percpu: flush tlb in pcpu_reclaim_populated()
mainline inclusion from mainline-v5.14-rc1 commit 93274f1d category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4BE79 CVE: NA ------------------------------------------------- Prior to "percpu: implement partial chunk depopulation", pcpu_depopulate_chunk() was called only on the destruction path. This meant the virtual address range was on its way back to vmalloc which will handle flushing the tlbs for us. However, with pcpu_reclaim_populated(), we are now calling pcpu_depopulate_chunk() during the active lifecycle of a chunk. Therefore, we need to flush the tlb as well otherwise we can end up accessing the wrong page through an invalid tlb mapping as reported in [1]. [1] https://lore.kernel.org/lkml/20210702191140.GA3166599@roeck-us.net/ Fixes: f1833241 ("percpu: implement partial chunk depopulation") Reported-and-tested-by: NGuenter Roeck <linux@roeck-us.net> Signed-off-by: NDennis Zhou <dennis@kernel.org> (cherry picked from commit 93274f1d) Conflicts: mm/percpu.c Small content conflicts because of mainline-v5.14-rc1 commit faf65dde rework memcg accounting. Signed-off-by: NYuanzheng Song <songyuanzheng@huawei.com> Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Showing
想要评论请 注册 或 登录