From: Mark Rutland <mark.rutland@arm.com>
To: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, stable@vger.kernel.org
Subject: Re: [PATCH] arm64: mm: ensure that the zero page is visible to the page table walker
Date: Thu, 10 Dec 2015 18:14:12 +0000 [thread overview]
Message-ID: <20151210181412.GL495@leverpostej> (raw)
In-Reply-To: <1449769199-31361-1-git-send-email-will.deacon@arm.com>
Hi Will,
On Thu, Dec 10, 2015 at 05:39:59PM +0000, Will Deacon wrote:
> In paging_init, we allocate the zero page, memset it to zero and then
> point TTBR0 to it in order to avoid speculative fetches through the
> identity mapping.
>
> In order to guarantee that the freshly zeroed page is indeed visible to
> the page table walker, we need to execute a dsb instruction prior to
> writing the TTBR.
>
> Cc: <stable@vger.kernel.org> # v3.14+, for older kernels need to drop the 'ishst'
> Signed-off-by: Will Deacon <will.deacon@arm.com>
> ---
> arch/arm64/mm/mmu.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index c04def90f3e4..c5bd5bca8e3d 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -464,6 +464,9 @@ void __init paging_init(void)
>
> empty_zero_page = virt_to_page(zero_page);
>
> + /* Ensure the zero page is visible to the page table walker */
> + dsb(ishst);
I think this should live in early_alloc (likewise in late_alloc).
In the other cases we call early_alloc or late_allot we assume the
zeroing is visible to the page table walker.
For example in in alloc_init_pte we do:
if (pmd_none(*pmd) || pmd_sect(*pmd)) {
pte = alloc(PTRS_PER_PTE * sizeof(pte_t));
if (pmd_sect(*pmd))
split_pmd(pmd, pte);
__pmd_populate(pmd, __pa(pte), PMD_TYPE_TABLE);
flush_tlb_all();
}
There's a dsb in __pmd_populate, but it's _after_ the write to the pmd
entry, so the walker might start walking the newly-allocated pte table
before the zeroing is visible.
Either we need a barrier after every alloc, or we fold the barrier into
the two allocation functions.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: mm: ensure that the zero page is visible to the page table walker
Date: Thu, 10 Dec 2015 18:14:12 +0000 [thread overview]
Message-ID: <20151210181412.GL495@leverpostej> (raw)
In-Reply-To: <1449769199-31361-1-git-send-email-will.deacon@arm.com>
Hi Will,
On Thu, Dec 10, 2015 at 05:39:59PM +0000, Will Deacon wrote:
> In paging_init, we allocate the zero page, memset it to zero and then
> point TTBR0 to it in order to avoid speculative fetches through the
> identity mapping.
>
> In order to guarantee that the freshly zeroed page is indeed visible to
> the page table walker, we need to execute a dsb instruction prior to
> writing the TTBR.
>
> Cc: <stable@vger.kernel.org> # v3.14+, for older kernels need to drop the 'ishst'
> Signed-off-by: Will Deacon <will.deacon@arm.com>
> ---
> arch/arm64/mm/mmu.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index c04def90f3e4..c5bd5bca8e3d 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -464,6 +464,9 @@ void __init paging_init(void)
>
> empty_zero_page = virt_to_page(zero_page);
>
> + /* Ensure the zero page is visible to the page table walker */
> + dsb(ishst);
I think this should live in early_alloc (likewise in late_alloc).
In the other cases we call early_alloc or late_allot we assume the
zeroing is visible to the page table walker.
For example in in alloc_init_pte we do:
if (pmd_none(*pmd) || pmd_sect(*pmd)) {
pte = alloc(PTRS_PER_PTE * sizeof(pte_t));
if (pmd_sect(*pmd))
split_pmd(pmd, pte);
__pmd_populate(pmd, __pa(pte), PMD_TYPE_TABLE);
flush_tlb_all();
}
There's a dsb in __pmd_populate, but it's _after_ the write to the pmd
entry, so the walker might start walking the newly-allocated pte table
before the zeroing is visible.
Either we need a barrier after every alloc, or we fold the barrier into
the two allocation functions.
Thanks,
Mark.
next prev parent reply other threads:[~2015-12-10 18:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-10 17:39 [PATCH] arm64: mm: ensure that the zero page is visible to the page table walker Will Deacon
2015-12-10 17:39 ` Will Deacon
2015-12-10 18:14 ` Mark Rutland [this message]
2015-12-10 18:14 ` Mark Rutland
2015-12-11 17:58 ` Will Deacon
2015-12-11 17:58 ` Will Deacon
2015-12-11 18:19 ` Mark Rutland
2015-12-11 18:19 ` Mark Rutland
2015-12-11 19:10 ` Will Deacon
2015-12-11 19:10 ` Will Deacon
2015-12-11 19:16 ` Mark Rutland
2015-12-11 19:16 ` Mark Rutland
2015-12-14 11:40 ` [PATCH 1/2] arm64: mm: specialise pagetable allocators Mark Rutland
2015-12-14 11:40 ` [PATCH 2/2] arm64: mm: ensure visbility of page table zeroing Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151210181412.GL495@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=stable@vger.kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.