From: Anshuman Khandual <anshuman.khandual@arm.com> To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Anshuman Khandual <anshuman.khandual@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>, Mark Rutland <mark.rutland@arm.com>, James Morse <james.morse@arm.com>, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault() Date: Wed, 29 May 2019 18:04:42 +0530 [thread overview] Message-ID: <1559133285-27986-2-git-send-email-anshuman.khandual@arm.com> (raw) In-Reply-To: <1559133285-27986-1-git-send-email-anshuman.khandual@arm.com> There is an inconsistency between down_read_trylock() success and failure paths while dealing with kernel access for non exception table areas where it calls __do_kernel_fault(). In case of failure it just bails out without holding mmap_sem but when it succeeds it does so while holding mmap_sem. Fix this inconsistency by just dropping mmap_sem in success path as well. __do_kernel_fault() calls die_kernel_fault() which then calls show_pte(). show_pte() in this path might become bit more unreliable without holding mmap_sem. But there are already instances [1] in do_page_fault() where die_kernel_fault() gets called without holding mmap_sem. show_pte() can be made more robust independently but in a later patch. [1] Conditional block for (is_ttbr0_addr && is_el1_permission_fault) Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: James Morse <james.morse@arm.com> Cc: Andrey Konovalov <andreyknvl@google.com> --- arch/arm64/mm/fault.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index a30818e..dc1cf32 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -503,8 +503,10 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, */ might_sleep(); #ifdef CONFIG_DEBUG_VM - if (!user_mode(regs) && !search_exception_tables(regs->pc)) + if (!user_mode(regs) && !search_exception_tables(regs->pc)) { + up_read(&mm->mmap_sem); goto no_context; + } #endif } -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Anshuman Khandual <anshuman.khandual@arm.com> To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Mark Rutland <mark.rutland@arm.com>, Anshuman Khandual <anshuman.khandual@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>, James Morse <james.morse@arm.com>, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault() Date: Wed, 29 May 2019 18:04:42 +0530 [thread overview] Message-ID: <1559133285-27986-2-git-send-email-anshuman.khandual@arm.com> (raw) In-Reply-To: <1559133285-27986-1-git-send-email-anshuman.khandual@arm.com> There is an inconsistency between down_read_trylock() success and failure paths while dealing with kernel access for non exception table areas where it calls __do_kernel_fault(). In case of failure it just bails out without holding mmap_sem but when it succeeds it does so while holding mmap_sem. Fix this inconsistency by just dropping mmap_sem in success path as well. __do_kernel_fault() calls die_kernel_fault() which then calls show_pte(). show_pte() in this path might become bit more unreliable without holding mmap_sem. But there are already instances [1] in do_page_fault() where die_kernel_fault() gets called without holding mmap_sem. show_pte() can be made more robust independently but in a later patch. [1] Conditional block for (is_ttbr0_addr && is_el1_permission_fault) Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: James Morse <james.morse@arm.com> Cc: Andrey Konovalov <andreyknvl@google.com> --- arch/arm64/mm/fault.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index a30818e..dc1cf32 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -503,8 +503,10 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, */ might_sleep(); #ifdef CONFIG_DEBUG_VM - if (!user_mode(regs) && !search_exception_tables(regs->pc)) + if (!user_mode(regs) && !search_exception_tables(regs->pc)) { + up_read(&mm->mmap_sem); goto no_context; + } #endif } -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-05-29 12:34 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-05-29 12:34 [PATCH 0/4] arm64/mm: Fixes and cleanups for do_page_fault() Anshuman Khandual 2019-05-29 12:34 ` Anshuman Khandual 2019-05-29 12:34 ` Anshuman Khandual [this message] 2019-05-29 12:34 ` [PATCH 1/4] arm64/mm: Drop mmap_sem before calling __do_kernel_fault() Anshuman Khandual 2019-05-29 12:34 ` [PATCH 2/4] arm64/mm: Drop task_struct argument from __do_page_fault() Anshuman Khandual 2019-05-29 12:34 ` Anshuman Khandual 2019-05-29 12:34 ` [PATCH 3/4] arm64/mm: Consolidate page fault information capture Anshuman Khandual 2019-05-29 12:34 ` Anshuman Khandual 2019-05-29 14:53 ` Mark Rutland 2019-05-29 14:53 ` Mark Rutland 2019-05-31 9:10 ` Anshuman Khandual 2019-05-31 9:10 ` Anshuman Khandual 2019-05-29 12:34 ` [PATCH 4/4] arm64/mm: Drop vm_fault_t argument from __do_page_fault() Anshuman Khandual 2019-05-29 12:34 ` Anshuman Khandual 2019-05-29 15:11 ` Mark Rutland 2019-05-29 15:11 ` Mark Rutland 2019-05-31 9:05 ` Anshuman Khandual 2019-05-31 9:05 ` Anshuman Khandual 2019-05-30 6:34 ` Christoph Hellwig 2019-05-30 6:34 ` Christoph Hellwig 2019-05-31 8:55 ` Anshuman Khandual 2019-05-31 8:55 ` Anshuman Khandual 2019-05-29 12:41 ` [PATCH 0/4] arm64/mm: Fixes and cleanups for do_page_fault() Will Deacon 2019-05-29 12:41 ` Will Deacon 2019-05-29 12:59 ` Anshuman Khandual 2019-05-29 12:59 ` Anshuman Khandual
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1559133285-27986-2-git-send-email-anshuman.khandual@arm.com \ --to=anshuman.khandual@arm.com \ --cc=andreyknvl@google.com \ --cc=catalin.marinas@arm.com \ --cc=james.morse@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.