From: Greg KH <greg@kroah•com>
To: Santosh Sivaraj <santosh@fossix•org>
Cc: Sasha Levin <sashal@kernel•org>,
linuxppc-dev <linuxppc-dev@lists•ozlabs.org>,
stable@vger•kernel.org
Subject: Re: [PATCH v3 0/6] Memory corruption may occur due to incorrent tlb flush
Date: Mon, 4 Jan 2021 13:56:16 +0100 [thread overview]
Message-ID: <X/MQcIep4k15cHe4@kroah.com> (raw)
In-Reply-To: <20200312132740.225241-1-santosh@fossix.org>
On Thu, Mar 12, 2020 at 06:57:34PM +0530, Santosh Sivaraj wrote:
> The TLB flush optimisation (a46cc7a90f: powerpc/mm/radix: Improve TLB/PWC
> flushes) may result in random memory corruption. Any concurrent page-table walk
> could end up with a Use-after-Free. Even on UP this might give issues, since
> mmu_gather is preemptible these days. An interrupt or preempted task accessing
> user pages might stumble into the free page if the hardware caches page
> directories.
>
> The series is a backport of the fix sent by Peter [1].
>
> The first three patches are dependencies for the last patch (avoid potential
> double flush). If the performance impact due to double flush is considered
> trivial then the first three patches and last patch may be dropped.
>
> This is only for v4.19 stable.
>
> [1] https://patchwork.kernel.org/cover/11284843/
Sorry for the delay, now queued up, let's see what the test-builders say
about it...
thanks,
greg k-h
prev parent reply other threads:[~2021-01-04 13:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-12 13:27 [PATCH v3 0/6] Memory corruption may occur due to incorrent tlb flush Santosh Sivaraj
2020-03-12 13:27 ` [PATCH v3 1/6] asm-generic/tlb: Track freeing of page-table directories in struct mmu_gather Santosh Sivaraj
2021-01-04 12:55 ` Patch "asm-generic/tlb: Track freeing of page-table directories in struct mmu_gather" has been added to the 4.19-stable tree gregkh
2020-03-12 13:27 ` [PATCH v3 2/6] asm-generic/tlb: Track which levels of the page tables have been cleared Santosh Sivaraj
2021-01-04 12:55 ` Patch "asm-generic/tlb: Track which levels of the page tables have been cleared" has been added to the 4.19-stable tree gregkh
2020-03-12 13:27 ` [PATCH v3 3/6] asm-generic/tlb, arch: Invert CONFIG_HAVE_RCU_TABLE_INVALIDATE Santosh Sivaraj
2021-01-04 12:55 ` Patch "asm-generic/tlb, arch: Invert CONFIG_HAVE_RCU_TABLE_INVALIDATE" has been added to the 4.19-stable tree gregkh
2020-03-12 13:27 ` [PATCH v3 4/6] powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case Santosh Sivaraj
2021-01-04 12:55 ` Patch "powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case" has been added to the 4.19-stable tree gregkh
2020-03-12 13:27 ` [PATCH v3 5/6] mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush Santosh Sivaraj
2021-01-04 12:55 ` Patch "mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush" has been added to the 4.19-stable tree gregkh
2021-01-05 9:05 ` [PATCH v3 5/6] mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush Greg KH
2020-03-12 13:27 ` [PATCH v3 6/6] asm-generic/tlb: avoid potential double flush Santosh Sivaraj
2021-01-04 12:55 ` Patch "asm-generic/tlb: avoid potential double flush" has been added to the 4.19-stable tree gregkh
2021-01-04 12:56 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X/MQcIep4k15cHe4@kroah.com \
--to=greg@kroah$(echo .)com \
--cc=linuxppc-dev@lists$(echo .)ozlabs.org \
--cc=santosh@fossix$(echo .)org \
--cc=sashal@kernel$(echo .)org \
--cc=stable@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox