linux/arch/x86/mm
Ingo Molnar 9a24d04a3c x86: fix global_flush_tlb() bug
While we were reviewing pageattr_32/64.c for unification,
Thomas Gleixner noticed the following serious SMP bug in
global_flush_tlb():

	down_read(&init_mm.mmap_sem);
	list_replace_init(&deferred_pages, &l);
	up_read(&init_mm.mmap_sem);

this is SMP-unsafe because list_replace_init() done on two CPUs in
parallel can corrupt the list.

This bug has been introduced about a year ago in the 64-bit tree:

       commit ea7322decb
       Author: Andi Kleen <ak@suse.de>
       Date:   Thu Dec 7 02:14:05 2006 +0100

       [PATCH] x86-64: Speed and clean up cache flushing in change_page_attr

                down_read(&init_mm.mmap_sem);
        -       dpage = xchg(&deferred_pages, NULL);
        +       list_replace_init(&deferred_pages, &l);
                up_read(&init_mm.mmap_sem);

the xchg() based version was SMP-safe, but list_replace_init() is not.
So this "cleanup" introduced a nasty bug.

why this bug never become prominent is a mystery - it can probably be
explained with the (still) relative obscurity of the x86_64 architecture.

the safe fix for now is to write-lock init_mm.mmap_sem.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2007-10-19 12:19:26 +02:00
..
boot_ioremap_32.c i386: move mm 2007-10-11 11:16:47 +02:00
discontig_32.c i386: make some variables static 2007-10-17 20:15:56 +02:00
extable_32.c i386: move mm 2007-10-11 11:16:47 +02:00
extable_64.c x86_64: move mm 2007-10-11 11:17:18 +02:00
fault_32.c x86: convert mm_context_t semaphore to a mutex 2007-10-17 20:17:05 +02:00
fault_64.c x86: optimize page faults like all other achitectures and kill notifier cruft 2007-10-16 09:42:50 -07:00
highmem_32.c i386: move mm 2007-10-11 11:16:47 +02:00
hugetlbpage.c i386: move mm 2007-10-11 11:16:47 +02:00
init_32.c Merge ssh://master.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-x86 2007-10-17 13:13:16 -07:00
init_64.c fix memory hot remove not configured case. 2007-10-16 09:43:02 -07:00
ioremap_32.c i386: move mm 2007-10-11 11:16:47 +02:00
ioremap_64.c x86_64: move mm 2007-10-11 11:17:18 +02:00
k8topology_64.c x86_64: move mm 2007-10-11 11:17:18 +02:00
Makefile x86_64: move mm 2007-10-11 11:17:18 +02:00
Makefile_32 i386: move mm 2007-10-11 11:16:47 +02:00
Makefile_64 x86_64: move mm 2007-10-11 11:17:18 +02:00
mmap_32.c i386: move mm 2007-10-11 11:16:47 +02:00
mmap_64.c x86_64: move mm 2007-10-11 11:17:18 +02:00
numa_64.c x86: fix cpu_to_node references 2007-10-17 20:16:37 +02:00
pageattr_32.c x86: Create clflush() inline, remove hardcoded wbinvd 2007-10-17 20:16:12 +02:00
pageattr_64.c x86: fix global_flush_tlb() bug 2007-10-19 12:19:26 +02:00
pgtable_32.c x86: stop nmi softlockup warnings in show_mem() 2007-10-17 20:15:41 +02:00
srat_64.c x86: fix cpu_to_node references 2007-10-17 20:16:37 +02:00