From: Will Deacon <will@kernel.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"david@redhat.com" <david@redhat.com>,
"cl@linux.com" <cl@linux.com>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"penberg@kernel.org" <penberg@kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"rientjes@google.com" <rientjes@google.com>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"paulus@samba.org" <paulus@samba.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>, "pavel@ucw.cz" <pavel@ucw.cz>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"luto@kernel.org" <luto@kernel.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"Brown, Len" <len.brown@intel.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 11:20:12 +0000 [thread overview]
Message-ID: <20201028112011.GB27927@willie-the-truck> (raw)
In-Reply-To: <20201027083816.GG1154158@kernel.org>
On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P wrote:
> > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P wrote:
> > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > Indeed, for architectures that define
> > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > it is
> > > > > possible that __kernel_map_pages() would fail, but since this
> > > > > function is
> > > > > void, the failure will go unnoticed.
> > > >
> > > > Could you elaborate on how this could happen? Do you mean during
> > > > runtime today or if something new was introduced?
> > >
> > > A failure in__kernel_map_pages() may happen today. For instance, on
> > > x86
> > > if the kernel is built with DEBUG_PAGEALLOC.
> > >
> > > __kernel_map_pages(page, 1, 0);
> > >
> > > will need to split, say, 2M page and during the split an allocation
> > > of
> > > page table could fail.
> >
> > On x86 at least, DEBUG_PAGEALLOC expects to never have to break a page
> > on the direct map and even disables locking in cpa because it assumes
> > this. If this is happening somehow anyway then we should probably fix
> > that. Even if it's a debug feature, it will not be as useful if it is
> > causing its own crashes.
> >
> > I'm still wondering if there is something I'm missing here. It seems
> > like you are saying there is a bug in some arch's, so let's add a WARN
> > in cross-arch code to log it as it crashes. A warn and making things
> > clearer seem like good ideas, but if there is a bug we should fix it.
> > The code around the callers still functionally assume re-mapping can't
> > fail.
>
> Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed the call
> that unmaps pages back in safe_copy_page will just reset a 4K page to
> NP because whatever made it NP at the first place already did the split.
>
> Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of a race
> between map/unmap dance in __vunmap() and safe_copy_page() that may
> cause access to unmapped memory:
>
> __vunmap()
> vm_remove_mappings()
> set_direct_map_invalid()
> safe_copy_page()
> __kernel_map_pages()
> return
> do_copy_page() -> fault
>
> This is a theoretical bug, but it is still not nice :)
Just to clarify: this patch series fixes this problem, right?
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: "benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"david@redhat.com" <david@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"paulus@samba.org" <paulus@samba.org>,
"pavel@ucw.cz" <pavel@ucw.cz>, "hpa@zytor.com" <hpa@zytor.com>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"cl@linux.com" <cl@linux.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rientjes@google.com" <rientjes@google.com>,
"Brown, Len" <len.brown@intel.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"luto@kernel.org" <luto@kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"penberg@kernel.org" <penberg@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 11:20:12 +0000 [thread overview]
Message-ID: <20201028112011.GB27927@willie-the-truck> (raw)
In-Reply-To: <20201027083816.GG1154158@kernel.org>
On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P wrote:
> > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P wrote:
> > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > Indeed, for architectures that define
> > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > it is
> > > > > possible that __kernel_map_pages() would fail, but since this
> > > > > function is
> > > > > void, the failure will go unnoticed.
> > > >
> > > > Could you elaborate on how this could happen? Do you mean during
> > > > runtime today or if something new was introduced?
> > >
> > > A failure in__kernel_map_pages() may happen today. For instance, on
> > > x86
> > > if the kernel is built with DEBUG_PAGEALLOC.
> > >
> > > __kernel_map_pages(page, 1, 0);
> > >
> > > will need to split, say, 2M page and during the split an allocation
> > > of
> > > page table could fail.
> >
> > On x86 at least, DEBUG_PAGEALLOC expects to never have to break a page
> > on the direct map and even disables locking in cpa because it assumes
> > this. If this is happening somehow anyway then we should probably fix
> > that. Even if it's a debug feature, it will not be as useful if it is
> > causing its own crashes.
> >
> > I'm still wondering if there is something I'm missing here. It seems
> > like you are saying there is a bug in some arch's, so let's add a WARN
> > in cross-arch code to log it as it crashes. A warn and making things
> > clearer seem like good ideas, but if there is a bug we should fix it.
> > The code around the callers still functionally assume re-mapping can't
> > fail.
>
> Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed the call
> that unmaps pages back in safe_copy_page will just reset a 4K page to
> NP because whatever made it NP at the first place already did the split.
>
> Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of a race
> between map/unmap dance in __vunmap() and safe_copy_page() that may
> cause access to unmapped memory:
>
> __vunmap()
> vm_remove_mappings()
> set_direct_map_invalid()
> safe_copy_page()
> __kernel_map_pages()
> return
> do_copy_page() -> fault
>
> This is a theoretical bug, but it is still not nice :)
Just to clarify: this patch series fixes this problem, right?
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: "benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"david@redhat.com" <david@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"paulus@samba.org" <paulus@samba.org>,
"pavel@ucw.cz" <pavel@ucw.cz>, "hpa@zytor.com" <hpa@zytor.com>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"cl@linux.com" <cl@linux.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rientjes@google.com" <rientjes@google.com>,
"Brown, Len" <len.brown@intel.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"luto@kernel.org" <luto@kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"penberg@kernel.org" <penberg@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 11:20:12 +0000 [thread overview]
Message-ID: <20201028112011.GB27927@willie-the-truck> (raw)
In-Reply-To: <20201027083816.GG1154158@kernel.org>
On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P wrote:
> > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P wrote:
> > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > Indeed, for architectures that define
> > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > it is
> > > > > possible that __kernel_map_pages() would fail, but since this
> > > > > function is
> > > > > void, the failure will go unnoticed.
> > > >
> > > > Could you elaborate on how this could happen? Do you mean during
> > > > runtime today or if something new was introduced?
> > >
> > > A failure in__kernel_map_pages() may happen today. For instance, on
> > > x86
> > > if the kernel is built with DEBUG_PAGEALLOC.
> > >
> > > __kernel_map_pages(page, 1, 0);
> > >
> > > will need to split, say, 2M page and during the split an allocation
> > > of
> > > page table could fail.
> >
> > On x86 at least, DEBUG_PAGEALLOC expects to never have to break a page
> > on the direct map and even disables locking in cpa because it assumes
> > this. If this is happening somehow anyway then we should probably fix
> > that. Even if it's a debug feature, it will not be as useful if it is
> > causing its own crashes.
> >
> > I'm still wondering if there is something I'm missing here. It seems
> > like you are saying there is a bug in some arch's, so let's add a WARN
> > in cross-arch code to log it as it crashes. A warn and making things
> > clearer seem like good ideas, but if there is a bug we should fix it.
> > The code around the callers still functionally assume re-mapping can't
> > fail.
>
> Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed the call
> that unmaps pages back in safe_copy_page will just reset a 4K page to
> NP because whatever made it NP at the first place already did the split.
>
> Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of a race
> between map/unmap dance in __vunmap() and safe_copy_page() that may
> cause access to unmapped memory:
>
> __vunmap()
> vm_remove_mappings()
> set_direct_map_invalid()
> safe_copy_page()
> __kernel_map_pages()
> return
> do_copy_page() -> fault
>
> This is a theoretical bug, but it is still not nice :)
Just to clarify: this patch series fixes this problem, right?
Will
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: "david@redhat.com" <david@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"paulus@samba.org" <paulus@samba.org>,
"pavel@ucw.cz" <pavel@ucw.cz>, "hpa@zytor.com" <hpa@zytor.com>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"cl@linux.com" <cl@linux.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rientjes@google.com" <rientjes@google.com>,
"Brown, Len" <len.brown@intel.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"luto@kernel.org" <luto@kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"penberg@kernel.org" <penberg@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 11:20:12 +0000 [thread overview]
Message-ID: <20201028112011.GB27927@willie-the-truck> (raw)
In-Reply-To: <20201027083816.GG1154158@kernel.org>
On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P wrote:
> > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P wrote:
> > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > Indeed, for architectures that define
> > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > it is
> > > > > possible that __kernel_map_pages() would fail, but since this
> > > > > function is
> > > > > void, the failure will go unnoticed.
> > > >
> > > > Could you elaborate on how this could happen? Do you mean during
> > > > runtime today or if something new was introduced?
> > >
> > > A failure in__kernel_map_pages() may happen today. For instance, on
> > > x86
> > > if the kernel is built with DEBUG_PAGEALLOC.
> > >
> > > __kernel_map_pages(page, 1, 0);
> > >
> > > will need to split, say, 2M page and during the split an allocation
> > > of
> > > page table could fail.
> >
> > On x86 at least, DEBUG_PAGEALLOC expects to never have to break a page
> > on the direct map and even disables locking in cpa because it assumes
> > this. If this is happening somehow anyway then we should probably fix
> > that. Even if it's a debug feature, it will not be as useful if it is
> > causing its own crashes.
> >
> > I'm still wondering if there is something I'm missing here. It seems
> > like you are saying there is a bug in some arch's, so let's add a WARN
> > in cross-arch code to log it as it crashes. A warn and making things
> > clearer seem like good ideas, but if there is a bug we should fix it.
> > The code around the callers still functionally assume re-mapping can't
> > fail.
>
> Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed the call
> that unmaps pages back in safe_copy_page will just reset a 4K page to
> NP because whatever made it NP at the first place already did the split.
>
> Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of a race
> between map/unmap dance in __vunmap() and safe_copy_page() that may
> cause access to unmapped memory:
>
> __vunmap()
> vm_remove_mappings()
> set_direct_map_invalid()
> safe_copy_page()
> __kernel_map_pages()
> return
> do_copy_page() -> fault
>
> This is a theoretical bug, but it is still not nice :)
Just to clarify: this patch series fixes this problem, right?
Will
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: Mike Rapoport <rppt@kernel.org>
Cc: "benh@kernel.crashing.org" <benh@kernel.crashing.org>,
"david@redhat.com" <david@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"paulus@samba.org" <paulus@samba.org>,
"pavel@ucw.cz" <pavel@ucw.cz>, "hpa@zytor.com" <hpa@zytor.com>,
"sparclinux@vger.kernel.org" <sparclinux@vger.kernel.org>,
"cl@linux.com" <cl@linux.com>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"mpe@ellerman.id.au" <mpe@ellerman.id.au>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@linux.ibm.com" <rppt@linux.ibm.com>,
"borntraeger@de.ibm.com" <borntraeger@de.ibm.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rientjes@google.com" <rientjes@google.com>,
"Brown, Len" <len.brown@intel.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"bp@alien8.de" <bp@alien8.de>,
"luto@kernel.org" <luto@kernel.org>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"rjw@rjwysocki.net" <rjw@rjwysocki.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"penberg@kernel.org" <penberg@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [PATCH 0/4] arch, mm: improve robustness of direct map manipulation
Date: Wed, 28 Oct 2020 11:20:12 +0000 [thread overview]
Message-ID: <20201028112011.GB27927@willie-the-truck> (raw)
In-Reply-To: <20201027083816.GG1154158@kernel.org>
On Tue, Oct 27, 2020 at 10:38:16AM +0200, Mike Rapoport wrote:
> On Mon, Oct 26, 2020 at 06:05:30PM +0000, Edgecombe, Rick P wrote:
> > On Mon, 2020-10-26 at 11:05 +0200, Mike Rapoport wrote:
> > > On Mon, Oct 26, 2020 at 01:13:52AM +0000, Edgecombe, Rick P wrote:
> > > > On Sun, 2020-10-25 at 12:15 +0200, Mike Rapoport wrote:
> > > > > Indeed, for architectures that define
> > > > > CONFIG_ARCH_HAS_SET_DIRECT_MAP
> > > > > it is
> > > > > possible that __kernel_map_pages() would fail, but since this
> > > > > function is
> > > > > void, the failure will go unnoticed.
> > > >
> > > > Could you elaborate on how this could happen? Do you mean during
> > > > runtime today or if something new was introduced?
> > >
> > > A failure in__kernel_map_pages() may happen today. For instance, on
> > > x86
> > > if the kernel is built with DEBUG_PAGEALLOC.
> > >
> > > __kernel_map_pages(page, 1, 0);
> > >
> > > will need to split, say, 2M page and during the split an allocation
> > > of
> > > page table could fail.
> >
> > On x86 at least, DEBUG_PAGEALLOC expects to never have to break a page
> > on the direct map and even disables locking in cpa because it assumes
> > this. If this is happening somehow anyway then we should probably fix
> > that. Even if it's a debug feature, it will not be as useful if it is
> > causing its own crashes.
> >
> > I'm still wondering if there is something I'm missing here. It seems
> > like you are saying there is a bug in some arch's, so let's add a WARN
> > in cross-arch code to log it as it crashes. A warn and making things
> > clearer seem like good ideas, but if there is a bug we should fix it.
> > The code around the callers still functionally assume re-mapping can't
> > fail.
>
> Oh, I've meant x86 kernel *without* DEBUG_PAGEALLOC, and indeed the call
> that unmaps pages back in safe_copy_page will just reset a 4K page to
> NP because whatever made it NP at the first place already did the split.
>
> Still, on arm64 with DEBUG_PAGEALLOC=n there is a possibility of a race
> between map/unmap dance in __vunmap() and safe_copy_page() that may
> cause access to unmapped memory:
>
> __vunmap()
> vm_remove_mappings()
> set_direct_map_invalid()
> safe_copy_page()
> __kernel_map_pages()
> return
> do_copy_page() -> fault
>
> This is a theoretical bug, but it is still not nice :)
Just to clarify: this patch series fixes this problem, right?
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-29 0:58 UTC|newest]
Thread overview: 219+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-25 10:15 [PATCH 0/4] arch, mm: improve robustness of direct map manipulation Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` [PATCH 1/4] mm: introduce debug_pagealloc_map_pages() helper Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:05 ` David Hildenbrand
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:54 ` Mike Rapoport
2020-10-26 11:55 ` David Hildenbrand
2020-10-26 11:55 ` David Hildenbrand
2020-10-26 11:55 ` David Hildenbrand
2020-10-26 11:55 ` David Hildenbrand
2020-10-26 11:55 ` David Hildenbrand
2020-10-25 10:15 ` [PATCH 2/4] PM: hibernate: improve robustness of mapping pages in the direct map Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 0:38 ` Edgecombe, Rick P
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 9:15 ` Mike Rapoport
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-26 18:57 ` Edgecombe, Rick P
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 8:49 ` Mike Rapoport
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-27 22:44 ` Edgecombe, Rick P
2020-10-28 9:41 ` Mike Rapoport
2020-10-28 9:41 ` Mike Rapoport
2020-10-28 9:41 ` Mike Rapoport
2020-10-28 9:41 ` Mike Rapoport
2020-10-28 9:41 ` Mike Rapoport
2020-10-28 9:41 ` Mike Rapoport
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-27 1:10 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-28 21:15 ` Edgecombe, Rick P
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 7:54 ` Mike Rapoport
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-11-01 17:02 ` Mike Rapoport
2020-11-01 17:02 ` Mike Rapoport
2020-11-01 17:02 ` Mike Rapoport
2020-11-01 17:02 ` Mike Rapoport
2020-11-01 17:02 ` Mike Rapoport
2020-11-01 17:02 ` Mike Rapoport
2020-10-25 10:15 ` [PATCH 3/4] arch, mm: restore dependency of __kernel_map_pages() of DEBUG_PAGEALLOC Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` [PATCH 4/4] arch, mm: make kernel_page_present() always available Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-25 10:15 ` Mike Rapoport
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 0:54 ` Edgecombe, Rick P
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 9:31 ` Mike Rapoport
2020-10-26 1:13 ` [PATCH 0/4] arch, mm: improve robustness of direct map manipulation Edgecombe, Rick P
2020-10-26 1:13 ` Edgecombe, Rick P
2020-10-26 1:13 ` Edgecombe, Rick P
2020-10-26 1:13 ` Edgecombe, Rick P
2020-10-26 1:13 ` Edgecombe, Rick P
2020-10-26 1:13 ` Edgecombe, Rick P
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 9:05 ` Mike Rapoport
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-26 18:05 ` Edgecombe, Rick P
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:38 ` Mike Rapoport
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 8:46 ` David Hildenbrand
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 9:47 ` Mike Rapoport
2020-10-27 10:34 ` David Hildenbrand
2020-10-27 10:34 ` David Hildenbrand
2020-10-27 10:34 ` David Hildenbrand
2020-10-27 10:34 ` David Hildenbrand
2020-10-27 10:34 ` David Hildenbrand
2020-10-27 10:34 ` David Hildenbrand
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:09 ` Mike Rapoport
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 11:17 ` David Hildenbrand
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 12:22 ` Mike Rapoport
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 18:31 ` Edgecombe, Rick P
2020-10-28 11:20 ` Will Deacon [this message]
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:20 ` Will Deacon
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 11:30 ` Mike Rapoport
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-28 21:03 ` Edgecombe, Rick P
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 8:12 ` Mike Rapoport
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 23:19 ` Edgecombe, Rick P
2020-10-29 8:15 ` David Hildenbrand
2020-10-29 8:15 ` David Hildenbrand
2020-10-29 8:15 ` David Hildenbrand
2020-10-29 8:15 ` David Hildenbrand
2020-10-29 8:15 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201028112011.GB27927@willie-the-truck \
--to=will@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=aou@eecs.berkeley.edu \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=david@redhat.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kirill@shutemov.name \
--cc=len.brown@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=paulus@samba.org \
--cc=pavel@ucw.cz \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=rppt@kernel.org \
--cc=rppt@linux.ibm.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.