From afdf5a8c1557509d916435413a38a4654e00fc96 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Fri, 27 Jan 2023 16:46:43 -0500 Subject: [PATCH 39/52] mips: Do a proper break-before-make TLB shootdown The TLB exception handlers dereference the same PDE multiple times when handling superpage mappings. This is racy with respect to concurrent promotions and demotions. When promoting or demoting superpages, we thus clear the PDE, invalidate TLB entries on all CPUs with an IPI, then write the new PDE. This ensures that any executing TLB handlers will fall back to a slow path once they encounter an invalid entry. Also modify pmap_enter_pde() to use pmap_update_pde() when setting the new PDE. This is unnecessary in principle, but may help shed some light on some memory corruption associated with superpage mappings. --- sys/mips/mips/pmap_mips64.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/mips/mips/pmap_mips64.c b/sys/mips/mips/pmap_mips64.c index ac00d9dc99f2..86c00c0b6d81 100644 --- a/sys/mips/mips/pmap_mips64.c +++ b/sys/mips/mips/pmap_mips64.c @@ -880,8 +880,9 @@ pmap_update_pde(pmap_t pmap, vm_offset_t va, pd_entry_t *pde, pt_entry_t newpde) arg.pde = pde; arg.newpde = newpde; - pmap_update_pde_store(pmap, pde, newpde); + pmap_update_pde_store(pmap, pde, 0); pmap_call_on_active_cpus(pmap, pmap_update_pde_action, &arg); + pmap_update_pde_store(pmap, pde, newpde); } /* --- */ @@ -3684,7 +3685,7 @@ pmap_enter_pde(pmap_t pmap, vm_offset_t va, vm_page_t m, vm_prot_t prot, * Map the superpage. */ sched_pin(); - pde_store(pde, newpde); + pmap_update_pde(pmap, va, pde, newpde); /* * Sync I & D caches for executable pages. Do this only if the -- 2.41.0