Kernel related (?) user space crash at ARM11 MPCore

[Catalin Marinas]

On Thu, 2009-10-15 at 17:48 +0200, Dirk Behme wrote:
> Catalin Marinas wrote:
> > On Thu, 2009-10-15 at 15:57 +0100, Russell King - ARM Linux wrote:
> >> On Mon, Sep 21, 2009 at 11:07:51AM +0100, Russell King - ARM Linux wrote:
> >>> On Mon, Sep 21, 2009 at 10:44:23AM +0100, Catalin Marinas wrote:
> >>>> We would need to fix this somehow as well. We currently handle the
> >>>> I-cache in update_mmu_cache() when a page is first mapped if it has
> >>>> VM_EXEC set.
> >>> The reason I'm pushing you hard to separate the two issues is that the
> >>> two should be treated separately.  I think we need to consider ensuring
> >>> that freed pages do not have any I-cache lines associated with them,
> >>> rather than waiting for them to be allocated and then dealing with the
> >>> I-cache problem.
> >> Having now benchmarked this (making flush_cache_* always invalidate
> >> the I-cache, so free'd pages are I-cache clean), and to me, the results
> >> quite look promising - please try out this patch.
> >>
> >> diff --git a/arch/arm/mm/fault-armv.c b/arch/arm/mm/fault-armv.c
> >> index d0d17b6..b9c1cd4 100644
> >> --- a/arch/arm/mm/fault-armv.c
> >> +++ b/arch/arm/mm/fault-armv.c
> >> @@ -160,8 +160,6 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned long addr, pte_t pte)
> >>  	if (mapping) {
> >>  		if (cache_is_vivt())
> >>  			make_coherent(mapping, vma, addr, pfn);
> >> -		else if (vma->vm_flags & VM_EXEC)
> >> -			__flush_icache_all();
> >>  	}
> >>  }
> > 
> > Before trying the patch, I don't entirely agree with the approach. You
> > will get speculative fetches in the I-cache via the kernel linear
> > mapping (where NX is always cleared) on newer processors and may end up
> > with random faults in user space (not that likely but not impossible
> > either).
> 
> Just to get a better understanding: With "newer processors" you mean 
> Cortex A9? So for ARM11 MPCore the approach should be fine?

Yes, Cortex-A9.

-- 
Catalin