[PATCH] powerpc/book3s64/radix: Avoid WARN_ON in destroy_context

Wed, 18 Sep 2019 07:13:05 -0700 

On failed task initialization due to memory allocation failures,
we can call into destroy_context with process_tb entry set. This patch
forces the process_tb entry to zero in destroy_context. With
this patch, we lose the ability to track if we are destroying a context
without flushing the process table entry.

 WARNING: CPU: 4 PID: 6368 at arch/powerpc/mm/mmu_context_book3s64.c:246 
destroy_context+0x58/0x340
 NIP [c0000000000875f8] destroy_context+0x58/0x340
 LR [c00000000013da18] __mmdrop+0x78/0x270
 Call Trace:
 [c000000f7db77c80] [c00000000013da18] __mmdrop+0x78/0x270
 [c000000f7db77cf0] [c0000000004d6a34] __do_execve_file.isra.13+0xbd4/0x1000
 [c000000f7db77e00] [c0000000004d7428] sys_execve+0x58/0x70
 [c000000f7db77e30] [c00000000000b388] system_call+0x5c/0x70

Reported-by: Priya M.A <priya...@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.ibm.com>
---
 arch/powerpc/mm/book3s64/mmu_context.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/mm/book3s64/mmu_context.c 
b/arch/powerpc/mm/book3s64/mmu_context.c
index 2d0cb5ba9a47..3a0f5ab190ec 100644
--- a/arch/powerpc/mm/book3s64/mmu_context.c
+++ b/arch/powerpc/mm/book3s64/mmu_context.c
@@ -256,8 +256,18 @@ void destroy_context(struct mm_struct *mm)
 #ifdef CONFIG_SPAPR_TCE_IOMMU
        WARN_ON_ONCE(!list_empty(&mm->context.iommu_group_mem_list));
 #endif
+       /* For tasks which were successfully initialized we would end up
+        * calling arch_exit_mmap which clears the process table entry.
+        * arch_exit_mmap get called before the required fullmm tlb flush
+        * which does a RIC=2 flush. Hence for an initialized task, we do
+        * clear any cached process table entry. The condition below handles
+        * the error case during task init. We do set the process table entry
+        * early and if we fail a task initialization, we need to ensure
+        * the process table entry is zeroed. We need not worry about process
+        * table entry caches because the task never ran with the PID value.
+        */
        if (radix_enabled())
-               WARN_ON(process_tb[mm->context.id].prtb0 != 0);
+               process_tb[mm->context.id].prtb0 = 0;
        else
                subpage_prot_free(mm);
        destroy_contexts(&mm->context);
-- 
2.21.0

Reply via email to