forked from luck/tmp_suning_uos_patched
d6d66dbd5a
commit 588a513d34257fdde95a9f0df0202e31998e85c6 upstream. To ensure that instructions are observable in a new mapping, the arm64 set_pte_at() implementation cleans the D-cache and invalidates the I-cache to the PoU. As an optimisation, this is only done on executable mappings and the PG_dcache_clean page flag is set to avoid future cache maintenance on the same page. When two different processes map the same page (e.g. private executable file or shared mapping) there's a potential race on checking and setting PG_dcache_clean via set_pte_at() -> __sync_icache_dcache(). While on the fault paths the page is locked (PG_locked), mprotect() does not take the page lock. The result is that one process may see the PG_dcache_clean flag set but the I/D cache maintenance not yet performed. Avoid test_and_set_bit(PG_dcache_clean) in favour of separate test_bit() and set_bit(). In the rare event of a race, the cache maintenance is done twice. Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Cc: <stable@vger.kernel.org> Cc: Will Deacon <will@kernel.org> Cc: Steven Price <steven.price@arm.com> Reviewed-by: Steven Price <steven.price@arm.com> Acked-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20210514095001.13236-1-catalin.marinas@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
97 lines
2.3 KiB
C
97 lines
2.3 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Based on arch/arm/mm/flush.c
|
|
*
|
|
* Copyright (C) 1995-2002 Russell King
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/pagemap.h>
|
|
|
|
#include <asm/cacheflush.h>
|
|
#include <asm/cache.h>
|
|
#include <asm/tlbflush.h>
|
|
|
|
void sync_icache_aliases(void *kaddr, unsigned long len)
|
|
{
|
|
unsigned long addr = (unsigned long)kaddr;
|
|
|
|
if (icache_is_aliasing()) {
|
|
__clean_dcache_area_pou(kaddr, len);
|
|
__flush_icache_all();
|
|
} else {
|
|
/*
|
|
* Don't issue kick_all_cpus_sync() after I-cache invalidation
|
|
* for user mappings.
|
|
*/
|
|
__flush_icache_range(addr, addr + len);
|
|
}
|
|
}
|
|
|
|
static void flush_ptrace_access(struct vm_area_struct *vma, struct page *page,
|
|
unsigned long uaddr, void *kaddr,
|
|
unsigned long len)
|
|
{
|
|
if (vma->vm_flags & VM_EXEC)
|
|
sync_icache_aliases(kaddr, len);
|
|
}
|
|
|
|
/*
|
|
* Copy user data from/to a page which is mapped into a different processes
|
|
* address space. Really, we want to allow our "user space" model to handle
|
|
* this.
|
|
*/
|
|
void copy_to_user_page(struct vm_area_struct *vma, struct page *page,
|
|
unsigned long uaddr, void *dst, const void *src,
|
|
unsigned long len)
|
|
{
|
|
memcpy(dst, src, len);
|
|
flush_ptrace_access(vma, page, uaddr, dst, len);
|
|
}
|
|
|
|
void __sync_icache_dcache(pte_t pte)
|
|
{
|
|
struct page *page = pte_page(pte);
|
|
|
|
if (!test_bit(PG_dcache_clean, &page->flags)) {
|
|
sync_icache_aliases(page_address(page), page_size(page));
|
|
set_bit(PG_dcache_clean, &page->flags);
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(__sync_icache_dcache);
|
|
|
|
/*
|
|
* This function is called when a page has been modified by the kernel. Mark
|
|
* it as dirty for later flushing when mapped in user space (if executable,
|
|
* see __sync_icache_dcache).
|
|
*/
|
|
void flush_dcache_page(struct page *page)
|
|
{
|
|
if (test_bit(PG_dcache_clean, &page->flags))
|
|
clear_bit(PG_dcache_clean, &page->flags);
|
|
}
|
|
EXPORT_SYMBOL(flush_dcache_page);
|
|
|
|
/*
|
|
* Additional functions defined in assembly.
|
|
*/
|
|
EXPORT_SYMBOL(__flush_icache_range);
|
|
|
|
#ifdef CONFIG_ARCH_HAS_PMEM_API
|
|
void arch_wb_cache_pmem(void *addr, size_t size)
|
|
{
|
|
/* Ensure order against any prior non-cacheable writes */
|
|
dmb(osh);
|
|
__clean_dcache_area_pop(addr, size);
|
|
}
|
|
EXPORT_SYMBOL_GPL(arch_wb_cache_pmem);
|
|
|
|
void arch_invalidate_pmem(void *addr, size_t size)
|
|
{
|
|
__inval_dcache_area(addr, size);
|
|
}
|
|
EXPORT_SYMBOL_GPL(arch_invalidate_pmem);
|
|
#endif
|