From owner-svn-src-stable-12@freebsd.org Fri May 8 14:10:30 2020 Return-Path: Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 747D42D854E; Fri, 8 May 2020 14:10:30 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49JXKf2G1Dz3Ljr; Fri, 8 May 2020 14:10:30 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4438737DE; Fri, 8 May 2020 14:10:30 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 048EAURp037348; Fri, 8 May 2020 14:10:30 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 048EAULJ037347; Fri, 8 May 2020 14:10:30 GMT (envelope-from markj@FreeBSD.org) Message-Id: <202005081410.048EAULJ037347@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Fri, 8 May 2020 14:10:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r360809 - stable/12/sys/mips/mips X-SVN-Group: stable-12 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: stable/12/sys/mips/mips X-SVN-Commit-Revision: 360809 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.32 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 May 2020 14:10:30 -0000 Author: markj Date: Fri May 8 14:10:29 2020 New Revision: 360809 URL: https://svnweb.freebsd.org/changeset/base/360809 Log: MFC r360281: Fix a race in pmap_emulate_modified(). Modified: stable/12/sys/mips/mips/pmap.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/mips/mips/pmap.c ============================================================================== --- stable/12/sys/mips/mips/pmap.c Fri May 8 05:30:10 2020 (r360808) +++ stable/12/sys/mips/mips/pmap.c Fri May 8 14:10:29 2020 (r360809) @@ -3441,28 +3441,71 @@ pmap_emulate_modified(pmap_t pmap, vm_offset_t va) PMAP_LOCK(pmap); pte = pmap_pte(pmap, va); - if (pte == NULL) - panic("pmap_emulate_modified: can't find PTE"); -#ifdef SMP - /* It is possible that some other CPU changed m-bit */ - if (!pte_test(pte, PTE_V) || pte_test(pte, PTE_D)) { + + /* + * It is possible that some other CPU or thread changed the pmap while + * we weren't looking; in the SMP case, this is readily apparent, but + * it can even happen in the UP case, because we may have been blocked + * on PMAP_LOCK(pmap) above while someone changed this out from + * underneath us. + */ + + if (pte == NULL) { + /* + * This PTE's PTP (or one of its ancestors) has been reclaimed; + * trigger a full fault to reconstruct it via pmap_enter. + */ + PMAP_UNLOCK(pmap); + return (1); + } + + if (!pte_test(pte, PTE_V)) { + /* + * This PTE is no longer valid; the other thread or other + * processor must have arranged for our TLB to no longer + * have this entry, possibly by IPI, so no tlb_update is + * required. Fall out of the fast path and go take a + * general fault before retrying the instruction (or taking + * a signal). + */ + PMAP_UNLOCK(pmap); + return (1); + } + + if (pte_test(pte, PTE_D)) { + /* + * This PTE is valid and has the PTE_D bit asserted; since + * this is an increase in permission, we may have been expected + * to update the TLB lazily. Do so here and return, on the + * fast path, to retry the instruction. + */ tlb_update(pmap, va, *pte); PMAP_UNLOCK(pmap); return (0); } -#else - if (!pte_test(pte, PTE_V) || pte_test(pte, PTE_D)) - panic("pmap_emulate_modified: invalid pte"); -#endif + if (pte_test(pte, PTE_RO)) { + /* + * This PTE is valid, not dirty, and read-only. Go take a + * full fault (most likely to upgrade this part of the address + * space to writeable). + */ PMAP_UNLOCK(pmap); return (1); } - pte_set(pte, PTE_D); - tlb_update(pmap, va, *pte); + if (!pte_test(pte, PTE_MANAGED)) panic("pmap_emulate_modified: unmanaged page"); + + /* + * PTE is valid, managed, not dirty, and not read-only. Set PTE_D + * and eagerly update the local TLB, returning on the fast path. + */ + + pte_set(pte, PTE_D); + tlb_update(pmap, va, *pte); PMAP_UNLOCK(pmap); + return (0); }