Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4308657pxu;
        Tue, 1 Dec 2020 01:31:26 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxNnKH4ZSRoH8OTtIG9tJ1AbfuCQovhX69dToc0L84UareXBZNde3F6SS3a6n6mYT8KjdCf
X-Received: by 2002:a17:906:4881:: with SMTP id v1mr1989165ejq.465.1606815085910;
        Tue, 01 Dec 2020 01:31:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606815085; cv=none;
        d=google.com; s=arc-20160816;
        b=INYkaXmAO423Rp++ze8JmNmawd+QHveMYpK8dkWBE4o7NEKoNrfoQAa48fjlM70OmC
         stX1SxDHnp91h/P7NJTuC9NFrUFwXY9Y1sXDSfs5rG1j1A06O61XEnj19EcbCoG4CKdX
         V5krRJ6AmesxDwcHW27TTFzifD2CV/DPXVt3C/s9q2YwLioPxt24KjJyKkRJ0Uce77uL
         1pGatHQ1RgAXTsC9ebHPko+ifTyh0nuECNrR9dckFc0VmPH2RCVcg6pV0fNSvvDiuleX
         iDx8tMS9u7z1EjNTzeQPzeey95pfsX/UF5G7WqFHLoAcAskv2tQ2NwbK2MRdhZMoiqpq
         xeEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Y8hPqpRe5g4SCPZySwxsglRuGJrRucQQokouXZvlCB0=;
        b=0JXKUrDtauN8IW7FgZUd18pPP+xxVUb/tmFPFL7pNn3aD2qAAN0ZNzeY/ukAvNhZqw
         wuqImrVr2qiBycAc9eU3jst0fsONVrnW5kTjs6Ss5KB+wqsNqN3yE0nfCLsDjJ5hxArO
         aEPgkNYhSmt0MwuXHi9iD3Q+cMExQNCyqrn0nZl/RfxHyA9RCXt0JTpa9DvfWtC0HSfY
         89+wjIbM7SFqDaJueodXbsMZc0iSoeV4F9ocTb3xCdatkDfRqNVrcAZY3LW0an1RMH+R
         RDEKTiOZpW/k+td2aFuSHTbVB/5Ud2ES8XedGat5SX8X6NjX+E9L7/v/+6hOTsKt5auZ
         GG9g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=miZY38ew;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k12si767563edh.105.2020.12.01.01.30.54;
        Tue, 01 Dec 2020 01:31:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=miZY38ew;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727744AbgLAJBe (ORCPT <rfc822;shibaboy@gmail.com> + 99 others);
        Tue, 1 Dec 2020 04:01:34 -0500
Received: from mail.kernel.org ([198.145.29.99]:38000 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388560AbgLAJB3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Dec 2020 04:01:29 -0500
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A894221D46;
        Tue,  1 Dec 2020 09:00:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1606813249;
        bh=dVPnQjDjmXv6L/ox+DJPRXZQavDEhA075JQMin/ppmY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=miZY38ewIfv2M77Khv3dgG+eskTEbUFljV/NnOAQO0++qsZtYPsbSXI/BQCI3MoSB
         SL54Gg7z0Rlsjh97agqifu8OncmENjVKfdD9t29Bl3Q54/g0jl7EyZhirAGqv3Z23y
         SQHkyqXifiUs2/Yac904UY+YzCmne3PKD6CGKhPM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Yu Zhao <yuzhao@google.com>,
        Minchan Kim <minchan@kernel.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Subject: [PATCH 4.19 09/57] arm64: pgtable: Fix pte_accessible()
Date:   Tue,  1 Dec 2020 09:53:14 +0100
Message-Id: <20201201084648.792537970@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201201084647.751612010@linuxfoundation.org>
References: <20201201084647.751612010@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will@kernel.org>

commit 07509e10dcc77627f8b6a57381e878fe269958d3 upstream.

pte_accessible() is used by ptep_clear_flush() to figure out whether TLB
invalidation is necessary when unmapping pages for reclaim. Although our
implementation is correct according to the architecture, returning true
only for valid, young ptes in the absence of racing page-table
modifications, this is in fact flawed due to lazy invalidation of old
ptes in ptep_clear_flush_young() where we elide the expensive DSB
instruction for completing the TLB invalidation.

Rather than penalise the aging path, adjust pte_accessible() to return
true for any valid pte, even if the access flag is cleared.

Cc: <stable@vger.kernel.org>
Fixes: 76c714be0e5e ("arm64: pgtable: implement pte_accessible()")
Reported-by: Yu Zhao <yuzhao@google.com>
Acked-by: Yu Zhao <yuzhao@google.com>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20201120143557.6715-2-will@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/pgtable.h |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -107,8 +107,6 @@ extern unsigned long empty_zero_page[PAG
 #define pte_valid(pte)		(!!(pte_val(pte) & PTE_VALID))
 #define pte_valid_not_user(pte) \
 	((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
-#define pte_valid_young(pte) \
-	((pte_val(pte) & (PTE_VALID | PTE_AF)) == (PTE_VALID | PTE_AF))
 #define pte_valid_user(pte) \
 	((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
 
@@ -116,9 +114,12 @@ extern unsigned long empty_zero_page[PAG
  * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
  * so that we don't erroneously return false for pages that have been
  * remapped as PROT_NONE but are yet to be flushed from the TLB.
+ * Note that we can't make any assumptions based on the state of the access
+ * flag, since ptep_clear_flush_young() elides a DSB when invalidating the
+ * TLB.
  */
 #define pte_accessible(mm, pte)	\
-	(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid_young(pte))
+	(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid(pte))
 
 /*
  * p??_access_permitted() is true for valid user mappings (subject to the