• Nicholas Piggin's avatar
    powerpc/64s: Fix THP PMD collapse serialisation · ee6688c1
    Nicholas Piggin authored
    commit 33258a1d upstream.
    
    Commit 1b2443a5 ("powerpc/book3s64: Avoid multiple endian
    conversion in pte helpers") changed the actual bitwise tests in
    pte_access_permitted by using pte_write() and pte_present() helpers
    rather than raw bitwise testing _PAGE_WRITE and _PAGE_PRESENT bits.
    
    The pte_present() change now returns true for PTEs which are
    !_PAGE_PRESENT and _PAGE_INVALID, which is the combination used by
    pmdp_invalidate() to synchronize access from lock-free lookups.
    pte_access_permitted() is used by pmd_access_permitted(), so allowing
    GUP lock free access to proceed with such PTEs breaks this
    synchronisation.
    
    This bug has been observed on a host using the hash page table MMU,
    with random crashes and corruption in guests, usually together with
    bad PMD messages in the host.
    
    Fix this by adding an explicit check in pmd_access_permitted(), and
    documenting the condition explicitly.
    
    The pte_write() change should be okay, and would prevent GUP from
    falling back to the slow path when encountering savedwrite PTEs, which
    matches what x86 (that does not implement savedwrite) does.
    
    Fixes: 1b2443a5 ("powerpc/book3s64: Avoid multiple endian conversion in pte helpers")
    Cc: stable@vger.kernel.org # v4.20+
    Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
    Reviewed-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
    Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    ee6688c1
pgtable.h 39 KB