From nobody Tue Feb 22 14:41:11 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 818B919CC9C6; Tue, 22 Feb 2022 14:41:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K320m0WPqz543q; Tue, 22 Feb 2022 14:41:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645540872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LLpIfw9KNdi8NXa3xo3igj7x02vOgyb5m7nvbUU9d/M=; b=V1uVnrOms30WI1VhBDRECFowgdY/AXsQbftkyNyVQrXoS98SIHV1MXxYsqBtMab2c8Jzc1 1mJLboociBMEtSz2pI88b3tRCLflHxI4CRcYUxLgqGVZtgJf7+2qkNRwPoRFcxFjAWFXiB xMUDAVlOoK6WRPjie8a2Z58mBbheexn5H0KdABdMsv5Bu8zOcaOiQdomsrwiDo0Jxql71R asKFyczrArozjNcnXwDHGpbzgGwUltJspos74HSDRhEYOAP0SRioEydVgwJo78n40SVjOR Epx6P0xnLyyBJWQ5DBT1gJDtfQaxANOnXKYfaNMsGATtaHzwkZJlmxzVszf3EQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E6ED626100; Tue, 22 Feb 2022 14:41:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21MEfB8E003997; Tue, 22 Feb 2022 14:41:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21MEfBQ7003996; Tue, 22 Feb 2022 14:41:11 GMT (envelope-from git) Date: Tue, 22 Feb 2022 14:41:11 GMT Message-Id: <202202221441.21MEfBQ7003996@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: d5c0a7b6d392 - main - riscv: Fix another race in pmap_pinit() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d5c0a7b6d3923d2a6967810d0aa3e148a39351c1 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645540872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LLpIfw9KNdi8NXa3xo3igj7x02vOgyb5m7nvbUU9d/M=; b=T70gdyLB8ORyotdzPl4u+Y/M1vnoHtF60nvTLLAPoQQEGuGCr1AUEkW/YwRgHnQsaP/pvJ 8C5PCwi3+mHUyFbItLFwXTgHUO3h/KNr/f0ZCCt74ODvqrXJ5cXWXWVhH9sLePnFSRkOsc +X1n/k+gO01bCeHWmOfP/e3vFvR8/DDKQ22Rlfu+zMukPG1tAwRnI0uEaQN8RtzawUod1k R8zL921FlwJSGJZUQuZl48PWFVcSOSdQxp49BIOSlpvlMNlb31UQyaNInBGyvoRFuCE4UE swLY3JsFPGE8NN9lj7BSmVAePoBAMB2F3DVzT6T4A6lvxHkJTE/xgSOaKYhNOg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645540872; a=rsa-sha256; cv=none; b=ZHSGYOPWyg+bkY5UL/IKIM0M1xM2gyEYRMPxZPeAqkSfPgC4jav1AdCRGxojr7YVBVMtzf +ETZsqo4lIw63KOeqh0q6bAJ83F13fwFqhSEkVnbTjGHZYmJ2eNSxdT8h6NrkiFmfZ+dJx HLv//pxufHmQxghcvXr6S4aeL/v8KPh/YOI4jwE00yg0OxfKeBHWwcFGkVElUXkwXiHgx1 JNnGy7Bh4n2nu6vImj4+7bxTnNJXp69UCFQ3DTJeTZ2Bu/Ue7NByRs0vf2mRxBmPDX73ms V3DxEnIFTAOl5/3OSehrFKhdkr4m2zxj0v7OhlJJYKMJArT1IYVkrKeQMM8GTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d5c0a7b6d3923d2a6967810d0aa3e148a39351c1 commit d5c0a7b6d3923d2a6967810d0aa3e148a39351c1 Author: Mark Johnston AuthorDate: 2022-02-22 14:26:33 +0000 Commit: Mark Johnston CommitDate: 2022-02-22 14:26:33 +0000 riscv: Fix another race in pmap_pinit() Commit c862d5f2a789 ("riscv: Fix a race in pmap_pinit()") did not really fix the race. Alan writes, Suppose that N entries in the L1 tables are in use, and we are in the middle of the memcpy(). Specifically, we have read the zero-filled (N+1)st entry from the kernel L1 table. Then, we are preempted. Now, another core/thread does pmap_growkernel(), which fills the (N+1)st entry. Finally, we return to the original core/thread, and overwrite the valid entry with the zero that we earlier read. Try to fix the race properly, by copying kernel L1 entries while holding the allpmaps lock. To avoid doing unnecessary work while holding this global lock, copy only the entries that we expect to be valid. Fixes: c862d5f2a789 ("riscv: Fix a race in pmap_pinit()") Reported by: alc, jrtc27 Reviewed by: alc MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34267 --- sys/riscv/riscv/pmap.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sys/riscv/riscv/pmap.c b/sys/riscv/riscv/pmap.c index 0607b82c88e6..0ccb31b9deb0 100644 --- a/sys/riscv/riscv/pmap.c +++ b/sys/riscv/riscv/pmap.c @@ -1231,12 +1231,20 @@ pmap_pinit(pmap_t pmap) CPU_ZERO(&pmap->pm_active); + /* + * Copy L1 entries from the kernel pmap. This must be done with the + * allpmaps lock held to avoid races with pmap_distribute_l1(). + */ mtx_lock(&allpmaps_lock); LIST_INSERT_HEAD(&allpmaps, pmap, pm_list); + for (size_t i = pmap_l1_index(VM_MIN_KERNEL_ADDRESS); + i < pmap_l1_index(VM_MAX_KERNEL_ADDRESS); i++) + pmap->pm_l1[i] = kernel_pmap->pm_l1[i]; + for (size_t i = pmap_l1_index(DMAP_MIN_ADDRESS); + i < pmap_l1_index(DMAP_MAX_ADDRESS); i++) + pmap->pm_l1[i] = kernel_pmap->pm_l1[i]; mtx_unlock(&allpmaps_lock); - memcpy(pmap->pm_l1, kernel_pmap->pm_l1, PAGE_SIZE); - vm_radix_init(&pmap->pm_root); return (1);