linux/include
Nick Piggin 362a61ad61 fix SMP data race in pagetable setup vs walking
There is a possible data race in the page table walking code. After the split
ptlock patches, it actually seems to have been introduced to the core code, but
even before that I think it would have impacted some architectures (powerpc
and sparc64, at least, walk the page tables without taking locks eg. see
find_linux_pte()).

The race is as follows:
The pte page is allocated, zeroed, and its struct page gets its spinlock
initialized. The mm-wide ptl is then taken, and then the pte page is inserted
into the pagetables.

At this point, the spinlock is not guaranteed to have ordered the previous
stores to initialize the pte page with the subsequent store to put it in the
page tables. So another Linux page table walker might be walking down (without
any locks, because we have split-leaf-ptls), and find that new pte we've
inserted. It might try to take the spinlock before the store from the other
CPU initializes it. And subsequently it might read a pte_t out before stores
from the other CPU have cleared the memory.

There are also similar races in higher levels of the page tables. They
obviously don't involve the spinlock, but could see uninitialized memory.

Arch code and hardware pagetable walkers that walk the pagetables without
locks could see similar uninitialized memory problems, regardless of whether
split ptes are enabled or not.

I prefer to put the barriers in core code, because that's where the higher
level logic happens, but the page table accessors are per-arch, and open-coding
them everywhere I don't think is an option. I'll put the read-side barriers
in alpha arch code for now (other architectures perform data-dependent loads
in order).

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-05-14 10:05:18 -07:00
..
acpi
asm-alpha fix SMP data race in pagetable setup vs walking 2008-05-14 10:05:18 -07:00
asm-arm [ARM] pxa: Fix RCSR handling 2008-05-08 18:04:02 +01:00
asm-avr32 avr32: types: use <asm-generic/int-*.h> for the avr32 architecture 2008-05-02 16:18:20 -07:00
asm-blackfin Blackfin Serial Driver: abstract away DLAB differences into header 2008-05-07 11:41:26 +08:00
asm-cris cris: types: use <asm-generic/int-*.h> for the cris architecture 2008-05-02 16:18:20 -07:00
asm-frv read_barrier_depends arch fixlets 2008-05-14 10:05:18 -07:00
asm-generic types: add C99-style constructors to <asm-generic/int-*.h> 2008-05-02 16:18:42 -07:00
asm-h8300 h8300: types: use <asm-generic/int-*.h> for the h8300 architecture 2008-05-02 16:18:21 -07:00
asm-ia64 ia64: types: use <asm-generic/int-*.h> for the ia64 architecture 2008-05-02 16:18:21 -07:00
asm-m32r m32r: types: use <asm-generic/int-*.h> for the m32r architecture 2008-05-02 16:18:21 -07:00
asm-m68k m68k: remove old mac_esp cruft 2008-05-05 12:38:50 -07:00
asm-m68knommu m68knommu: rework definition of HZ 2008-05-01 08:08:36 -07:00
asm-mips [MIPS] Get rid of __ilog2 2008-05-12 16:46:55 +01:00
asm-mn10300 MN10300: Make cpu_relax() invoke barrier() 2008-05-08 10:49:39 -07:00
asm-parisc parisc: types: use <asm-generic/int-*.h> for the parisc architecture 2008-05-02 16:18:32 -07:00
asm-powerpc Merge branch 'for-2.6.26' of master.kernel.org:/pub/scm/linux/kernel/git/jwboyer/powerpc-4xx into merge 2008-05-09 20:12:06 +10:00
asm-ppc [POWERPC] ppc: More compile fixes 2008-05-12 22:57:51 +10:00
asm-s390 types: s390: fix #ifdef reversal in <asm-s390/types.h> 2008-05-12 08:49:59 -07:00
asm-sh sh: Fix DMAC base address for SH7709S 2008-05-09 19:04:12 +09:00
asm-sparc sparc32: Fix build. 2008-05-11 15:47:05 -07:00
asm-sparc64 sparc: Fix debugger syscall restart interactions. 2008-05-11 02:07:19 -07:00
asm-um uml: random driver fixes 2008-05-13 08:02:22 -07:00
asm-v850 v850: types: use <asm-generic/int-*.h> for the v850 architecture 2008-05-02 16:18:41 -07:00
asm-x86 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86 2008-05-10 21:10:48 -07:00
asm-xtensa xtensa: types: use <asm-generic/int-*.h> for the xtensa architecture 2008-05-02 16:18:42 -07:00
crypto [CRYPTO] api: Fix scatterwalk_sg_chain 2008-05-01 18:22:28 +08:00
keys
linux fuse: add flag to turn on big writes 2008-05-13 08:02:26 -07:00
math-emu
media i2c: Convert some more new-style drivers to use module aliasing 2008-05-11 20:37:06 +02:00
mtd
net ip: Make use of the inline function dst_metric_locked() 2008-05-04 22:12:43 -07:00
pcmcia
rdma IB: expand ib_umem_get() prototype 2008-04-29 08:06:12 -07:00
rxrpc
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-05-02 13:52:35 -07:00
sound [ALSA] ASoC: build fix for snd_soc_info_bool_ext 2008-05-13 14:47:44 +02:00
video fbdev: platforming hecubafb and n411 2008-04-28 08:58:41 -07:00
xen
Kbuild