releases/5.0.6/mm-migrate.c-add-missing-flush_dcache_page-for-non-mapped-page-migrate.patch

   1 From d2b2c6dd227ba5b8a802858748ec9a780cb75b47 Mon Sep 17 00:00:00 2001
   2 From: Lars Persson <lars.persson@axis.com>
   3 Date: Thu, 28 Mar 2019 20:44:28 -0700
   4 Subject: mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
   5
   6 From: Lars Persson <lars.persson@axis.com>
   7
   8 commit d2b2c6dd227ba5b8a802858748ec9a780cb75b47 upstream.
   9
  10 Our MIPS 1004Kc SoCs were seeing random userspace crashes with SIGILL
  11 and SIGSEGV that could not be traced back to a userspace code bug.  They
  12 had all the magic signs of an I/D cache coherency issue.
  13
  14 Now recently we noticed that the /proc/sys/vm/compact_memory interface
  15 was quite efficient at provoking this class of userspace crashes.
  16
  17 Studying the code in mm/migrate.c there is a distinction made between
  18 migrating a page that is mapped at the instant of migration and one that
  19 is not mapped.  Our problem turned out to be the non-mapped pages.
  20
  21 For the non-mapped page the code performs a copy of the page content and
  22 all relevant meta-data of the page without doing the required D-cache
  23 maintenance.  This leaves dirty data in the D-cache of the CPU and on
  24 the 1004K cores this data is not visible to the I-cache.  A subsequent
  25 page-fault that triggers a mapping of the page will happily serve the
  26 process with potentially stale code.
  27
  28 What about ARM then, this bug should have seen greater exposure? Well
  29 ARM became immune to this flaw back in 2010, see commit c01778001a4f
  30 ("ARM: 6379/1: Assume new page cache pages have dirty D-cache").
  31
  32 My proposed fix moves the D-cache maintenance inside move_to_new_page to
  33 make it common for both cases.
  34
  35 Link: http://lkml.kernel.org/r/20190315083502.11849-1-larper@axis.com
  36 Fixes: 97ee0524614 ("flush cache before installing new page at migraton")
  37 Signed-off-by: Lars Persson <larper@axis.com>
  38 Reviewed-by: Paul Burton <paul.burton@mips.com>
  39 Acked-by: Mel Gorman <mgorman@techsingularity.net>
  40 Cc: Ralf Baechle <ralf@linux-mips.org>
  41 Cc: <stable@vger.kernel.org>
  42 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
  43 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  44 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  45
  46 ---
  47  mm/migrate.c |   11 ++++++++---
  48  1 file changed, 8 insertions(+), 3 deletions(-)
  49
  50 --- a/mm/migrate.c
  51 +++ b/mm/migrate.c
  52 @@ -248,10 +248,8 @@ static bool remove_migration_pte(struct
  53                                 pte = swp_entry_to_pte(entry);
  54                         } else if (is_device_public_page(new)) {
  55                                 pte = pte_mkdevmap(pte);
  56 -                               flush_dcache_page(new);
  57                         }
  58 -               } else
  59 -                       flush_dcache_page(new);
  60 +               }
  61
  62  #ifdef CONFIG_HUGETLB_PAGE
  63                 if (PageHuge(new)) {
  64 @@ -995,6 +993,13 @@ static int move_to_new_page(struct page
  65                  */
  66                 if (!PageMappingFlags(page))
  67                         page->mapping = NULL;
  68 +
  69 +               if (unlikely(is_zone_device_page(newpage))) {
  70 +                       if (is_device_public_page(newpage))
  71 +                               flush_dcache_page(newpage);
  72 +               } else
  73 +                       flush_dcache_page(newpage);
  74 +
  75         }
  76  out:
  77         return rc;