From nobody Sun Jun 21 00:16:15 2026 Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazon11011001.outbound.protection.outlook.com [52.101.62.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8B353ACA79 for ; Thu, 9 Apr 2026 12:55:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.62.1 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775739308; cv=fail; b=OZqygK0yirF2uvcn1rUAKfgmWNo3H/cbQ9jPOBf+mxvrp6LxP0aQd9GBLmNXKbUc4L7gqZRRWWev2J0nQCtYl6kxvIWC88K4Bcpuq7aI1plxR/+ofApBiT44Tp50WZHiWfnn6fctMJhkYg+55m0tn1S7c76L/sLXyhFd6eY/58c= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775739308; c=relaxed/simple; bh=3oTCSQ8oQwEtIaG1r1SkX42LRKiohLXDx41MS2lm7Zo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=vEIyWlXph1rbifJ9WgRKPhnIjiCCEHr2T4CAQHreRc03LoVXy12g+NBFJsfiGkU7mUtqV4vwxcrI+HALa0onT92h94hCU1ixc48iUz3pH60qzkAu0yDG/uWesk6a5pYFKy8U0z8NwLNmm6tVzmiwRHRe15sfMvL9GjFNWCUSiDA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gehealthcare.com; spf=pass smtp.mailfrom=gehealthcare.com; dkim=pass (2048-bit key) header.d=gehealthcare.com header.i=@gehealthcare.com header.b=KrBBe+Ee; arc=fail smtp.client-ip=52.101.62.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gehealthcare.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gehealthcare.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gehealthcare.com header.i=@gehealthcare.com header.b="KrBBe+Ee" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jnPy0OkkIDHMLXaEAHLKDX9E2nMERa9Yaf/Yd4nzrWhaFGHwyiuY5zvzEb/c+O42II96ELCbjkQKSVsT757qSwojvkiZ8toohQXQviMKhG8PmG4b7Em8HSfvOnsba1o7Wsjb3GvofEoFMSbHtCD3ZuGwFnqW4hmOWLBm0YSyAWgu0HRHrdnG/e1+wCHp9oYRJoXEeF0q6L0BDoKlwk3Uq9e6eyLwJDhVH5J610G1UqNw5B8g3qa7bvzuyeqHdQ+uT81nP/8dWD6sDq8viWq4kcRMTQPu/snyZPcpfzynqS/1UUOT5SUyU6xgUKEa/rGGBN++YLxzRoapPd42POTtjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JvtVGu3nQsM7HHjn3sCD4exp3RWfafRYBik80pZ8pdk=; b=TIpPd+OuPC1uoRE1pxvGrIB3j/h8Z3rvfVJXsCZ2RwPZ4Gsn7qRdgVkg3OPaBbZraqLSETuqEbpvEsINyYaHXfTSFLrYK3GR4vsAIW32mxVBbCifmyMl6vo957eb8k+/2ay2HYA2KIgXICJMO+OYT4XLgpWq3XmCKXRTecrTbhOcC+ru9zhWXiJP6IPGBx5aCzxeQ/8o1PB9/tfhAOdK019YlEzup2DzOQIHjXcFxlb2WtgUyH8cXmFM74+kUy0sdLtevtViE1xNz+j6yV2CEICM2KqFIocfOQH7AUkvGPwdYDdvVG7ZAObeV7TxXgpde3RfkAUCduiojVv93WgJKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is 165.85.157.49) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=gehealthcare.com; dmarc=fail (p=quarantine sp=quarantine pct=100) action=quarantine header.from=gehealthcare.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gehealthcare.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JvtVGu3nQsM7HHjn3sCD4exp3RWfafRYBik80pZ8pdk=; b=KrBBe+Eec+iPODMH+oqIU4tr2l2pNJamrIHieR3YKRZVjcnu2STo6DAsl/Va5bRsiov3XMdFG9P8KfW+hSi+iT2HCyZsKXPvN1eOT3FUabZluyW6+iJDuSS8Hgd0UskQNIgsy7ejkieHnsMMJYJe7kvVZ+pxKZDHqer+Lzwa3HtBjPObDkVhK//+8VN/KnVG/kSBycJRN744UmqQbdORBpcrkTu3yw0l2UFgU6HytcjJjzKKtGdC4M+ACvpZ3E0XR8Jvrr38qaUOKudpm6OgBHMALAAGr5otpLAl/N2UWmu4/PSlJvEKIIrRCUxd6XAXTnTiJM7Avx7JOxtOYbNBlQ== Received: from BY5PR03CA0029.namprd03.prod.outlook.com (2603:10b6:a03:1e0::39) by PH7PR22MB3865.namprd22.prod.outlook.com (2603:10b6:510:2b7::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Thu, 9 Apr 2026 12:55:02 +0000 Received: from SJ5PEPF00000206.namprd05.prod.outlook.com (2603:10b6:a03:1e0:cafe::cf) by BY5PR03CA0029.outlook.office365.com (2603:10b6:a03:1e0::39) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.41 via Frontend Transport; Thu, 9 Apr 2026 12:55:02 +0000 X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 165.85.157.49) smtp.mailfrom=gehealthcare.com; dkim=none (message not signed) header.d=none;dmarc=fail action=quarantine header.from=gehealthcare.com; Received-SPF: Fail (protection.outlook.com: domain of gehealthcare.com does not designate 165.85.157.49 as permitted sender) receiver=protection.outlook.com; client-ip=165.85.157.49; helo=mkerelay1.compute.ge-healthcare.net; Received: from mkerelay1.compute.ge-healthcare.net (165.85.157.49) by SJ5PEPF00000206.mail.protection.outlook.com (10.167.244.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17 via Frontend Transport; Thu, 9 Apr 2026 12:55:01 +0000 Received: from zoo11.fihel.lab.ge-healthcare.net (zoo11.fihel.lab.ge-healthcare.net [10.168.174.93]) by builder1.fihel.lab.ge-healthcare.net (Postfix) with ESMTP id 46542E57CC; Thu, 9 Apr 2026 15:54:54 +0300 (EEST) From: Brian Ruley To: Russell King , Steve Capper , Will Deacon Cc: Brian Ruley , Russell King , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] mm/arm: pgtable: remove young bit check for pte_valid_user Date: Thu, 9 Apr 2026 15:54:45 +0300 Message-ID: <20260409125446.981747-1-brian.ruley@gehealthcare.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF00000206:EE_|PH7PR22MB3865:EE_ X-MS-Office365-Filtering-Correlation-Id: d6c1090b-6b47-4f6c-67a4-08de963736ed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700016|1800799024|376014|82310400026|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: 8pSomNb4Rt1yOt1KTscCg9StlBO/POSl1tOPessrX0BZsNNenscO3wraYl45WvJ2fxKAksSnmaYZrw0LGLF0ZegrwgB+7S+gDv2qiH7odJD7zLm2dtwl75lpmOfGVhVtntuitI3DDuYuJ2JgR4uFwRew3tGtUKZJ1UVMBoVLZgDDzXzWfdFKfJtvpXlY/PybjxH0t8uYr5g5ShsL5mrogAcgNzrW8g+zAxd6Bqv8oJgkcZlkX8QZJoDec946YaDhjnXCp6XYzaAvJf79EzqaEf39pb6Wgi5ke3PT6fYuDTOUanCiPLVhOljysyMSssnqkcN5TmgaiOmQzNESzNZjgeiBwNSqhRaJ4FtqlOT50ZnWF3HYUjN4ctzz/053zgyfTgwaZUzt6lbw3T4d6ebrYti4JIHYmy4+VAZZgOid9wnF1y4jT3PJ5WTHlPgLuQt06woLrWTP1cznmeXoTbWE2YF3DAtezW/4UOQvB/VFNeKohuTRu3XATasI/fHY68p/unJA1ygDhaTYERjKjuxTuKixYzlm6mhpEuTHQsJl3KZJjRqtvR3Mxu1LphIy3bg+nSDKVLYvwwNCLOnYwefLOOdwAErdseBvOzGw6j2ktXaR9o1HTGmBugfZN47GBqDq6Fr5TfTiZIaJFbL0JVFDhxmLs7mtL0nasfc0GGlkNzGzv5ZKIYYoC55fUrVtMoYVnvWXIM7BmK6+mc8DDA1T1xqkBU/S6z8WzjEqXRmsko/kPeUVV2ly/VjQdhsoPXPO/A+biLZPvgdu0LWbdlkqAg== X-Forefront-Antispam-Report: CIP:165.85.157.49;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mkerelay1.compute.ge-healthcare.net;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700016)(1800799024)(376014)(82310400026)(18002099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8oD+HrEWfshM2/kCy3vaIHNFzcAZDobiWJdOTiwlmS98KeeAHZ6Mz3ZXMTEdQriZ1d1B5ZPQld2R+pwTHAzJhQ+kMXNhttljKuiNAhIuxXrfB7aw4QyGQG6iYvui/GAF6fx2L9vBSlucswH7QFyK21bKDYts7Ooultz3nb20vC6a99kJ2PEOY8J9ySonQCTreBp6abg+vZGgjgcW6WD8LgBPefg1mh1ygY4G1JcoBbYbUCCQs7qSyJUQrIXBwUxMzmywIU2Rr5vTT91zM0sDgby7ONFtRv1Gtd4z4UuIXli287Y6RL8T1qVcbF/5A35W5qOPDsDboouIR3BIBkMUV0BKAHeugSJQfrMumpcbNG277WWwdI7VtrqgavsVS2NOa3KrjFZLDXPfCRhisAzhyhxH1I851LJO62/dGwu0jMlxArRsxhL9pvrW66z2ioQI X-OriginatorOrg: gehealthcare.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Apr 2026 12:55:01.9035 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d6c1090b-6b47-4f6c-67a4-08de963736ed X-MS-Exchange-CrossTenant-Id: 9a309606-d6ec-4188-a28a-298812b4bbbf X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9a309606-d6ec-4188-a28a-298812b4bbbf;Ip=[165.85.157.49];Helo=[mkerelay1.compute.ge-healthcare.net] X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-SJ5PEPF00000206.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR22MB3865 Content-Type: text/plain; charset="utf-8" Fixes cache desync, which can cause undefined instruction, translation and permission faults under heavy memory use. This is an old bug introduced in commit 1971188aa196 ("ARM: 7985/1: mm: implement pte_accessible for faulting mappings"), which included a check for the young bit of a PTE. The underlying assumption was that old pages are not cached, therefore, `__sync_icache_dcache' could be skipped entirely. However, under extreme memory pressure, page migrations happen frequently and the assumption of uncached "old" pages does not hold. Especially for systems that do not have swap, the migrated pages are unequivocally marked old. This presents a problem, as it is possible for the original page to be immediately mapped to another VA that happens to share the same cache index in VIPT I-cache (we found this bug on Cortex-A9). Without cache invalidation, the CPU will see the old mapping whose physical page can now be used for a different purpose, as illustrated below: Core Physical Memory +-------------------------------+ +------------------+ | TLB | | | | VA_A 0xb6e6f -> pfn_q | | pfn_q: code | +-------------------------------+ +------------------+ | I-cache | | set[VA_A bits] | tag=3Dpfn_q | +-------------------------------+ migrate (kcompactd): 1. copy pfn_q --> pfn_r 2. free pfn_q 3. pte: VA_a -> pfn_r 4. pte_mkold(pte) --> !young 5. ICIALLUIS skipped (because !young) pfn_src reused (OOM pressure): pte: VA_B -> pfn_q (different code) bug: Core Physical Memory +-------------------------------+ +------------------+ | TLB (empty) | | pfn_r: old code | +-------------------------------+ | pfn_q: new code | | I-cache | +------------------+ | set[VA_A bits] | tag=3Dpfn_q |<--- wrong instructions +-------------------------------+ This was verified on ba16-based board (i.MX6Quad/Dual, Cortex-A9) by instrumenting the migration code to track recently migrated pages in a ring buffer and then dumping them in the undefined instruction fault handler. The bug can be triggered with `stress-ng': stress-ng --vm 4 --vm-bytes 2G --vm-method zero-one --verify Note that the system we tested on has only 2G of memory, so the test triggered the OOM-killer in our case. Fixes: 1971188aa196 ("ARM: 7985/1: mm: implement pte_accessible for faultin= g mappings") Signed-off-by: Brian Ruley --- arch/arm/include/asm/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h index 6fa9acd6a7f5..e3a5b4a9a65f 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -185,7 +185,7 @@ static inline pte_t *pmd_page_vaddr(pmd_t pmd) #define pte_exec(pte) (pte_isclear((pte), L_PTE_XN)) =20 #define pte_valid_user(pte) \ - (pte_valid(pte) && pte_isset((pte), L_PTE_USER) && pte_young(pte)) + (pte_valid(pte) && pte_isset((pte), L_PTE_USER)) =20 static inline bool pte_access_permitted(pte_t pte, bool write) { --=20 2.47.3