From nobody Tue Mar 01 15:17:52 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3129F19E8871; Tue, 1 Mar 2022 15:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K7LTs0d1Tz3kCn; Tue, 1 Mar 2022 15:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646147873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JTWZqKQNKCk0sNg39vm+g9GpDYlgP8n5koLOy8AdNWA=; b=omW6EekZtUBOo/CMt4p+/MfD6K4lcykn0JrFsNSlFdiIJ5+bqM0T3ddy2UzB+xjsOrEmKo KS1qSbfvrFqGCwVz6fhPGbk2SqgYWee8lBMI80mG7BUPyPT16gozF6bBuhLPUuSIYRYY1b yxkZJiwC9UuuhHgFc7XYxvm6BwOUGxWI1UnGZg7YClC7xPLIHsCnshag/VQg9sRfLi00AZ 5vxjLqX5QyHonGKmyl4pUnB8TrtQ6rDWDKFhpF0H6l2NxV3SjV3asc12PNugQRLK4JmC3l g3LdOi1xCsRDUfKiOKfZIlEfAdeuxljd4s4gAtaPa5EJWgfBrZa/1yIt4t+Crw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EAE5C11ECD; Tue, 1 Mar 2022 15:17:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 221FHqSr092661; Tue, 1 Mar 2022 15:17:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 221FHqql092660; Tue, 1 Mar 2022 15:17:52 GMT (envelope-from git) Date: Tue, 1 Mar 2022 15:17:52 GMT Message-Id: <202203011517.221FHqql092660@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 302c42610337 - stable/13 - riscv: Fix another race in pmap_pinit() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 302c426103379da3d7bdd4bafff4ada807e2ffbb Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646147873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JTWZqKQNKCk0sNg39vm+g9GpDYlgP8n5koLOy8AdNWA=; b=Ic1CIOEWQ0ZgLbzvbpBzgqnc6Jaek48F/4QZM9WsTaeXqAM5E5I8j6Uic8svPJukopYPMC Hmn7bwb3l48KrvI0wtQetMPe+sfdFo3+GTBuPOxKQENM9e2dPdjwRidWxSKggO9kbS00nk mQb/thPn66ba+7ECDqo0RfTfT6E8MjPwZuIV2MdM0drhzVdl4cCo2Hfevej8L3Tu8Org19 KHYaurABWJMUsAxzT+pKrFFf5cHorIqyuR/3aflPz60Bn8MhV4+j2YQ9HdsJGkxvC1c4Vh fSH2cIX3id9StuI51NmPVlllxv3oHSDc5f35fQKhKkQ7LssOlPsQxtoXwd0Eaw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646147873; a=rsa-sha256; cv=none; b=Vb8N15C+qqIOnf7dXeEnJWLsyfwx7nZhCY9bOH8eLjFQNxxBipRyJELWhQyqnKailQKq0l niTLG48UVS0SnY0jlXNqpqZX9SEPgAnEl6xUumd8Wjwa23uvg3zljoKvvPJmOh1MRGAT0m wddizGaQZuBE6yN8hnk2dTujjbkxh02Hw8QDZTOr7ieYK+P58q+qedgMPsVBiBQeMkZZIN JT2biAW49FZx5u3YY5PRdUSmrLdRvnCDf1i1ezQrZrUJIMht435vUg9OYd9rK9W9/DPhMB C411sMynXvI5HwID1Oj3tnPQ3lTkRaxqLpEMRDjzt1Fhh4qxcuocCllb68zT0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=302c426103379da3d7bdd4bafff4ada807e2ffbb commit 302c426103379da3d7bdd4bafff4ada807e2ffbb Author: Mark Johnston AuthorDate: 2022-02-22 14:26:33 +0000 Commit: Mark Johnston CommitDate: 2022-03-01 15:17:40 +0000 riscv: Fix another race in pmap_pinit() Commit c862d5f2a789 ("riscv: Fix a race in pmap_pinit()") did not really fix the race. Alan writes, Suppose that N entries in the L1 tables are in use, and we are in the middle of the memcpy(). Specifically, we have read the zero-filled (N+1)st entry from the kernel L1 table. Then, we are preempted. Now, another core/thread does pmap_growkernel(), which fills the (N+1)st entry. Finally, we return to the original core/thread, and overwrite the valid entry with the zero that we earlier read. Try to fix the race properly, by copying kernel L1 entries while holding the allpmaps lock. To avoid doing unnecessary work while holding this global lock, copy only the entries that we expect to be valid. Fixes: c862d5f2a789 ("riscv: Fix a race in pmap_pinit()") Reported by: alc, jrtc27 Reviewed by: alc Sponsored by: The FreeBSD Foundation (cherry picked from commit d5c0a7b6d3923d2a6967810d0aa3e148a39351c1) --- sys/riscv/riscv/pmap.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/sys/riscv/riscv/pmap.c b/sys/riscv/riscv/pmap.c index 97f96ebdf99e..91af051cf559 100644 --- a/sys/riscv/riscv/pmap.c +++ b/sys/riscv/riscv/pmap.c @@ -1231,12 +1231,20 @@ pmap_pinit(pmap_t pmap) CPU_ZERO(&pmap->pm_active); + /* + * Copy L1 entries from the kernel pmap. This must be done with the + * allpmaps lock held to avoid races with pmap_distribute_l1(). + */ mtx_lock(&allpmaps_lock); LIST_INSERT_HEAD(&allpmaps, pmap, pm_list); + for (size_t i = pmap_l1_index(VM_MIN_KERNEL_ADDRESS); + i < pmap_l1_index(VM_MAX_KERNEL_ADDRESS); i++) + pmap->pm_l1[i] = kernel_pmap->pm_l1[i]; + for (size_t i = pmap_l1_index(DMAP_MIN_ADDRESS); + i < pmap_l1_index(DMAP_MAX_ADDRESS); i++) + pmap->pm_l1[i] = kernel_pmap->pm_l1[i]; mtx_unlock(&allpmaps_lock); - memcpy(pmap->pm_l1, kernel_pmap->pm_l1, PAGE_SIZE); - vm_radix_init(&pmap->pm_root); return (1);