Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp408974pxu;
        Tue, 1 Dec 2020 14:32:31 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxfof7dVc8yFopvd/exOzuyhds/KYi4yH4rdO6x1oxPZ0PovvPvMpCK4d77xE3BFEoleIti
X-Received: by 2002:a17:906:17d1:: with SMTP id u17mr5285376eje.229.1606861950852;
        Tue, 01 Dec 2020 14:32:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606861950; cv=none;
        d=google.com; s=arc-20160816;
        b=XvLGKmiJUJ5MwVdrsQUuHfd+8/0PWEtuExpWTFQNlKZEm4cI+GETcREJGaijORz21G
         yrjgBPuU9tCjYB2CwPMv67HZXWPBnDjZFQKyumuD4ekutmX5+AuucDVi81hV0mwPSf3V
         +c5sQKqLcPo8Pm2q2ZnKcKSXw4NdM2vyOyJTWlTQzGEbW2ufK+jb0poKKWcxC7IfyWP2
         +nxadYEXsIiMIAl0PpecrEtjM5vN4pMLgNc5tGEtJJ9vazS0j5/r4YzXDkb9bcyhG7LU
         kEyBVXDz6L+JzcHcLJT1QEeZuXAAES07kmIgltTd7vQlTJvy3yQxj/IWwackOGVosR8V
         rA7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=y57gDzAsDOsia9qQL018/92h7iII29IMJ4plkV4JHRM=;
        b=IYNlLYFNenEyNiNng0poKLnMgD399UCn7zpfcKsAZ+QwKA9osKXBPLO6/qV12Tp068
         tz5CeYJFv3BMZN3SB1jb3HLDG6LRDzh9DIl9evS4Lo64M9G9j0Wax8JOYkyoKUpHbV8t
         8QL1knNn0zxTJsZJ3iDBCjeLgURSxOr7OyLT+CVCpxmsWZdefHpigkrnMZzSuMFY99lT
         dIIHxJED52zkwqggCukVQMYALAUMHCJHM6lGJV9998ZzwN9ydZGm2kioxVYbZpr8MKkV
         oB1y01Iz8xcVKs/9YWkWDxN21mcbTCnwZ7gs/4SgoAIU5BQ1/DcGjpW6Oif2Xaa4XURu
         MNdw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VY2gFgZL;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id ng3si876932ejb.344.2020.12.01.14.32.07;
        Tue, 01 Dec 2020 14:32:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=VY2gFgZL;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389922AbgLAJUp (ORCPT <rfc822;shibaboy@gmail.com> + 99 others);
        Tue, 1 Dec 2020 04:20:45 -0500
Received: from mail.kernel.org ([198.145.29.99]:46702 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389399AbgLAJJO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Dec 2020 04:09:14 -0500
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id B053E206D8;
        Tue,  1 Dec 2020 09:08:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1606813713;
        bh=URSU+A2hAwZDJFwhZzz5JFRTJIXZj/xFvQzzxq7tvm8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=VY2gFgZLCiX+W1C4OjgBFlJ223QQVlKuCXRkj8JjrphRZUpSkmliwxqYjp2xzAX+t
         qF4wwr2bN+z2tLmejQe7XK118NlqFCuSPPa4C8IAh4AJQ0TDiROP5yUIHPmOEBWkkh
         tWveLf/7rHX5pit897Lvpr591W5RNEWaytxJPCOo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Yu Zhao <yuzhao@google.com>,
        Minchan Kim <minchan@kernel.org>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>
Subject: [PATCH 5.9 033/152] arm64: pgtable: Fix pte_accessible()
Date:   Tue,  1 Dec 2020 09:52:28 +0100
Message-Id: <20201201084716.224151308@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201201084711.707195422@linuxfoundation.org>
References: <20201201084711.707195422@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Will Deacon <will@kernel.org>

commit 07509e10dcc77627f8b6a57381e878fe269958d3 upstream.

pte_accessible() is used by ptep_clear_flush() to figure out whether TLB
invalidation is necessary when unmapping pages for reclaim. Although our
implementation is correct according to the architecture, returning true
only for valid, young ptes in the absence of racing page-table
modifications, this is in fact flawed due to lazy invalidation of old
ptes in ptep_clear_flush_young() where we elide the expensive DSB
instruction for completing the TLB invalidation.

Rather than penalise the aging path, adjust pte_accessible() to return
true for any valid pte, even if the access flag is cleared.

Cc: <stable@vger.kernel.org>
Fixes: 76c714be0e5e ("arm64: pgtable: implement pte_accessible()")
Reported-by: Yu Zhao <yuzhao@google.com>
Acked-by: Yu Zhao <yuzhao@google.com>
Reviewed-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20201120143557.6715-2-will@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/include/asm/pgtable.h |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -108,8 +108,6 @@ extern unsigned long empty_zero_page[PAG
 #define pte_valid(pte)		(!!(pte_val(pte) & PTE_VALID))
 #define pte_valid_not_user(pte) \
 	((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
-#define pte_valid_young(pte) \
-	((pte_val(pte) & (PTE_VALID | PTE_AF)) == (PTE_VALID | PTE_AF))
 #define pte_valid_user(pte) \
 	((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
 
@@ -117,9 +115,12 @@ extern unsigned long empty_zero_page[PAG
  * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
  * so that we don't erroneously return false for pages that have been
  * remapped as PROT_NONE but are yet to be flushed from the TLB.
+ * Note that we can't make any assumptions based on the state of the access
+ * flag, since ptep_clear_flush_young() elides a DSB when invalidating the
+ * TLB.
  */
 #define pte_accessible(mm, pte)	\
-	(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid_young(pte))
+	(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid(pte))
 
 /*
  * p??_access_permitted() is true for valid user mappings (subject to the