From: Anshuman Khandual <anshuman.khandual@arm.com>
To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Anshuman Khandual <anshuman.khandual@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
James Morse <james.morse@arm.com>,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault()
Date: Wed, 29 May 2019 18:04:42 +0530 [thread overview]
Message-ID: <1559133285-27986-2-git-send-email-anshuman.khandual@arm.com> (raw)
In-Reply-To: <1559133285-27986-1-git-send-email-anshuman.khandual@arm.com>
There is an inconsistency between down_read_trylock() success and failure
paths while dealing with kernel access for non exception table areas where
it calls __do_kernel_fault(). In case of failure it just bails out without
holding mmap_sem but when it succeeds it does so while holding mmap_sem.
Fix this inconsistency by just dropping mmap_sem in success path as well.
__do_kernel_fault() calls die_kernel_fault() which then calls show_pte().
show_pte() in this path might become bit more unreliable without holding
mmap_sem. But there are already instances [1] in do_page_fault() where
die_kernel_fault() gets called without holding mmap_sem. show_pte() can
be made more robust independently but in a later patch.
[1] Conditional block for (is_ttbr0_addr && is_el1_permission_fault)
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
---
arch/arm64/mm/fault.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index a30818e..dc1cf32 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -503,8 +503,10 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
*/
might_sleep();
#ifdef CONFIG_DEBUG_VM
- if (!user_mode(regs) && !search_exception_tables(regs->pc))
+ if (!user_mode(regs) && !search_exception_tables(regs->pc)) {
+ up_read(&mm->mmap_sem);
goto no_context;
+ }
#endif
}
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Anshuman Khandual <anshuman.khandual@arm.com>
To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
Anshuman Khandual <anshuman.khandual@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
James Morse <james.morse@arm.com>,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault()
Date: Wed, 29 May 2019 18:04:42 +0530 [thread overview]
Message-ID: <1559133285-27986-2-git-send-email-anshuman.khandual@arm.com> (raw)
In-Reply-To: <1559133285-27986-1-git-send-email-anshuman.khandual@arm.com>
There is an inconsistency between down_read_trylock() success and failure
paths while dealing with kernel access for non exception table areas where
it calls __do_kernel_fault(). In case of failure it just bails out without
holding mmap_sem but when it succeeds it does so while holding mmap_sem.
Fix this inconsistency by just dropping mmap_sem in success path as well.
__do_kernel_fault() calls die_kernel_fault() which then calls show_pte().
show_pte() in this path might become bit more unreliable without holding
mmap_sem. But there are already instances [1] in do_page_fault() where
die_kernel_fault() gets called without holding mmap_sem. show_pte() can
be made more robust independently but in a later patch.
[1] Conditional block for (is_ttbr0_addr && is_el1_permission_fault)
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
---
arch/arm64/mm/fault.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index a30818e..dc1cf32 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -503,8 +503,10 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
*/
might_sleep();
#ifdef CONFIG_DEBUG_VM
- if (!user_mode(regs) && !search_exception_tables(regs->pc))
+ if (!user_mode(regs) && !search_exception_tables(regs->pc)) {
+ up_read(&mm->mmap_sem);
goto no_context;
+ }
#endif
}
--
2.7.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-05-29 12:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-29 12:34 [PATCH 0/4] arm64/mm: Fixes and cleanups for do_page_fault() Anshuman Khandual
2019-05-29 12:34 ` Anshuman Khandual
2019-05-29 12:34 ` Anshuman Khandual [this message]
2019-05-29 12:34 ` [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault() Anshuman Khandual
2019-05-29 12:34 ` [PATCH 2/4] arm64/mm: Drop task_struct argument from __do_page_fault() Anshuman Khandual
2019-05-29 12:34 ` Anshuman Khandual
2019-05-29 12:34 ` [PATCH 3/4] arm64/mm: Consolidate page fault information capture Anshuman Khandual
2019-05-29 12:34 ` Anshuman Khandual
2019-05-29 14:53 ` Mark Rutland
2019-05-29 14:53 ` Mark Rutland
2019-05-31 9:10 ` Anshuman Khandual
2019-05-31 9:10 ` Anshuman Khandual
2019-05-29 12:34 ` [PATCH 4/4] arm64/mm: Drop vm_fault_t argument from __do_page_fault() Anshuman Khandual
2019-05-29 12:34 ` Anshuman Khandual
2019-05-29 15:11 ` Mark Rutland
2019-05-29 15:11 ` Mark Rutland
2019-05-31 9:05 ` Anshuman Khandual
2019-05-31 9:05 ` Anshuman Khandual
2019-05-30 6:34 ` Christoph Hellwig
2019-05-30 6:34 ` Christoph Hellwig
2019-05-31 8:55 ` Anshuman Khandual
2019-05-31 8:55 ` Anshuman Khandual
2019-05-29 12:41 ` [PATCH 0/4] arm64/mm: Fixes and cleanups for do_page_fault() Will Deacon
2019-05-29 12:41 ` Will Deacon
2019-05-29 12:59 ` Anshuman Khandual
2019-05-29 12:59 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1559133285-27986-2-git-send-email-anshuman.khandual@arm.com \
--to=anshuman.khandual@arm.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.