cache aliasing in dup_mmap

Russell King - ARM Linux linux at arm.linux.org.uk
Mon Nov 30 14:23:21 EST 2009 

On Mon, Nov 30, 2009 at 07:09:50PM +0000, Jamie Lokier wrote:
> Russell King - ARM Linux wrote:
> > On Mon, Nov 23, 2009 at 08:31:10PM +0000, Russell King - ARM Linux wrote:
> > > On Thu, Nov 19, 2009 at 01:08:01PM -0500, Steven Walter wrote:
> > > > On Thu, Nov 19, 2009 at 3:57 AM, Russell King - ARM Linux
> > > > <linux at arm.linux.org.uk> wrote:
> > > > > I'm afraid that I have nothing further to suggest, and so I'm shelving
> > > > > the patches.  That means this problem will remain unresolved in future
> > > > > kernels.
> > > > 
> > > > I had the tester restart the reboot-loop, and so far it's done ~1200
> > > > runs with no problem.  I'm thinking now that either I hosed something
> > > > up with the build initially, or else the tester didn't flash it
> > > > correctly.  1200 runs isn't enough to be conclusive, but it's a lot
> > > > better than 88.  I'll let you know when we have something more
> > > > definitive.
> > > 
> > > I'd just like to keep this issue hot so it doesn't get forgotten about.
> > > Are we at a conclusive point on this?
> > 
> > Today is decision day.  Do we go with these two patches or not?
> 
> Way back when this thread started, I had a think about the proposed
> fix and thought it was insufficient in some cases.  That is, the race
> could still occur but not as often.  But it was hard to explain, and I
> don't think I did so adequately.

The only hole I can see would be if we context switched:

        kto = kmap_atomic(to, KM_USER0);
        kfrom = kmap_atomic(from, KM_USER1);
+       flush_cache_page(vma, vaddr, page_to_pfn(from));

	/* HERE */

        xsc3_mc_copy_user_page(kto, kfrom);
        kunmap_atomic(kfrom, KM_USER1);
        kunmap_atomic(kto, KM_USER0);

so that we were no longer reading data from userspace.  Luckily,
kmap_atomic() prevents preemptions occuring, so the above code should
be regarded as being entirely single-threaded - we won't get any context
switching all the time that 'to' is kmapped.

And it doesn't apply to SMP systems because there are no public SMP
systems before ARMv6, and SMP systems are required to be PIPT.

More information about the linux-arm-kernel mailing list