for something else > and point into la-la land. Hi Rik- I was looking through this, and I see: > -static void tlb_remove_table_one(void *table) > +static void tlb_remove_table_one(void *table, struct mmu_gather *tlb) > { > /* > * This isn't an RCU grace period and hence the page-tables cannot be > @@ -344,7 +348,7 @@ static void tlb_remove_table_one(void *table) > * It is however sufficient for software page-table walkers that rely on > * IRQ disabling. See the comment near struct mmu_table_batch. > */ > - smp_call_function(tlb_remove_table_smp_sync, NULL, 1); > + smp_call_function(tlb_remove_table_smp_sync, tlb->mm, 1); > __tlb_remove_table(table); > } But tlb_remove_table() doesn't always call tlb_remove_table_one(). Do the other paths through tlb_remove_table() do the right thing? --Andy