linux-sg2042/arch/s390/mm
Gerald Schaefer 723cacbd9d s390/mm: fix asce_bits handling with dynamic pagetable levels
There is a race with multi-threaded applications between context switch and
pagetable upgrade. In switch_mm() a new user_asce is built from mm->pgd and
mm->context.asce_bits, w/o holding any locks. A concurrent mmap with a
pagetable upgrade on another thread in crst_table_upgrade() could already
have set new asce_bits, but not yet the new mm->pgd. This would result in a
corrupt user_asce in switch_mm(), and eventually in a kernel panic from a
translation exception.

Fix this by storing the complete asce instead of just the asce_bits, which
can then be read atomically from switch_mm(), so that it either sees the
old value or the new value, but no mixture. Both cases are OK. Having the
old value would result in a page fault on access to the higher level memory,
but the fault handler would see the new mm->pgd, if it was a valid access
after the mmap on the other thread has completed. So as worst-case scenario
we would have a page fault loop for the racing thread until the next time
slice.

Also remove dead code and simplify the upgrade/downgrade path, there are no
upgrades from 2 levels, and only downgrades from 3 levels for compat tasks.
There are also no concurrent upgrades, because the mmap_sem is held with
down_write() in do_mmap, so the flush and table checks during upgrade can
be removed.

Reported-by: Michael Munday <munday@ca.ibm.com>
Reviewed-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-21 09:50:09 +02:00
..
Makefile s390/extable: use generic search and sort routines 2016-03-22 15:36:02 -07:00
cmm.c s390: convert use of typedef ctl_table to struct ctl_table 2013-10-28 08:36:25 +01:00
dump_pagetables.c s390: remove 31 bit support 2015-03-25 11:49:33 +01:00
extmem.c s390: Use pr_warn instead of pr_warning 2016-03-07 13:12:04 +01:00
fault.c s390/mm: split arch/s390/mm/pgtable.c 2016-03-08 15:00:15 +01:00
gmap.c s390/mm/kvm: fix mis-merge in gmap handling 2016-04-05 14:19:07 +02:00
gup.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2016-04-01 07:15:54 -05:00
hugetlbpage.c s390/mm: uninline pmdp_xxx functions from pgtable.h 2016-03-08 15:00:14 +01:00
init.c s390/mm: fix asce_bits handling with dynamic pagetable levels 2016-04-21 09:50:09 +02:00
maccess.c s390/maccess: reduce stnsm instructions 2016-02-17 09:05:04 +01:00
mem_detect.c s390/mem_detect: use unsigned longs 2016-01-11 12:27:11 +01:00
mmap.c s390/mm: fix asce_bits handling with dynamic pagetable levels 2016-04-21 09:50:09 +02:00
page-states.c s390/cmma: remove "cmma disable" code in case of dump again 2014-05-20 08:58:42 +02:00
pageattr.c s390/pageattr: do a single TLB flush for change_page_attr 2016-02-23 08:56:17 +01:00
pgalloc.c s390/mm: fix asce_bits handling with dynamic pagetable levels 2016-04-21 09:50:09 +02:00
pgtable.c s390/mm: split arch/s390/mm/pgtable.c 2016-03-08 15:00:15 +01:00
vmem.c s390: query dynamic DEBUG_PAGEALLOC setting 2016-03-15 16:55:16 -07:00