Git Repo - linux.git/commit

author	Catalin Marinas <[email protected]>
	Fri, 14 May 2021 09:50:01 +0000 (10:50 +0100)
committer	Catalin Marinas <[email protected]>
	Fri, 14 May 2021 16:11:16 +0000 (17:11 +0100)
commit	588a513d34257fdde95a9f0df0202e31998e85c6
tree	053e87f91afc329f6a187eae1a2e29ecaf6a3eed	tree \| snapshot
parent	af44068c581c028fd9897ca75a10fa310d8fc449	commit \| diff

arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache()

To ensure that instructions are observable in a new mapping, the arm64
set_pte_at() implementation cleans the D-cache and invalidates the
I-cache to the PoU. As an optimisation, this is only done on executable
mappings and the PG_dcache_clean page flag is set to avoid future cache
maintenance on the same page.

When two different processes map the same page (e.g. private executable
file or shared mapping) there's a potential race on checking and setting
PG_dcache_clean via set_pte_at() -> __sync_icache_dcache(). While on the
fault paths the page is locked (PG_locked), mprotect() does not take the
page lock. The result is that one process may see the PG_dcache_clean
flag set but the I/D cache maintenance not yet performed.

Avoid test_and_set_bit(PG_dcache_clean) in favour of separate test_bit()
and set_bit(). In the rare event of a race, the cache maintenance is
done twice.

Signed-off-by: Catalin Marinas <[email protected]>
Cc: <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Steven Price <[email protected]>
Reviewed-by: Steven Price <[email protected]>
Acked-by: Will Deacon <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Catalin Marinas <[email protected]>