archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 06:04:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/arch/alpha/include/asm/tlbflush.h
Magnus Lindholm dd5712f337 alpha: fix user-space corruption during memory compaction 
Alpha systems can suffer sporadic user-space crashes and heap
corruption when memory compaction is enabled.

Symptoms include SIGSEGV, glibc allocator failures (e.g. "unaligned
tcache chunk"), and compiler internal errors. The failures disappear
when compaction is disabled or when using global TLB invalidation.

The root cause is insufficient TLB shootdown during page migration.
Alpha relies on ASN-based MM context rollover for instruction cache
coherency, but this alone is not sufficient to prevent stale data or
instruction translations from surviving migration.

Fix this by introducing a migration-specific helper that combines:
  - MM context invalidation (ASN rollover),
  - immediate per-CPU TLB invalidation (TBI),
  - synchronous cross-CPU shootdown when required.

The helper is used only by migration/compaction paths to avoid changing
global TLB semantics.

Additionally, update flush_tlb_other(), pte_clear(), to use
READ_ONCE()/WRITE_ONCE() for correct SMP memory ordering.

This fixes observed crashes on both UP and SMP Alpha systems.

Reviewed-by: Ivan Kokshaysky <ink@unseen.parts>
Tested-by: Matoro Mahri <matoro_mailinglist_kernel@matoro.tk>
Tested-by: Michael Cree <mcree@orcon.net.nz>
Signed-off-by: Magnus Lindholm <linmag7@gmail.com>
Link: https://lore.kernel.org/r/20260102173603.18247-2-linmag7@gmail.com
Signed-off-by: Magnus Lindholm <linmag7@gmail.com>
2026-01-24 10:35:52 +01:00

121 lines
2.6 KiB
C
Raw Permalink Blame History

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _ALPHA_TLBFLUSH_H
#define _ALPHA_TLBFLUSH_H
#include <linux/mm.h>
#include <linux/sched.h>
#include <asm/compiler.h>
#ifndef __EXTERN_INLINE
#define __EXTERN_INLINE extern inline
#define __MMU_EXTERN_INLINE
#endif
extern void __load_new_mm_context(struct mm_struct *);
__EXTERN_INLINE void
ev5_flush_tlb_current(struct mm_struct *mm)
{
__load_new_mm_context(mm);
}
/* Flush just one page in the current TLB set. We need to be very
careful about the icache here, there is no way to invalidate a
specific icache page. */
__EXTERN_INLINE void
ev5_flush_tlb_current_page(struct mm_struct * mm,
struct vm_area_struct *vma,
unsigned long addr)
{
if (vma->vm_flags & VM_EXEC)
__load_new_mm_context(mm);
else
tbi(2, addr);
}
#define flush_tlb_current ev5_flush_tlb_current
#define flush_tlb_current_page ev5_flush_tlb_current_page
#ifdef __MMU_EXTERN_INLINE
#undef __EXTERN_INLINE
#undef __MMU_EXTERN_INLINE
#endif
/* Flush current user mapping. */
static inline void
flush_tlb(void)
{
flush_tlb_current(current->active_mm);
}
/* Flush someone else's user mapping. */
static inline void
flush_tlb_other(struct mm_struct *mm)
{
unsigned long *mmc = &mm->context[smp_processor_id()];
/* Check it's not zero first to avoid cacheline ping pong
when possible. */
if (READ_ONCE(*mmc))
WRITE_ONCE(*mmc, 0);
}
#ifndef CONFIG_SMP
/* Flush everything (kernel mapping may also have changed
due to vmalloc/vfree). */
static inline void flush_tlb_all(void)
{
tbia();
}
/* Flush a specified user mapping. */
static inline void
flush_tlb_mm(struct mm_struct *mm)
{
if (mm == current->active_mm)
flush_tlb_current(mm);
else
flush_tlb_other(mm);
}
/* Page-granular tlb flush. */
static inline void
flush_tlb_page(struct vm_area_struct *vma, unsigned long addr)
{
struct mm_struct *mm = vma->vm_mm;
if (mm == current->active_mm)
flush_tlb_current_page(mm, vma, addr);
else
flush_tlb_other(mm);
}
/* Flush a specified range of user mapping. On the Alpha we flush
the whole user tlb. */
static inline void
flush_tlb_range(struct vm_area_struct *vma, unsigned long start,
unsigned long end)
{
flush_tlb_mm(vma->vm_mm);
}
#else /* CONFIG_SMP */
extern void flush_tlb_all(void);
extern void flush_tlb_mm(struct mm_struct *);
extern void flush_tlb_page(struct vm_area_struct *, unsigned long);
extern void flush_tlb_range(struct vm_area_struct *, unsigned long,
unsigned long);
#endif /* CONFIG_SMP */
static inline void flush_tlb_kernel_range(unsigned long start,
unsigned long end)
{
flush_tlb_all();
}
#endif /* _ALPHA_TLBFLUSH_H */
Reference in a new issue View git blame Copy permalink