[patch] mm: fix a race condition under SMC + COW

From: "Siddha, Suresh B" <[email protected]>

Failing context is a multi threaded process context and the failing
sequence is as follows.

One thread T0 doing self modifying code on page X on processor P0 and
another thread T1 doing COW (breaking the COW setup as part of just happened
fork() in another thread T2) on the same page X on processor P1. T0 doing SMC
can endup modifying  the new page Y (allocated by the T1 doing COW on P1) but
because of different I/D TLB's, P0 ITLB will not see the new mapping till
the flush TLB IPI from  P1 is received. During this interval, if T0 executes
the code created by SMC it can result in an app error (as ITLB still points to
old page X and endup executing the content in page X rather than using
the content in page Y).

Fix this issue by first clearing the PTE and flushing it, before updating it
with new entry.

Signed-off-by: Suresh Siddha <[email protected]>
---

--- linux-2.6.18/mm/memory.c.orig	2006-09-27 14:59:48.000000000 -0700
+++ linux-2.6.18/mm/memory.c	2006-09-27 15:17:35.000000000 -0700
@@ -1551,7 +1551,14 @@ gotten:
 		entry = mk_pte(new_page, vma->vm_page_prot);
 		entry = maybe_mkwrite(pte_mkdirty(entry), vma);
 		lazy_mmu_prot_update(entry);
-		ptep_establish(vma, address, page_table, entry);
+		/*
+		 * Clear the pte entry and flush it first, before updating the
+		 * pte with the new entry. This will avoid a race condition
+		 * seen in the presence of one thread doing SMC and another
+		 * thread doing COW.
+		 */
+		ptep_clear_flush(vma, address, page_table);
+		set_pte_at(mm, address, page_table, entry);
 		update_mmu_cache(vma, address, entry);
 		lru_cache_add_active(new_page);
 		page_add_new_anon_rmap(new_page, vma, address);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [patch] mm: fix a race condition under SMC + COW
    • From: Hugh Dickins <[email protected]>
  • Re: [patch] mm: fix a race condition under SMC + COW
    • From: David Miller <[email protected]>

• Prev by Date: Re: [BUG] Oops on boot (probably ACPI related)
• Next by Date: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
• Previous by thread: [patch 2.6.18] genirq: remove oops with fasteoi irq_chip descriptors
• Next by thread: Re: [patch] mm: fix a race condition under SMC + COW
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]