On Mon, Jul 16, 2018 at 12:03 PM, Rik van Riel <[email protected]> wrote:
> Andy discovered that speculative memory accesses while in lazy
> TLB mode can crash a system, when a CPU tries to dereference a
> speculative access using memory contents that used to be valid
> page table memory, but have since been reused for something else
> and point into la-la land.
Hi Rik-
I was looking through this, and I see:
> -static void tlb_remove_table_one(void *table)
> +static void tlb_remove_table_one(void *table, struct mmu_gather *tlb)
> {
> /*
> * This isn't an RCU grace period and hence the page-tables cannot be
> @@ -344,7 +348,7 @@ static void tlb_remove_table_one(void *table)
> * It is however sufficient for software page-table walkers that rely
> on
> * IRQ disabling. See the comment near struct mmu_table_batch.
> */
> - smp_call_function(tlb_remove_table_smp_sync, NULL, 1);
> + smp_call_function(tlb_remove_table_smp_sync, tlb->mm, 1);
> __tlb_remove_table(table);
> }
But tlb_remove_table() doesn't always call tlb_remove_table_one(). Do
the other paths through tlb_remove_table() do the right thing?
--Andy
