From: Catalin Marinas <catalin.marinas@arm.com>
To: Jia He <justin.he@arm.com>
Cc: Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
James Morse <james.morse@arm.com>, Marc Zyngier <maz@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Suzuki Poulose <Suzuki.Poulose@arm.com>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
hejianet@gmail.com, Kaly Xin <Kaly.Xin@arm.com>,
nd@arm.com
Subject: Re: [PATCH v11 4/4] mm: fix double page fault on arm64 if PTE_AF is cleared
Date: Thu, 10 Oct 2019 17:45:21 +0100 [thread overview]
Message-ID: <20191010164520.GC40923@arrakis.emea.arm.com> (raw)
In-Reply-To: <20191009084246.123354-5-justin.he@arm.com>
On Wed, Oct 09, 2019 at 04:42:46PM +0800, Jia He wrote:
> When we tested pmdk unit test [1] vmmalloc_fork TEST3 on arm64 guest, there
> will be a double page fault in __copy_from_user_inatomic of cow_user_page.
>
> To reproduce the bug, the cmd is as follows after you deployed everything:
> make -C src/test/vmmalloc_fork/ TEST_TIME=60m check
>
> Below call trace is from arm64 do_page_fault for debugging purpose:
> [ 110.016195] Call trace:
> [ 110.016826] do_page_fault+0x5a4/0x690
> [ 110.017812] do_mem_abort+0x50/0xb0
> [ 110.018726] el1_da+0x20/0xc4
> [ 110.019492] __arch_copy_from_user+0x180/0x280
> [ 110.020646] do_wp_page+0xb0/0x860
> [ 110.021517] __handle_mm_fault+0x994/0x1338
> [ 110.022606] handle_mm_fault+0xe8/0x180
> [ 110.023584] do_page_fault+0x240/0x690
> [ 110.024535] do_mem_abort+0x50/0xb0
> [ 110.025423] el0_da+0x20/0x24
>
> The pte info before __copy_from_user_inatomic is (PTE_AF is cleared):
> [ffff9b007000] pgd=000000023d4f8003, pud=000000023da9b003,
> pmd=000000023d4b3003, pte=360000298607bd3
>
> As told by Catalin: "On arm64 without hardware Access Flag, copying from
> user will fail because the pte is old and cannot be marked young. So we
> always end up with zeroed page after fork() + CoW for pfn mappings. we
> don't always have a hardware-managed access flag on arm64."
>
> This patch fixes it by calling pte_mkyoung. Also, the parameter is
> changed because vmf should be passed to cow_user_page()
>
> Add a WARN_ON_ONCE when __copy_from_user_inatomic() returns error
> in case there can be some obscure use-case (by Kirill).
>
> [1] https://github.com/pmem/pmdk/tree/master/src/test/vmmalloc_fork
>
> Signed-off-by: Jia He <justin.he@arm.com>
> Reported-by: Yibo Cai <Yibo.Cai@arm.com>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
My reviewed-by still stands. Thanks.
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Jia He <justin.he@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>, Kaly Xin <Kaly.Xin@arm.com>,
Suzuki Poulose <Suzuki.Poulose@arm.com>,
Marc Zyngier <maz@kernel.org>,
x86@kernel.org, hejianet@gmail.com, linux-kernel@vger.kernel.org,
Matthew Wilcox <willy@infradead.org>,
linux-mm@kvack.org, James Morse <james.morse@arm.com>,
linux-arm-kernel@lists.infradead.org,
"H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
nd@arm.com, Will Deacon <will@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v11 4/4] mm: fix double page fault on arm64 if PTE_AF is cleared
Date: Thu, 10 Oct 2019 17:45:21 +0100 [thread overview]
Message-ID: <20191010164520.GC40923@arrakis.emea.arm.com> (raw)
In-Reply-To: <20191009084246.123354-5-justin.he@arm.com>
On Wed, Oct 09, 2019 at 04:42:46PM +0800, Jia He wrote:
> When we tested pmdk unit test [1] vmmalloc_fork TEST3 on arm64 guest, there
> will be a double page fault in __copy_from_user_inatomic of cow_user_page.
>
> To reproduce the bug, the cmd is as follows after you deployed everything:
> make -C src/test/vmmalloc_fork/ TEST_TIME=60m check
>
> Below call trace is from arm64 do_page_fault for debugging purpose:
> [ 110.016195] Call trace:
> [ 110.016826] do_page_fault+0x5a4/0x690
> [ 110.017812] do_mem_abort+0x50/0xb0
> [ 110.018726] el1_da+0x20/0xc4
> [ 110.019492] __arch_copy_from_user+0x180/0x280
> [ 110.020646] do_wp_page+0xb0/0x860
> [ 110.021517] __handle_mm_fault+0x994/0x1338
> [ 110.022606] handle_mm_fault+0xe8/0x180
> [ 110.023584] do_page_fault+0x240/0x690
> [ 110.024535] do_mem_abort+0x50/0xb0
> [ 110.025423] el0_da+0x20/0x24
>
> The pte info before __copy_from_user_inatomic is (PTE_AF is cleared):
> [ffff9b007000] pgd=000000023d4f8003, pud=000000023da9b003,
> pmd=000000023d4b3003, pte=360000298607bd3
>
> As told by Catalin: "On arm64 without hardware Access Flag, copying from
> user will fail because the pte is old and cannot be marked young. So we
> always end up with zeroed page after fork() + CoW for pfn mappings. we
> don't always have a hardware-managed access flag on arm64."
>
> This patch fixes it by calling pte_mkyoung. Also, the parameter is
> changed because vmf should be passed to cow_user_page()
>
> Add a WARN_ON_ONCE when __copy_from_user_inatomic() returns error
> in case there can be some obscure use-case (by Kirill).
>
> [1] https://github.com/pmem/pmdk/tree/master/src/test/vmmalloc_fork
>
> Signed-off-by: Jia He <justin.he@arm.com>
> Reported-by: Yibo Cai <Yibo.Cai@arm.com>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
> Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
My reviewed-by still stands. Thanks.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-10-10 16:45 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-09 8:42 [PATCH v11 0/4] fix double page fault in cow_user_page for pfn mapping Jia He
2019-10-09 8:42 ` Jia He
2019-10-09 8:42 ` [PATCH v11 1/4] arm64: cpufeature: introduce helper cpu_has_hw_af() Jia He
2019-10-09 8:42 ` Jia He
2019-10-10 16:43 ` Catalin Marinas
2019-10-10 16:43 ` Catalin Marinas
2019-10-11 1:16 ` Justin He (Arm Technology China)
2019-10-11 1:16 ` Justin He (Arm Technology China)
2019-10-11 1:16 ` Justin He (Arm Technology China)
2019-10-11 10:38 ` Catalin Marinas
2019-10-11 10:38 ` Catalin Marinas
2019-10-11 10:38 ` Catalin Marinas
2019-10-11 13:51 ` Justin He (Arm Technology China)
2019-10-11 13:51 ` Justin He (Arm Technology China)
2019-10-11 13:51 ` Justin He (Arm Technology China)
2019-10-09 8:42 ` [PATCH v11 2/4] arm64: mm: implement arch_faults_on_old_pte() on arm64 Jia He
2019-10-09 8:42 ` Jia He
2019-10-09 8:42 ` [PATCH v11 3/4] x86/mm: implement arch_faults_on_old_pte() stub on x86 Jia He
2019-10-09 8:42 ` Jia He
2019-10-09 8:42 ` [PATCH v11 4/4] mm: fix double page fault on arm64 if PTE_AF is cleared Jia He
2019-10-09 8:42 ` Jia He
2019-10-10 16:45 ` Catalin Marinas [this message]
2019-10-10 16:45 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191010164520.GC40923@arrakis.emea.arm.com \
--to=catalin.marinas@arm.com \
--cc=Kaly.Xin@arm.com \
--cc=Suzuki.Poulose@arm.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=hejianet@gmail.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=justin.he@arm.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=nd@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.