arch · 4b69ffe37490d0507375fbe31be833310f883a24 · Kirill Smelkov / linux

Ingo Molnar authored 17 years ago

patch 9a24d04a upstream

While we were reviewing pageattr_32/64.c for unification,
Thomas Gleixner noticed the following serious SMP bug in
global_flush_tlb():

	down_read(&init_mm.mmap_sem);
	list_replace_init(&deferred_pages, &l);
	up_read(&init_mm.mmap_sem);

this is SMP-unsafe because list_replace_init() done on two CPUs in
parallel can corrupt the list.

This bug has been introduced about a year ago in the 64-bit tree:

       commit ea7322de


       Author: Andi Kleen <ak@suse.de>
       Date:   Thu Dec 7 02:14:05 2006 +0100

       [PATCH] x86-64: Speed and clean up cache flushing in change_page_attr

                down_read(&init_mm.mmap_sem);
        -       dpage = xchg(&deferred_pages, NULL);
        +       list_replace_init(&deferred_pages, &l);
                up_read(&init_mm.mmap_sem);

the xchg() based version was SMP-safe, but list_replace_init() is not.
So this "cleanup" introduced a nasty bug.

why this bug never become prominent is a mystery - it can probably be
explained with the (still) relative obscurity of the x86_64 architecture.

the safe fix for now is to write-lock init_mm.mmap_sem.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <ak@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

4b69ffe3

Name	Last commit	Last update
..
alpha	alpha: -Werror fixes for sys_titan.c	17 years ago
arm	[ARM] 4598/2: OSIRIS: Ensure we do not get nRSTOUT during suspend	17 years ago
avr32	[AVR32] Wire up i2c-gpio on the ATNGW100 board	17 years ago
blackfin	Blackfin arch: fix PORT_J BUG for BF537/6 EMAC driver reported by Kalle Pokki <kalle.pokki@iki.fi>	17 years ago
cris	ide: fix hidden dependencies on CONFIG_IDE_GENERIC	17 years ago
frv	FRV: connect up fallocate	17 years ago
h8300	H8/300: Fix misnamed "CONFIG_BLKDEV_RESERVE_ADDRESS" Kconfig variable	17 years ago
i386	xen: fix incorrect vcpu_register_vcpu_info hypercall argument	17 years ago
ia64	Fix spurious syscall tracing after PTRACE_DETACH + PTRACE_ATTACH	17 years ago
m32r	m32r: Rename STI/CLI macros	17 years ago
m68k	m68k(nommu): add missing syscalls	17 years ago
m68knommu	m68k(nommu): add missing syscalls	17 years ago
mips	MIPS: MT: Fix bug in multithreaded kernels.	17 years ago
parisc	[PARISC] Add NOTES section	17 years ago
powerpc	POWERPC: Make sure to of_node_get() the result of pci_device_to_OF_node()	17 years ago
ppc	[PPC] Fix cpm_dpram_addr returning phys mem instead of virt mem	17 years ago
s390	[S390] kprobes: fix instruction length calculation	17 years ago
sh	sh: missing symbol fix for sh4-202	17 years ago
sh64	sh64: arch/sh64/kernel/setup.c: duplicate include removal.	17 years ago
sparc	[SPARC]: Fix EBUS use of uninitialized variable.	17 years ago
sparc64	Fix sparc64 MAP_FIXED handling of framebuffer mmaps	17 years ago
um	UML - kill subprocesses on exit	17 years ago
v850	PTRACE_POKEDATA consolidation	17 years ago
x86_64	x86: fix global_flush_tlb() bug	17 years ago
xtensa	[patch 2/2] xtensa console.c: remove duplicate #include	17 years ago

Download source code

Download this directory