system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-06 11:25:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/Documentation
History
Ryan Roberts 3a5a8d343e mm: fix race between __split_huge_pmd_locked() and GUP-fast 
__split_huge_pmd_locked() can be called for a present THP, devmap or
(non-present) migration entry.  It calls pmdp_invalidate() unconditionally
on the pmdp and only determines if it is present or not based on the
returned old pmd.  This is a problem for the migration entry case because
pmd_mkinvalid(), called by pmdp_invalidate() must only be called for a
present pmd.

On arm64 at least, pmd_mkinvalid() will mark the pmd such that any future
call to pmd_present() will return true.  And therefore any lockless
pgtable walker could see the migration entry pmd in this state and start
interpretting the fields as if it were present, leading to BadThings (TM).
GUP-fast appears to be one such lockless pgtable walker.

x86 does not suffer the above problem, but instead pmd_mkinvalid() will
corrupt the offset field of the swap entry within the swap pte.  See link
below for discussion of that problem.

Fix all of this by only calling pmdp_invalidate() for a present pmd.  And
for good measure let's add a warning to all implementations of
pmdp_invalidate[_ad]().  I've manually reviewed all other
pmdp_invalidate[_ad]() call sites and believe all others to be conformant.

This is a theoretical bug found during code review.  I don't have any test
case to trigger it in practice.

Link: https://lkml.kernel.org/r/20240501143310.1381675-1-ryan.roberts@arm.com
Link: https://lore.kernel.org/all/0dd7827a-6334-439a-8fd0-43c98e6af22b@arm.com/
Fixes: 84c3fc4e9c ("mm: thp: check pmd migration entry in common path")
Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Zi Yan <ziy@nvidia.com>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Andreas Larsson <andreas@gaisler.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Christian Borntraeger <borntraeger@linux.ibm.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Naveen N. Rao <naveen.n.rao@linux.ibm.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-05-07 10:37:00 -07:00
..
ABI Docs/ABI/damon: update for 'youg page' type DAMOS filter 2024-05-05 17:53:56 -07:00
accel
accounting
admin-guide Docs/admin-guide/mm/damon/usage: update for young page type DAMOS filter 2024-05-05 17:53:55 -07:00
arch Documentation/x86: Fix title underline length 2024-03-25 11:29:16 +01:00
block
bpf bpf, docs: Rename legacy conformance group to packet 2024-03-04 14:31:06 +01:00
cdrom
core-api workqueue: Changes for v6.9 2024-03-11 12:50:42 -07:00
cpu-freq
crypto
dev-tools Documentation: dev-tools: Add link to RV docs 2024-03-29 08:27:21 -06:00
devicetree Merge tag 'drm-msm-next-2024-04-11' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2024-04-12 11:01:45 +10:00
doc-guide docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
driver-api mm: zswap: remove same_filled module params 2024-05-05 17:53:38 -07:00
fault-injection
fb
features
filesystems doc: split buffer.rst out of api-summary.rst 2024-05-05 17:53:40 -07:00
firmware-guide More ACPI updates for 6.9-rc1 2024-03-19 11:15:14 -07:00
firmware_class
fpga
gpu drm-misc-next for v6.9: 2024-02-26 09:51:49 +01:00
hid
hwmon hwmon: (aspeed-g6-pwm-tacho): Support for ASPEED g6 PWM/Fan tach 2024-03-07 10:50:16 -08:00
i2c Documentation: i2c: Document that client auto-detection is a legacy mechanism 2024-03-07 09:42:09 +01:00
iio docs: iio: add documentation for adis16475 driver 2024-02-28 19:26:36 +00:00
images
infiniband
input
isdn
kbuild Documentation/llvm: Note s390 LLVM=1 support with LLVM 18.1.0 and newer 2024-03-31 21:09:50 +09:00
kernel-hacking
leds
litmus-tests
livepatch
locking
maintainer
mhi
misc-devices
mm mm: fix race between __split_huge_pmd_locked() and GUP-fast 2024-05-07 10:37:00 -07:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-03-11 20:38:36 -07:00
networking Documentation: Add documentation for eswitch attribute 2024-03-28 18:20:08 -07:00
nvdimm
nvme
PCI
pcmcia
peci
power Documentation: power: Fix typo in suspend and interrupts doc 2024-03-13 20:51:11 +01:00
process A handful of late-arriving documentation fixes and enhancements. 2024-03-20 09:36:46 -07:00
RCU A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
rust arm64 updates for 6.9: 2024-03-14 15:35:42 -07:00
scheduler A single update for the documentation of the base_slice_ns tunable to 2024-03-24 11:11:05 -07:00
scsi
security
sound
sphinx docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
sphinx-static
spi spi: docs: spidev: fix echo command format 2024-03-19 18:37:55 +00:00
staging
target
tee
timers
tools tools/rtla: Add -U/--user-load option to timerlat 2024-03-20 05:39:06 +01:00
trace tracing/user_events: Document multi-format flag 2024-03-18 10:13:16 -04:00
translations remove references to page->flags in documentation 2024-04-25 20:56:15 -07:00
usb
userspace-api media updates for v6.9-rc1 2024-03-15 11:36:54 -07:00
virt Documentation: kvm/sev: clarify usage of KVM_MEMORY_ENCRYPT_OP 2024-03-18 19:03:53 -04:00
w1
watchdog
wmi platform/x86: wmi: Update documentation regarding _WED 2024-02-27 14:44:31 +02:00
.gitignore
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: Restore "smart quotes" for quotes 2024-02-28 15:48:18 -07:00
docutils.conf
dontdiff
index.rst A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
Kconfig
Makefile docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs 2024-03-05 11:06:43 -07:00
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst