All of lore.kernel.org
 help / color / mirror / Atom feed
From: Toshi Kani <toshi.kani@hpe.com>
To: Stas Sergeev <stsp@list.ru>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Toshi Kani <toshi.kani@hp.com>, Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
	Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Brian Gerst <brgerst@gmail.com>,
	Denys Vlasenko <dvlasenk@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Stas Sergeev <stsp@users.sourceforge.net>
Subject: Re: [PATCH v2 0/4] x86: sigcontext fixes, again
Date: Mon, 02 Nov 2015 10:01:23 -0700	[thread overview]
Message-ID: <1446483683.20657.189.camel@hpe.com> (raw)
In-Reply-To: <5634AD00.9000405@list.ru>

On Sat, 2015-10-31 at 14:58 +0300, Stas Sergeev wrote:
> 29.10.2015 01:51, Toshi Kani пишет:
> > On Wed, 2015-10-28 at 13:22 -0600, Toshi Kani wrote:
> > > On Wed, 2015-10-28 at 10:34 -0600, Toshi Kani wrote:

:

> > > I looked at the dosemu code and was able to reproduce the issue with a
> > > test program.  This problem happens when mremap() to /dev/mem (or PFNMAP)
> > > is called with MREMAP_FIXED.
> > > 
> > > In this case, mremap calls move_vma(), which first calls 
> > > move_page_tables() to remap the translation and then calls do_munmap() to 
> > > remove the original mapping.  Hence, when untrack_pfn() is called from 
> > > do_munmap(), the original map is already removed, and follow_phys() fails 
> > > with the !pte_present() check.
> > > 
> > > I think there are a couple of issues:
> > >   - If untrack_pfn() ignores an error from follow_phys() and skips
> > > free_pfn_range(), PAT continues to track the original map that is removed.
> > >   - untrack_pfn() calls free_pfn_range() to untrack a given free range.
> > >   However, rbt_memtype_erase() requires the free range match exactly to 
> > > the tracked range.  This does not support mremap, which needs to free up
> > > part of the tracked range.
> > >   - PAT does not track a new translation specified by mremap() with 
> > > MREMAP_FIXED.
> > Thinking further, I think the 1st and 3rd items are non-issues.  mremap 
> > remaps virtual address, but keeps the same cache type and pfns.  So, PAT 
> > does not have to change the tracked pfns in this case.  The 2nd item is 
> > still a problem, though.
> Hello Toshi, thanks for your analysis.
> Now as you do not seem to be preparing a fix, how
> about attaching your test-case to the bug-report for
> others to re-use? Or maybe you can even make it a
> part of the kernel's test suit - I suppose this will help.

I can work on the fix, but I did not think we needed to rush on it since this
issue exists for a long time.  Can we target it to 4.4-rcX and then cc to
stables?

As for the test, it might be tricky to make it run on any platforms since it
needs to mmap/mremap a non-RAM range.  It could just map a reserved range
randomly, but I chose a range manually which I know is safe to map & read/write
on my platform in my test.

Thanks,
-Toshi

  reply	other threads:[~2015-11-02 17:05 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-26  1:25 [PATCH v2 0/4] x86: sigcontext fixes, again Andy Lutomirski
2015-10-26  1:25 ` [PATCH v2 1/4] x86/signal/64: Add a comment about sigcontext->fs and gs Andy Lutomirski
2015-10-31 15:25   ` Stas Sergeev
2015-12-07 23:23     ` Andy Lutomirski
2015-12-29 12:24       ` Stas Sergeev
2015-12-29 12:31         ` Andy Lutomirski
2015-10-26  1:25 ` [PATCH v2 2/4] x86/signal/64: Fix SS if needed when delivering a 64-bit signal Andy Lutomirski
2015-10-26  1:25 ` [PATCH v2 3/4] x86/signal/64: Re-add support for SS in the 64-bit signal context Andy Lutomirski
2015-10-31 15:18   ` Stas Sergeev
2015-10-26  1:25 ` [PATCH v2 4/4] selftests/x86: Add tests for UC_SIGCONTEXT_SS and UC_STRICT_RESTORE_SS Andy Lutomirski
2015-10-26 11:45 ` [PATCH v2 0/4] x86: sigcontext fixes, again Stas Sergeev
2015-10-27  0:52   ` Andy Lutomirski
2015-10-27 14:05     ` Stas Sergeev
2015-10-27 22:37       ` Linus Torvalds
2015-10-28  0:04         ` Toshi Kani
2015-10-28  9:53           ` Stas Sergeev
2015-10-28 16:34             ` Toshi Kani
2015-10-28 19:22               ` Toshi Kani
2015-10-28 22:51                 ` Toshi Kani
2015-10-31 11:58                   ` Stas Sergeev
2015-11-02 17:01                     ` Toshi Kani [this message]
2015-10-30 23:50       ` Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1446483683.20657.189.camel@hpe.com \
    --to=toshi.kani@hpe.com \
    --cc=akpm@linux-foundation.org \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=dvlasenk@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=stsp@list.ru \
    --cc=stsp@users.sourceforge.net \
    --cc=torvalds@linux-foundation.org \
    --cc=toshi.kani@hp.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.