From nobody Sat Feb 7 08:02:44 2026 Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4134728981C for ; Fri, 6 Jun 2025 17:11:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.67.55.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; cv=none; b=i4CrZ3THFzaO6+texvIz7n/ITU5dKDa9mgksnncmKutwcgu423NQT8n5GTpGUOH7MpWkoM9gyCbmY2vsss1guY4ldEVgRtWUYTAOvW2fgWj/9l0KMYWc+OAwFslA9kZ4HP6jPlqFGeAKBmk+MEmN+Ls9lPhkJ0zYVZYYf8KmZsk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; c=relaxed/simple; bh=pdRvUV9h/SGutwunhxJKENeXCkz2Vk2NqMFNvihGUhk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QYSSS+QBQs9i92g+6e/tzDheCXJUi/tTj9XKmgebqDYq05n/k5dA3ybK6bEvHV5sAQOhdZ3nwnaMxAMk8yi2ljhJNYXDOuYhoPrRvYcXkIexHXRw5XUHdNi929v3wVqr7yC3WlnI3Bk2+FnKp5Yw5PZY44WCHxg4GDO8WUB36Vw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com; spf=pass smtp.mailfrom=surriel.com; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b=dD7xrdwF; arc=none smtp.client-ip=96.67.55.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=surriel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b="dD7xrdwF" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=surriel.com ; s=mail; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=CdjWnwKuJqKe6pzZkRWk+shJN45H1hDdYXeyHoLpWq8=; b=dD7xrdwF4vK6419z7zXXVKFcap gNvWx/sGPSMBE7h6OobnmSKrHtlNHh3Gt2xW8qAYOxIpFAeaHICmwbGNG3RSBj6O2ojRPnZv37VOo PPEmZ0ymlSk2MMjVArGAtZWWAJQYLc2LnKnuKiITlxIqX6Hs0mZMbI6oweZmAj6VBR5Ey8BrKa4YP VMtrRoUbzPrvQFmaYpEiHOsU3++J+nuZkRnvDiK7F4ZV0bOhPHoejVCN1TksQpVcKZW/CL+z0J+gi odd+/xeNTl6zD4b0XcSYPaYtq0ONzuuwLJ7YzGI8M9f222gkUy/9WdxHD/rHEKUe9w74YVqsTVvnu Mkq1BiLQ==; Received: from fangorn.home.surriel.com ([10.0.13.7]) by shelob.surriel.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1uNab3-000000006Se-1dFD; Fri, 06 Jun 2025 13:11:13 -0400 From: Rik van Riel To: linux-kernel@vger.kernel.org Cc: kernel-team@meta.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, bp@alien8.de, x86@kernel.org, nadav.amit@gmail.com, seanjc@google.com, tglx@linutronix.de, mingo@kernel.org, Rik van Riel , Rik van Riel , stable@kernel.org Subject: [PATCH v2 1/3] x86/mm: Fix potential overflow in user_pcid_flush_mask Date: Fri, 6 Jun 2025 13:10:33 -0400 Message-ID: <20250606171112.4013261-2-riel@surriel.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250606171112.4013261-1-riel@surriel.com> References: <20250606171112.4013261-1-riel@surriel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Rik van Riel Currently no system with AMD INVLPGB support requires the page table isolation mitigation. However, people could still enable PTI manually, or a vulnerability could be found in the future that makes PTI useful on certain AMD CPUs. The combination of PTI and broadcast TLB flush has a problem: - invalidate_user_asid() sets a bit corresponding to the process PCID in us= er_pcid_flush_mask - SWITCH_TO_USER_CR3 tests and clears a bit corresponding to the process PC= ID in user_pcid_flush_mask When using only ASIDs 0-5 this does not cause any issues, because only PCID numbers 1-6 ever get used. However, with broadcast TLB flushing PCID numbers up to 2048 can be used, leading to an overflow of the user_pcid_flush_mask, if a system using INVLPGB is booted with the pti=3Don option. Enlarge user_pcid_flush_mask to fit the PCID numbers that can be present when using broadcast TLB flushing. This takes up 256 or 512 bytes per CPU, depending on whether or not page table isolation is built into the kernel. Signed-off-by: Rik van Riel Fixes: c3ed3f5b2550 x86/mm: userspace & pageout flushing using Intel RAR Cc: stable@kernel.org --- arch/x86/include/asm/tlbflush.h | 49 +++++++++++++++++++++++++++------ arch/x86/mm/tlb.c | 22 +-------------- 2 files changed, 42 insertions(+), 29 deletions(-) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflus= h.h index e9b81876ebe4..401e93958022 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -23,6 +23,40 @@ void __flush_tlb_all(void); #define TLB_FLUSH_ALL -1UL #define TLB_GENERATION_INVALID 0 =20 +/* + * When enabled, MITIGATION_PAGE_TABLE_ISOLATION consumes a single bit for + * user/kernel switches + */ +#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION +# define PTI_CONSUMED_PCID_BITS 1 +#else +# define PTI_CONSUMED_PCID_BITS 0 +#endif + +#define CR3_AVAIL_PCID_BITS (X86_CR3_PCID_BITS - PTI_CONSUMED_PCID_BITS) + +/* + * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid. -1 below to account + * for them being zero-based. Another -1 is because PCID 0 is reserved for + * use by non-PCID-aware users. + */ +#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_PCID_BITS) - 2) + +/* + * With page table isolation, the user_pcid_flush_mask is used to indicate + * that the TLB for a process needs to be flushed when switching to user + * space. Broadcast TLB flushing uses more PCIDs, and a larger bitmap. + */ +#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION +# ifdef CONFIG_BROADCAST_TLB_FLUSH +# define CR3_AVAIL_PCID_LONGS ((1 << CR3_AVAIL_PCID_BITS) / BITS_PER_LONG) +# else +# define CR3_AVAIL_PCID_LONGS 1 +# endif +#else +# define CR3_AVAIL_PCID_LONGS 0 +#endif + void cr4_update_irqsoff(unsigned long set, unsigned long clear); unsigned long cr4_read_shadow(void); =20 @@ -115,14 +149,6 @@ struct tlb_state { */ u8 lam; #endif - - /* - * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate - * the corresponding user PCID needs a flush next time we - * switch to it; see SWITCH_TO_USER_CR3. - */ - unsigned short user_pcid_flush_mask; - /* * Access to this CR4 shadow and to H/W CR4 is protected by * disabling interrupts when modifying either one. @@ -149,6 +175,13 @@ struct tlb_state { * context 0. */ struct tlb_context ctxs[TLB_NR_DYN_ASIDS]; + + /* + * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate + * the corresponding user PCID needs a flush next time we + * switch to it; see SWITCH_TO_USER_CR3. + */ + unsigned long user_pcid_flush_mask[CR3_AVAIL_PCID_LONGS]; }; DECLARE_PER_CPU_ALIGNED(struct tlb_state, cpu_tlbstate); =20 diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 39f80111e6f1..fceec13a05c1 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -90,25 +90,6 @@ * */ =20 -/* - * When enabled, MITIGATION_PAGE_TABLE_ISOLATION consumes a single bit for - * user/kernel switches - */ -#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION -# define PTI_CONSUMED_PCID_BITS 1 -#else -# define PTI_CONSUMED_PCID_BITS 0 -#endif - -#define CR3_AVAIL_PCID_BITS (X86_CR3_PCID_BITS - PTI_CONSUMED_PCID_BITS) - -/* - * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid. -1 below to account - * for them being zero-based. Another -1 is because PCID 0 is reserved for - * use by non-PCID-aware users. - */ -#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_PCID_BITS) - 2) - /* * Given @asid, compute kPCID */ @@ -557,8 +538,7 @@ static inline void invalidate_user_asid(u16 asid) if (!static_cpu_has(X86_FEATURE_PTI)) return; =20 - __set_bit(kern_pcid(asid), - (unsigned long *)this_cpu_ptr(&cpu_tlbstate.user_pcid_flush_mask)); + __set_bit(kern_pcid(asid), this_cpu_ptr(&cpu_tlbstate.user_pcid_flush_mas= k[0])); } =20 static void load_new_mm_cr3(pgd_t *pgdir, u16 new_asid, unsigned long lam, --=20 2.49.0 From nobody Sat Feb 7 08:02:44 2026 Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 412721AC44D for ; Fri, 6 Jun 2025 17:11:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.67.55.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; cv=none; b=VCfdPQBFyirTewy98+opF8MTVbZdXNt7AgXpP+tGxVSfBDjBpmkrhEs8T8PRLzAjQ56ulKBCbdkBNu2766fCngCnOzsObnPFqj82ju2w2FXQYzgTmoCZgR9pq5e4VFA3KHhyiXanxcF3n6TJgYSxGdo2prnp1LqfRC8FuIJbxbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; c=relaxed/simple; bh=I8tmsVTo0MQcJjiMlM942Vive3o2UFjS72ccCIhVkks=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SwOyx91zOydAyryAwJ/2UqoP0K0h2savd6cLRjdcEtKoR4PUMv5PEB9sT7ZDjaOWzE2FGWyK4Id5ZUWZ4tLGZRhPnivzX5J50/iX4KTVjl3w1pXfSvdOfJQNkodeErKwnQ/dPzzSiVsO86lb0DsopqbdSvutXc2tzlxVJDiUxQE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com; spf=pass smtp.mailfrom=surriel.com; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b=FUi9HQ5z; arc=none smtp.client-ip=96.67.55.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=surriel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b="FUi9HQ5z" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=surriel.com ; s=mail; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZwYBv8sNTbOxmlxA4VDVgq6hefWE68MVO+zvxO/w0ms=; b=FUi9HQ5z/zez9imie9XR5M/FG8 avA39tFHpDmMhHdWmDpPhm73KMxhyL8EfYwh96AZJcgZYtQrk6SC7RmNXKdiFdn5OAXttzbYfBq5N mqt5iIIVMeN2eT9AmVGbCv8botRwKlwm5Exn6mNfDepk98p8o8Xmzjnv7x05dGzVDcKJLXa3pqjhN SKbSNE47yQs/CpAnTpc2JelIZpgeHeXt8lQZReyK4XoQqbuhbAdbmW3ff7+O/zsRzngv/guL7B36p MaGcnBRO2ufLSYIj5Itiiu5NfvuQj3LKKzqw8u3JlrA7XDuSwgwUjkWhA9Co3YD1e9cWnjdUVSZMa l4nvKy9A==; Received: from fangorn.home.surriel.com ([10.0.13.7]) by shelob.surriel.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1uNab3-000000006Se-1izx; Fri, 06 Jun 2025 13:11:13 -0400 From: Rik van Riel To: linux-kernel@vger.kernel.org Cc: kernel-team@meta.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, bp@alien8.de, x86@kernel.org, nadav.amit@gmail.com, seanjc@google.com, tglx@linutronix.de, mingo@kernel.org, Rik van Riel , stable@kernel.org Subject: [PATCH v2 2/3] x86/mm: Fix early boot use of INVPLGB Date: Fri, 6 Jun 2025 13:10:34 -0400 Message-ID: <20250606171112.4013261-3-riel@surriel.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250606171112.4013261-1-riel@surriel.com> References: <20250606171112.4013261-1-riel@surriel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The INVLPGB instruction has limits on how many pages it can invalidate at once. That limit is enumerated in CPUID, read by the kernel, and stored in 'invpgb_count_max'. Ranged invalidation, like invlpgb_kernel_range_flush() break up their invalidations so that they do not exceed the limit. However, early boot code currently attempts to do ranged invalidation before populating 'invlpgb_count_max'. There is a for loop which is basically: for (...; addr < end; addr +=3D invlpgb_count_max*PAGE_SIZE) If invlpgb_kernel_range_flush is called before the kernel has read the value of invlpgb_count_max from the hardware, the normally bounded loop can become an infinite loop if invlpgb_count_max is initialized to zero. Fix that issue by initializing invlpgb_count_max to 1. This way INVPLGB at early boot time will be a little bit slower than normal (with initialized invplgb_count_max), and not an instant hang at bootup time. Signed-off-by: Rik van Riel Fixes: b7aa05cbdc52 ("x86/mm: Add INVLPGB support code") Cc: stable@kernel.org --- arch/x86/kernel/cpu/amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 93da466dfe2c..b2ad8d13211a 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -31,7 +31,7 @@ =20 #include "cpu.h" =20 -u16 invlpgb_count_max __ro_after_init; +u16 invlpgb_count_max __ro_after_init =3D 1; =20 static inline int rdmsrq_amd_safe(unsigned msr, u64 *p) { --=20 2.49.0 From nobody Sat Feb 7 08:02:44 2026 Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 412D7289819 for ; Fri, 6 Jun 2025 17:11:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.67.55.147 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; cv=none; b=X7477IFbi8fnUcU1S7js/BEtFXPYaOv5eFWabtaz6aEyaAFV6OPRixo+OqiwkPVXY6awu9/kNh+phk324h3MhjsAnA5PO5qUlG2CHdRgxoJ0grWSClNnZJsjdMaLXpFmtSKLdNwr8v2QJrQxJT4u7xiZAJZO04wikvSOxXQzFgQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749229891; c=relaxed/simple; bh=qcOfhLcNm7S1SyTd8tK+TKEUQLWhmfWH4aNgAteT74g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FiCgScJTl4Lh+bRm6+QJWPIxON1CzLAoECdmSgFB6/EKkWmQQ3f5KulrU3fISgWi4IhCS7QClpml/m9mEecd6nicrB3OiLGWnOPAU0xruJI38VJTDdlxX7UdvYOErOTho007OgPTspwU8b4/fGDxM+XG+tMCEld5hdRxRN85q8U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com; spf=pass smtp.mailfrom=surriel.com; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b=Uk4bm9p9; arc=none smtp.client-ip=96.67.55.147 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=surriel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=surriel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=surriel.com header.i=@surriel.com header.b="Uk4bm9p9" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=surriel.com ; s=mail; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FXhb5AK4hmzs7wEbphuMQS57/NnaTRqpKXsIVk4kIRA=; b=Uk4bm9p93KKs9rG1MvQKzM7uE2 mkryQIrbAjoJmYcuJIIm14NBn/aTgKYAC/CQTkld2rrTXPagIaDqqf+FC9JWvFPzAmc0IklhrUa3E SV0JWeLZRx1hJeLHG1fzkBMO0daDZhMNUKH3yOjoeADjPu/Q8ox273v8RSlB+YNtqpJnkioA7C53m /Bzjn+DbTxVRlabXjejhovkYEKKyvHI41Y/sYENSkjDFPHUAFFDTzkxQbk2WhD9j8WvewrKBvR2GK TRPy1aiJUh1eUZiQ9gJipEmjOzA5ANMaq2X4zo6BJUvZQ+wMOtWJMZ1NagRlQT1kvdJS3AAGg1lV8 B817w3tQ==; Received: from fangorn.home.surriel.com ([10.0.13.7]) by shelob.surriel.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1uNab3-000000006Se-1ocO; Fri, 06 Jun 2025 13:11:13 -0400 From: Rik van Riel To: linux-kernel@vger.kernel.org Cc: kernel-team@meta.com, dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, bp@alien8.de, x86@kernel.org, nadav.amit@gmail.com, seanjc@google.com, tglx@linutronix.de, mingo@kernel.org, Yu-cheng Yu , Rik van Riel Subject: [PATCH v2 3/3] x86/mm: Change cpa_flush() to call flush_kernel_range() directly Date: Fri, 6 Jun 2025 13:10:35 -0400 Message-ID: <20250606171112.4013261-4-riel@surriel.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250606171112.4013261-1-riel@surriel.com> References: <20250606171112.4013261-1-riel@surriel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Yu-cheng Yu The function cpa_flush() calls __flush_tlb_one_kernel() and flush_tlb_all(). Replacing that with a call to flush_tlb_kernel_range() allows cpa_flush() to make use of INVLPGB or RAR without any additional changes. Initialize invlpgb_count_max to 1, since flush_tlb_kernel_range() can now be called before invlpgb_count_max has been initialized to the value read from CPUID. [riel: remove now unused __cpa_flush_tlb] Signed-off-by: Yu-cheng Yu Signed-off-by: Rik van Riel Acked-by: Dave Hansen --- arch/x86/mm/pat/set_memory.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 30ab4aced761..1da32261bc11 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -399,15 +399,6 @@ static void cpa_flush_all(unsigned long cache) on_each_cpu(__cpa_flush_all, (void *) cache, 1); } =20 -static void __cpa_flush_tlb(void *data) -{ - struct cpa_data *cpa =3D data; - unsigned int i; - - for (i =3D 0; i < cpa->numpages; i++) - flush_tlb_one_kernel(fix_addr(__cpa_addr(cpa, i))); -} - static int collapse_large_pages(unsigned long addr, struct list_head *pgta= bles); =20 static void cpa_collapse_large_pages(struct cpa_data *cpa) @@ -444,6 +435,7 @@ static void cpa_collapse_large_pages(struct cpa_data *c= pa) =20 static void cpa_flush(struct cpa_data *cpa, int cache) { + unsigned long start, end; unsigned int i; =20 BUG_ON(irqs_disabled() && !early_boot_irqs_disabled); @@ -453,10 +445,12 @@ static void cpa_flush(struct cpa_data *cpa, int cache) goto collapse_large_pages; } =20 - if (cpa->force_flush_all || cpa->numpages > tlb_single_page_flush_ceiling) - flush_tlb_all(); - else - on_each_cpu(__cpa_flush_tlb, cpa, 1); + start =3D fix_addr(__cpa_addr(cpa, 0)); + end =3D fix_addr(__cpa_addr(cpa, cpa->numpages)); + if (cpa->force_flush_all) + end =3D TLB_FLUSH_ALL; + + flush_tlb_kernel_range(start, end); =20 if (!cache) goto collapse_large_pages; --=20 2.49.0