Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp3492195imj; Tue, 19 Feb 2019 04:35:11 -0800 (PST) X-Google-Smtp-Source: AHgI3Ibg015I/sAyYk8aBqFpGNJ9Em4g01P/GQSk7ka4PxwWsNtkqOstFptR3FhmxCVFlfJHlQMw X-Received: by 2002:a62:8dd9:: with SMTP id p86mr28889668pfk.143.1550579711743; Tue, 19 Feb 2019 04:35:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550579711; cv=none; d=google.com; s=arc-20160816; b=Alq6VTqtV5CtZ4v2P7gs2yEiXGB+0z5xF6ZJgOcrTabe9uOGUyyQ0L0QQZSELxzAat W2ZfQeSore19ULnspg/HVi4gS+afxU3Z6OQW4F9tubT5h3+puo2vRO1rIIT9DSKLxPir IBcdbSkCxdUxwDkrkQGR2A8no27Z9zfn6/+FZllS4r5XqyEBMOPPk01YLTH3mXGfKnTK oWLcKmn7OQHVvLAL7CznR+1TGrZhYxX8XaRLWZjbeOpSh4MC+gArMxZo3zLfypKGPGn6 gpBj4jtaZ5QNiMlTWiNPuc8HDcRmioF1V8a2N+bMLRB1PRmwePoYi3eDwlziowGURKaD JimA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=mmnpFmKUxANUL/kLhFIKB50P+1U0QzpgwHLTzVifXS8=; b=OL1N0c3dVbFXIlM/nIRSrOcu3YGIqckmezqbGlh8G2IW6UsBR7mQZ+a3QC4tBNho6W MwHJvNeQzoc0267rpG2Dck1+RH2zK4mHmwA0UKy+0pDzVm7mztgJVcXtNZW8DHJhibZV IP8X+2sL+LqwjT7mSDsl30nK8xU3KhDTkb8nbYWJaMp8pVTy+lBr+4ri9tW4sJCOqV5b zcWCWsn5P2g1oS3RfPSdHmENlzDMHqu0nHs6A7U+L9sw4MciT/dEmvhHRnvtbVhWyCJL ZQIE5eIIaRf7h4BbsIOfdPZMkKvCro7NasjcoNF//napwlfYb0RvOprzgyDuDV/bPyy2 4y/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q77si16337154pfi.220.2019.02.19.04.34.53; Tue, 19 Feb 2019 04:35:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727569AbfBSMdx (ORCPT + 99 others); Tue, 19 Feb 2019 07:33:53 -0500 Received: from bastet.se.axis.com ([195.60.68.11]:41316 "EHLO bastet.se.axis.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725772AbfBSMdw (ORCPT ); Tue, 19 Feb 2019 07:33:52 -0500 Received: from localhost (localhost [127.0.0.1]) by bastet.se.axis.com (Postfix) with ESMTP id D4D25184D9; Tue, 19 Feb 2019 13:33:50 +0100 (CET) X-Axis-User: NO X-Axis-NonUser: YES X-Virus-Scanned: Debian amavisd-new at bastet.se.axis.com Received: from bastet.se.axis.com ([IPv6:::ffff:127.0.0.1]) by localhost (bastet.se.axis.com [::ffff:127.0.0.1]) (amavisd-new, port 10024) with LMTP id wdBCkFgbkWvd; Tue, 19 Feb 2019 13:33:48 +0100 (CET) Received: from boulder03.se.axis.com (boulder03.se.axis.com [10.0.8.17]) by bastet.se.axis.com (Postfix) with ESMTPS id 45382184D4; Tue, 19 Feb 2019 13:33:48 +0100 (CET) Received: from boulder03.se.axis.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 141331E06E; Tue, 19 Feb 2019 13:33:48 +0100 (CET) Received: from boulder03.se.axis.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 089711E06A; Tue, 19 Feb 2019 13:33:48 +0100 (CET) Received: from thoth.se.axis.com (unknown [10.0.2.173]) by boulder03.se.axis.com (Postfix) with ESMTP; Tue, 19 Feb 2019 13:33:47 +0100 (CET) Received: from pc32929-1845.se.axis.com (pc32929-1845.se.axis.com [10.88.129.17]) by thoth.se.axis.com (Postfix) with ESMTP id F02401C76; Tue, 19 Feb 2019 13:33:47 +0100 (CET) Received: by pc32929-1845.se.axis.com (Postfix, from userid 20456) id EBF60409B8; Tue, 19 Feb 2019 13:33:47 +0100 (CET) From: Lars Persson To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: linux-mips@vger.kernel.org, Lars Persson Subject: [PATCH] mm: migrate: add missing flush_dcache_page for non-mapped page migrate Date: Tue, 19 Feb 2019 13:32:12 +0100 Message-Id: <20190219123212.29838-1-larper@axis.com> X-Mailer: git-send-email 2.11.0 X-TM-AS-GCONF: 00 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL and SIGSEGV that could not be traced back to a userspace code bug. They had all the magic signs of an I/D cache coherency issue. Now recently we noticed that the /proc/sys/vm/compact_memory interface was quite efficient at provoking this class of userspace crashes. Studying the code in mm/migrate.c there is a distinction made between migrating a page that is mapped at the instant of migration and one that is not mapped. Our problem turned out to be the non-mapped pages. For the non-mapped page the code performs a copy of the page content and all relevant meta-data of the page without doing the required D-cache maintenance. This leaves dirty data in the D-cache of the CPU and on the 1004K cores this data is not visible to the I-cache. A subsequent page-fault that triggers a mapping of the page will happily serve the process with potentially stale code. What about ARM then, this bug should have seen greater exposure? Well ARM became immune to this flaw back in 2010, see commit c01778001a4f ("ARM: 6379/1: Assume new page cache pages have dirty D-cache"). My proposed fix moves the D-cache maintenance inside move_to_new_page to make it common for both cases. Signed-off-by: Lars Persson --- mm/migrate.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index d4fd680be3b0..80fc19e610b5 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -248,10 +248,8 @@ static bool remove_migration_pte(struct page *page, struct vm_area_struct *vma, pte = swp_entry_to_pte(entry); } else if (is_device_public_page(new)) { pte = pte_mkdevmap(pte); - flush_dcache_page(new); } - } else - flush_dcache_page(new); + } #ifdef CONFIG_HUGETLB_PAGE if (PageHuge(new)) { @@ -995,6 +993,13 @@ static int move_to_new_page(struct page *newpage, struct page *page, */ if (!PageMappingFlags(page)) page->mapping = NULL; + + if (unlikely(is_zone_device_page(newpage))) { + if (is_device_public_page(newpage)) + flush_dcache_page(newpage); + } else + flush_dcache_page(newpage); + } out: return rc; -- 2.11.0