diff options
| author | Stefan Agner <stefan.agner@toradex.com> | 2017-09-26 16:04:08 +0200 |
|---|---|---|
| committer | Stefan Agner <stefan.agner@toradex.com> | 2017-09-26 18:11:18 +0200 |
| commit | 1f4d46cea2bc1886a13ae9adfcd9e4243eed6a4c (patch) | |
| tree | 2001999c70f8e46b192fc552590810aab35710e3 /mm/rmap.c | |
| parent | d152ae9d4704d8c7b3775e3b1a20e62aa3b1eed8 (diff) | |
| parent | b52c9082f2eb3a6f7fbbc86fad3eaa2a1725da66 (diff) | |
Merge tag 'v4.4.88' into toradex_vf_4.4-next
This is the 4.4.88 stable release
Diffstat (limited to 'mm/rmap.c')
| -rw-r--r-- | mm/rmap.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/mm/rmap.c b/mm/rmap.c index b577fbb98d4b..ede183c32f45 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -649,6 +649,13 @@ static void set_tlb_ubc_flush_pending(struct mm_struct *mm, tlb_ubc->flush_required = true; /* + * Ensure compiler does not re-order the setting of tlb_flush_batched + * before the PTE is cleared. + */ + barrier(); + mm->tlb_flush_batched = true; + + /* * If the PTE was dirty then it's best to assume it's writable. The * caller must use try_to_unmap_flush_dirty() or try_to_unmap_flush() * before the page is queued for IO. @@ -675,6 +682,35 @@ static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags) return should_defer; } + +/* + * Reclaim unmaps pages under the PTL but do not flush the TLB prior to + * releasing the PTL if TLB flushes are batched. It's possible for a parallel + * operation such as mprotect or munmap to race between reclaim unmapping + * the page and flushing the page. If this race occurs, it potentially allows + * access to data via a stale TLB entry. Tracking all mm's that have TLB + * batching in flight would be expensive during reclaim so instead track + * whether TLB batching occurred in the past and if so then do a flush here + * if required. This will cost one additional flush per reclaim cycle paid + * by the first operation at risk such as mprotect and mumap. + * + * This must be called under the PTL so that an access to tlb_flush_batched + * that is potentially a "reclaim vs mprotect/munmap/etc" race will synchronise + * via the PTL. + */ +void flush_tlb_batched_pending(struct mm_struct *mm) +{ + if (mm->tlb_flush_batched) { + flush_tlb_mm(mm); + + /* + * Do not allow the compiler to re-order the clearing of + * tlb_flush_batched before the tlb is flushed. + */ + barrier(); + mm->tlb_flush_batched = false; + } +} #else static void set_tlb_ubc_flush_pending(struct mm_struct *mm, struct page *page, bool writable) |