From 8fbca24a16413f751b5369df344a67bf08f47ea5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 20 Apr 2012 09:15:29 -0700 Subject: [PATCH] 3.0-stable patches added patches: s390-fix-tlb-flushing-for-page-table-pages.patch --- ...ix-tlb-flushing-for-page-table-pages.patch | 231 ++++++++++++++++++ queue-3.0/series | 1 + 2 files changed, 232 insertions(+) create mode 100644 queue-3.0/s390-fix-tlb-flushing-for-page-table-pages.patch diff --git a/queue-3.0/s390-fix-tlb-flushing-for-page-table-pages.patch b/queue-3.0/s390-fix-tlb-flushing-for-page-table-pages.patch new file mode 100644 index 00000000000..4238197abb4 --- /dev/null +++ b/queue-3.0/s390-fix-tlb-flushing-for-page-table-pages.patch @@ -0,0 +1,231 @@ +From cd94154cc6a28dd9dc271042c1a59c08d26da886 Mon Sep 17 00:00:00 2001 +From: Martin Schwidefsky +Date: Wed, 11 Apr 2012 14:28:07 +0200 +Subject: S390: fix tlb flushing for page table pages + +From: Martin Schwidefsky + +commit cd94154cc6a28dd9dc271042c1a59c08d26da886 upstream. + +Git commit 36409f6353fc2d7b6516e631415f938eadd92ffa "use generic RCU +page-table freeing code" introduced a tlb flushing bug. Partially revert +the above git commit and go back to s390 specific page table flush code. + +For s390 the TLB can contain three types of entries, "normal" TLB +page-table entries, TLB combined region-and-segment-table (CRST) entries +and real-space entries. Linux does not use real-space entries which +leaves normal TLB entries and CRST entries. The CRST entries are +intermediate steps in the page-table translation called translation paths. +For example a 4K page access in a three-level page table setup will +create two CRST TLB entries and one page-table TLB entry. The advantage +of that approach is that a page access next to the previous one can reuse +the CRST entries and needs just a single read from memory to create the +page-table TLB entry. The disadvantage is that the TLB flushing rules are +more complicated, before any page-table may be freed the TLB needs to be +flushed. + +In short: the generic RCU page-table freeing code is incorrect for the +CRST entries, in particular the check for mm_users < 2 is troublesome. + +This is applicable to 3.0+ kernels. + +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/Kconfig | 1 + arch/s390/include/asm/pgalloc.h | 3 - + arch/s390/include/asm/tlb.h | 22 ------------- + arch/s390/mm/pgtable.c | 63 ++++++++++++++++++++++++++++++++++++++-- + 4 files changed, 61 insertions(+), 28 deletions(-) + +--- a/arch/s390/Kconfig ++++ b/arch/s390/Kconfig +@@ -89,7 +89,6 @@ config S390 + select HAVE_GET_USER_PAGES_FAST + select HAVE_ARCH_MUTEX_CPU_RELAX + select HAVE_ARCH_JUMP_LABEL if !MARCH_G5 +- select HAVE_RCU_TABLE_FREE if SMP + select ARCH_INLINE_SPIN_TRYLOCK + select ARCH_INLINE_SPIN_TRYLOCK_BH + select ARCH_INLINE_SPIN_LOCK +--- a/arch/s390/include/asm/pgalloc.h ++++ b/arch/s390/include/asm/pgalloc.h +@@ -22,10 +22,7 @@ void crst_table_free(struct mm_struct *, + + unsigned long *page_table_alloc(struct mm_struct *); + void page_table_free(struct mm_struct *, unsigned long *); +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + void page_table_free_rcu(struct mmu_gather *, unsigned long *); +-void __tlb_remove_table(void *_table); +-#endif + + static inline void clear_table(unsigned long *s, unsigned long val, size_t n) + { +--- a/arch/s390/include/asm/tlb.h ++++ b/arch/s390/include/asm/tlb.h +@@ -30,14 +30,10 @@ + + struct mmu_gather { + struct mm_struct *mm; +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + struct mmu_table_batch *batch; +-#endif + unsigned int fullmm; +- unsigned int need_flush; + }; + +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + struct mmu_table_batch { + struct rcu_head rcu; + unsigned int nr; +@@ -49,7 +45,6 @@ struct mmu_table_batch { + + extern void tlb_table_flush(struct mmu_gather *tlb); + extern void tlb_remove_table(struct mmu_gather *tlb, void *table); +-#endif + + static inline void tlb_gather_mmu(struct mmu_gather *tlb, + struct mm_struct *mm, +@@ -57,29 +52,20 @@ static inline void tlb_gather_mmu(struct + { + tlb->mm = mm; + tlb->fullmm = full_mm_flush; +- tlb->need_flush = 0; +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + tlb->batch = NULL; +-#endif + if (tlb->fullmm) + __tlb_flush_mm(mm); + } + + static inline void tlb_flush_mmu(struct mmu_gather *tlb) + { +- if (!tlb->need_flush) +- return; +- tlb->need_flush = 0; +- __tlb_flush_mm(tlb->mm); +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + tlb_table_flush(tlb); +-#endif + } + + static inline void tlb_finish_mmu(struct mmu_gather *tlb, + unsigned long start, unsigned long end) + { +- tlb_flush_mmu(tlb); ++ tlb_table_flush(tlb); + } + + /* +@@ -105,10 +91,8 @@ static inline void tlb_remove_page(struc + static inline void pte_free_tlb(struct mmu_gather *tlb, pgtable_t pte, + unsigned long address) + { +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + if (!tlb->fullmm) + return page_table_free_rcu(tlb, (unsigned long *) pte); +-#endif + page_table_free(tlb->mm, (unsigned long *) pte); + } + +@@ -125,10 +109,8 @@ static inline void pmd_free_tlb(struct m + #ifdef __s390x__ + if (tlb->mm->context.asce_limit <= (1UL << 31)) + return; +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + if (!tlb->fullmm) + return tlb_remove_table(tlb, pmd); +-#endif + crst_table_free(tlb->mm, (unsigned long *) pmd); + #endif + } +@@ -146,10 +128,8 @@ static inline void pud_free_tlb(struct m + #ifdef __s390x__ + if (tlb->mm->context.asce_limit <= (1UL << 42)) + return; +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE + if (!tlb->fullmm) + return tlb_remove_table(tlb, pud); +-#endif + crst_table_free(tlb->mm, (unsigned long *) pud); + #endif + } +--- a/arch/s390/mm/pgtable.c ++++ b/arch/s390/mm/pgtable.c +@@ -243,8 +243,6 @@ void page_table_free(struct mm_struct *m + } + } + +-#ifdef CONFIG_HAVE_RCU_TABLE_FREE +- + static void __page_table_free_rcu(void *table, unsigned bit) + { + struct page *page; +@@ -301,7 +299,66 @@ void __tlb_remove_table(void *_table) + free_pages((unsigned long) table, ALLOC_ORDER); + } + +-#endif ++static void tlb_remove_table_smp_sync(void *arg) ++{ ++ /* Simply deliver the interrupt */ ++} ++ ++static void tlb_remove_table_one(void *table) ++{ ++ /* ++ * This isn't an RCU grace period and hence the page-tables cannot be ++ * assumed to be actually RCU-freed. ++ * ++ * It is however sufficient for software page-table walkers that rely ++ * on IRQ disabling. See the comment near struct mmu_table_batch. ++ */ ++ smp_call_function(tlb_remove_table_smp_sync, NULL, 1); ++ __tlb_remove_table(table); ++} ++ ++static void tlb_remove_table_rcu(struct rcu_head *head) ++{ ++ struct mmu_table_batch *batch; ++ int i; ++ ++ batch = container_of(head, struct mmu_table_batch, rcu); ++ ++ for (i = 0; i < batch->nr; i++) ++ __tlb_remove_table(batch->tables[i]); ++ ++ free_page((unsigned long)batch); ++} ++ ++void tlb_table_flush(struct mmu_gather *tlb) ++{ ++ struct mmu_table_batch **batch = &tlb->batch; ++ ++ if (*batch) { ++ __tlb_flush_mm(tlb->mm); ++ call_rcu_sched(&(*batch)->rcu, tlb_remove_table_rcu); ++ *batch = NULL; ++ } ++} ++ ++void tlb_remove_table(struct mmu_gather *tlb, void *table) ++{ ++ struct mmu_table_batch **batch = &tlb->batch; ++ ++ if (*batch == NULL) { ++ *batch = (struct mmu_table_batch *) ++ __get_free_page(GFP_NOWAIT | __GFP_NOWARN); ++ if (*batch == NULL) { ++ __tlb_flush_mm(tlb->mm); ++ tlb_remove_table_one(table); ++ return; ++ } ++ (*batch)->nr = 0; ++ } ++ (*batch)->tables[(*batch)->nr++] = table; ++ if ((*batch)->nr == MAX_TABLE_BATCH) ++ tlb_table_flush(tlb); ++} + + /* + * switch on pgstes for its userspace process (for kvm) diff --git a/queue-3.0/series b/queue-3.0/series index 5accf1d3306..922380bf91c 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -57,3 +57,4 @@ futex-do-not-leak-robust-list-to-unprivileged-process.patch drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch drm-radeon-disable-msi-on-rv515.patch drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch +s390-fix-tlb-flushing-for-page-table-pages.patch -- 2.47.3