Page MenuHomeFreeBSD
Differential D34158

riscv: Fix a race in pmap_pinit()
ClosedPublic
Actions

Authored by markj on Feb 3 2022, 4:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 7, 12:47 AM
Unknown Object (File)
Mar 7 2024, 11:09 AM
Unknown Object (File)
Mar 7 2024, 9:58 AM
Unknown Object (File)
Feb 5 2024, 9:35 PM
Unknown Object (File)
Jan 1 2024, 12:54 PM
Unknown Object (File)
Dec 22 2023, 10:19 PM
Unknown Object (File)
Dec 16 2023, 4:55 PM
Unknown Object (File)
Nov 26 2023, 4:50 AM
View All 18 Files
Subscribers
imp
jrtc27
mhorne

Details

Reviewers
mhorne
jhb
Group Reviewers
riscv
Commits
rGc862d5f2a789: riscv: Fix a race in pmap_pinit()
Summary

All pmaps share the top half of the address space. With 3-level page
tables, the top-level kernel map entries are not static: they might
change if the kernel map is extended (via pmap_growkernel()) or a 1GB
mapping in the direct map is demoted (doesn't seem to be implemented
yet?). Thus the riscv pmap maintains the allpmaps list to synchronize
updates to top-level entries.

When a pmap is created, it is inserted into this list after copying
top-level entries from the kernel pmap. The copying is done without
holding the allpmaps lock, and I believe it's possible for pmap_pinit()
to race with kernel map updates. In particular, if a thread is
modifying L1 entries, and a concurrent pmap_pinit() copies the old
version of the entries, it might not receive the update.

Fix the problem by copying the kernel map entries after inserting the
pmap into the list. This ensures that the nascent pmap always receives
updates. It doesn't seem necessary to perform the copy while holding
the allpmaps lock.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Feb 3 2022, 4:06 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 3 2022, 4:06 PM
markj requested review of this revision.Feb 3 2022, 4:06 PM
Harbormaster completed remote builds in B44276: Diff 102330.Feb 3 2022, 4:06 PM
markj added a reviewer: riscv.Feb 3 2022, 4:15 PM
mhorne accepted this revision.Feb 3 2022, 6:34 PM
mhorne added a subscriber: mhorne.

"It doesn't seem necessary to perform the copy while holding the allpmaps lock." -- I had to think about this for a while, but I agree.

This revision is now accepted and ready to land.Feb 3 2022, 6:34 PM
jrtc27 added a subscriber: jrtc27.Feb 3 2022, 6:56 PM

What happens if pmap_distribute_l1 runs whilst the memcpy is taking place and "overtakes" the memcpy? Won't we then potentially clobber newer entries with stale copies?

markj added a comment.Feb 3 2022, 7:12 PM
In D34158#772702, @jrtc27 wrote:

What happens if pmap_distribute_l1 runs whilst the memcpy is taking place and "overtakes" the memcpy? Won't we then potentially clobber newer entries with stale copies?

A thread updating the kernel map will (and must):

  1. update the reference L1 entry
  2. acquire the allpmaps lock
  3. update user pmaps
  4. release the all pmaps lock

so the update will be visible to the copying thread either way. Note that threads updating the kernel map are serialized by the kernel pmap lock, with one exception in pmap_growkernel(). But pmap_growkernel() only ever extends the kernel map, and I believe it should be impossible for two threads to race to update the same kernel L1 entry.

jhb accepted this revision.Feb 4 2022, 10:21 PM
Closed by commit rGc862d5f2a789: riscv: Fix a race in pmap_pinit() (authored by markj). · Explain WhyFeb 8 2022, 6:37 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGc862d5f2a789: riscv: Fix a race in pmap_pinit().

Revision Contents
Changeset List

PathSize
sys/
riscv/
riscv/
6 lines

Diff 102508

View Options

sys/riscv/riscv/pmap.c

Loading...