Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0313bc7 authored by Nadav Amit's avatar Nadav Amit Committed by Greg Kroah-Hartman
Browse files

hugetlbfs: flush TLBs correctly after huge_pmd_unshare 



commit a4a118f2eead1d6c49e00765de89878288d4b890 upstream.

When __unmap_hugepage_range() calls to huge_pmd_unshare() succeed, a TLB
flush is missing.  This TLB flush must be performed before releasing the
i_mmap_rwsem, in order to prevent an unshared PMDs page from being
released and reused before the TLB flush took place.

Arguably, a comprehensive solution would use mmu_gather interface to
batch the TLB flushes and the PMDs page release, however it is not an
easy solution: (1) try_to_unmap_one() and try_to_migrate_one() also call
huge_pmd_unshare() and they cannot use the mmu_gather interface; and (2)
deferring the release of the page reference for the PMDs page until
after i_mmap_rwsem is dropeed can confuse huge_pmd_unshare() into
thinking PMDs are shared when they are not.

Fix __unmap_hugepage_range() by adding the missing TLB flush, and
forcing a flush when unshare is successful.

Fixes: 24669e58 ("hugetlb: use mmu_gather instead of a temporary linked list for accumulating pages)" # 3.6
Signed-off-by: default avatarNadav Amit <namit@vmware.com>
Reviewed-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent b2a7e63e

arch/arm/include/asm/tlb.h

+8 −0
Original line number Diff line number Diff line
@@ -280,6 +280,14 @@ tlb_remove_pmd_tlb_entry(struct mmu_gather *tlb, pmd_t *pmdp, unsigned long addr 
	tlb_add_flush(tlb, addr);

}



static inline void

tlb_flush_pmd_range(struct mmu_gather *tlb, unsigned long address,

		    unsigned long size)

{

	tlb_add_flush(tlb, address);

	tlb_add_flush(tlb, address + size - PMD_SIZE);

}



#define pte_free_tlb(tlb, ptep, addr)	__pte_free_tlb(tlb, ptep, addr)

#define pmd_free_tlb(tlb, pmdp, addr)	__pmd_free_tlb(tlb, pmdp, addr)

#define pud_free_tlb(tlb, pudp, addr)	pud_free((tlb)->mm, pudp)

arch/ia64/include/asm/tlb.h

+10 −0
Original line number Diff line number Diff line
@@ -268,6 +268,16 @@ __tlb_remove_tlb_entry (struct mmu_gather *tlb, pte_t *ptep, unsigned long addre 
	tlb->end_addr = address + PAGE_SIZE;

}



static inline void

tlb_flush_pmd_range(struct mmu_gather *tlb, unsigned long address,

		    unsigned long size)

{

	if (tlb->start_addr > address)

		tlb->start_addr = address;

	if (tlb->end_addr < address + size)

		tlb->end_addr = address + size;

}



#define tlb_migrate_finish(mm)	platform_tlb_migrate_finish(mm)



#define tlb_start_vma(tlb, vma)			do { } while (0)

arch/s390/include/asm/tlb.h

+16 −0
Original line number Diff line number Diff line
@@ -116,6 +116,20 @@ static inline void tlb_remove_page_size(struct mmu_gather *tlb, 
	return tlb_remove_page(tlb, page);

}



static inline void tlb_flush_pmd_range(struct mmu_gather *tlb,

				unsigned long address, unsigned long size)

{

	/*

	 * the range might exceed the original range that was provided to

	 * tlb_gather_mmu(), so we need to update it despite the fact it is

	 * usually not updated.

	 */

	if (tlb->start > address)

		tlb->start = address;

	if (tlb->end < address + size)

		tlb->end = address + size;

}



/*

 * pte_free_tlb frees a pte table and clears the CRSTE for the

 * page table from the tlb.
@@ -177,6 +191,8 @@ static inline void pud_free_tlb(struct mmu_gather *tlb, pud_t *pud, 
#define tlb_remove_tlb_entry(tlb, ptep, addr)	do { } while (0)

#define tlb_remove_pmd_tlb_entry(tlb, pmdp, addr)	do { } while (0)

#define tlb_migrate_finish(mm)			do { } while (0)

#define tlb_flush_pmd_range(tlb, addr, sz)	do { } while (0)



#define tlb_remove_huge_tlb_entry(h, tlb, ptep, address)	\

	tlb_remove_tlb_entry(tlb, ptep, address)

arch/sh/include/asm/tlb.h

+10 −0
Original line number Diff line number Diff line
@@ -127,6 +127,16 @@ static inline void tlb_remove_page_size(struct mmu_gather *tlb, 
	return tlb_remove_page(tlb, page);

}



static inline void

tlb_flush_pmd_range(struct mmu_gather *tlb, unsigned long address,

		    unsigned long size)

{

	if (tlb->start > address)

		tlb->start = address;

	if (tlb->end < address + size)

		tlb->end = address + size;

}



#define tlb_remove_check_page_size_change tlb_remove_check_page_size_change

static inline void tlb_remove_check_page_size_change(struct mmu_gather *tlb,

						     unsigned int page_size)

arch/um/include/asm/tlb.h

+12 −0
Original line number Diff line number Diff line
@@ -130,6 +130,18 @@ static inline void tlb_remove_page_size(struct mmu_gather *tlb, 
	return tlb_remove_page(tlb, page);

}



static inline void

tlb_flush_pmd_range(struct mmu_gather *tlb, unsigned long address,

		    unsigned long size)

{

	tlb->need_flush = 1;



	if (tlb->start > address)

		tlb->start = address;

	if (tlb->end < address + size)

		tlb->end = address + size;

}



/**

 * tlb_remove_tlb_entry - remember a pte unmapping for later tlb invalidation.

 *