From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C80FDC4332F for ; Tue, 22 Nov 2022 09:58:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233166AbiKVJ6Q (ORCPT ); Tue, 22 Nov 2022 04:58:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233113AbiKVJ57 (ORCPT ); Tue, 22 Nov 2022 04:57:59 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 255611580C for ; Tue, 22 Nov 2022 01:57:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B4CEA6160D for ; Tue, 22 Nov 2022 09:57:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8435C433C1; Tue, 22 Nov 2022 09:57:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669111074; bh=sHy129/fTPTMr30ytMQ+Mv9Fw9nOip00sz2ioeenqe0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TRip4teqKgeKP+0ivwczuYPgAJsQCkKxSnO6hdzTi3VzSD+KuBuNqdeHE7yqi6SXN +FsKYRE6BwO/U8R2Gyqb37Txcn0Y0EROO4vEh7a+ikRvBvq70vSdUzvWeF+p8rHKJG tZ9wC/KQyyAohjkcXErUASOIjFzmKrTYPnxEpwissxK8dx4skQva5OHdMupe+rZ4kq S2QbP3u7wfMockFVFWmkaJtv/EK9QCkbc8eWajKych2+7mI8mVfCJjbfz04KQHIJj3 Ytc2LVq3YRNQ7rn2RgvSKBZiaHdhxRSBWtva4IXrLRkUNQq0ae7h6PhpJ1X0TzVR7O 6pXLSY33E9yKw== Date: Tue, 22 Nov 2022 09:57:49 +0000 From: Will Deacon To: Anshuman Khandual Cc: linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com, Mark Rutland , Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH] arm64/mm: Intercept pfn changes in set_pte_at() Message-ID: <20221122095748.GA19471@willie-the-truck> References: <20221116031001.292236-1-anshuman.khandual@arm.com> <20221118141317.GF4046@willie-the-truck> <879e561c-e834-196c-b9c5-6e44ac2c0296@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <879e561c-e834-196c-b9c5-6e44ac2c0296@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022 at 01:43:17PM +0530, Anshuman Khandual wrote: > > > On 11/18/22 19:43, Will Deacon wrote: > > On Wed, Nov 16, 2022 at 08:40:01AM +0530, Anshuman Khandual wrote: > >> Changing pfn on a user page table mapped entry, without first going through > >> break-before-make (BBM) procedure is unsafe. This just updates set_pte_at() > >> to intercept such changes, via an updated pgattr_change_is_safe(). This new > >> check happens via __check_racy_pte_update(), which has now been renamed as > >> __check_safe_pte_update(). > >> > >> Cc: Catalin Marinas > >> Cc: Will Deacon > >> Cc: Mark Rutland > >> Cc: Andrew Morton > >> Cc: linux-arm-kernel@lists.infradead.org > >> Cc: linux-kernel@vger.kernel.org > >> Signed-off-by: Anshuman Khandual > >> --- > >> This applies on v6.1-rc4 > >> > >> arch/arm64/include/asm/pgtable.h | 8 ++++++-- > >> arch/arm64/mm/mmu.c | 8 +++++++- > >> 2 files changed, 13 insertions(+), 3 deletions(-) > > > > I remember Mark saying that BBM is sometimes violated by the core code in > > cases where the pte isn't actually part of a live pgtable (e.g. if it's on > > the stack or part of a newly allocated table). Won't that cause false > > positives here? > > Could you please elaborate ? If the pte is not on a live page table, then > pte_valid() will return negative on such entries. So any update there will > be safe. I am wondering, how this change will cause false positives which > would not have been possible earlier. I don't think pte_valid() will always return false for these entries. Consider, for example, ptes which are valid but which live in a table that is not reachable by the MMU. I think this is what Mark had in mind, but it would be helpful if he could chime in with the specific example he ran into. Will From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5E87FC4332F for ; Tue, 22 Nov 2022 09:58:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=vWnOnFtiWxsVrFeXFAoO58LtR6VhP7buzEuH+xIEEo4=; b=paElqUlT4LE5so IbQ7Oh++RHjcxVi6Uuc7XSnRuY8lM6uvgQ5Y4vquDCRujScLYOB1++zb6a7Yt/hPQwUViZxlmmjhK 0c+FqZ4NfBfuKPEsIL7GC6RB9/C+F+xhPqRzUCrjXY71QazlBp6A44x4lr7W6XuiiJBAP5DPnJBrG wqhtRQ0E7FH72M19v9X/vT9rjNNjvPoe5dwCFmbxIHdjlkFurNBg1ND9J9+RvzEi4vny4tOIZlLP7 vcqnODlFzl85SBzCwYa2xaKD3W3D4NqQfSIRAjnPrzpzFm5hwMp65iDGWqwY6bc1fZjBhoopPHC9a Eam20f0/mR0CezJu5MJQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oxQ2Q-007Tb7-ON; Tue, 22 Nov 2022 09:57:58 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oxQ2N-007TUx-B3 for linux-arm-kernel@lists.infradead.org; Tue, 22 Nov 2022 09:57:56 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B0176615D2; Tue, 22 Nov 2022 09:57:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8435C433C1; Tue, 22 Nov 2022 09:57:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1669111074; bh=sHy129/fTPTMr30ytMQ+Mv9Fw9nOip00sz2ioeenqe0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TRip4teqKgeKP+0ivwczuYPgAJsQCkKxSnO6hdzTi3VzSD+KuBuNqdeHE7yqi6SXN +FsKYRE6BwO/U8R2Gyqb37Txcn0Y0EROO4vEh7a+ikRvBvq70vSdUzvWeF+p8rHKJG tZ9wC/KQyyAohjkcXErUASOIjFzmKrTYPnxEpwissxK8dx4skQva5OHdMupe+rZ4kq S2QbP3u7wfMockFVFWmkaJtv/EK9QCkbc8eWajKych2+7mI8mVfCJjbfz04KQHIJj3 Ytc2LVq3YRNQ7rn2RgvSKBZiaHdhxRSBWtva4IXrLRkUNQq0ae7h6PhpJ1X0TzVR7O 6pXLSY33E9yKw== Date: Tue, 22 Nov 2022 09:57:49 +0000 From: Will Deacon To: Anshuman Khandual Cc: linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com, Mark Rutland , Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH] arm64/mm: Intercept pfn changes in set_pte_at() Message-ID: <20221122095748.GA19471@willie-the-truck> References: <20221116031001.292236-1-anshuman.khandual@arm.com> <20221118141317.GF4046@willie-the-truck> <879e561c-e834-196c-b9c5-6e44ac2c0296@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <879e561c-e834-196c-b9c5-6e44ac2c0296@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221122_015755_443937_DF7A4916 X-CRM114-Status: GOOD ( 25.76 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Nov 22, 2022 at 01:43:17PM +0530, Anshuman Khandual wrote: > > > On 11/18/22 19:43, Will Deacon wrote: > > On Wed, Nov 16, 2022 at 08:40:01AM +0530, Anshuman Khandual wrote: > >> Changing pfn on a user page table mapped entry, without first going through > >> break-before-make (BBM) procedure is unsafe. This just updates set_pte_at() > >> to intercept such changes, via an updated pgattr_change_is_safe(). This new > >> check happens via __check_racy_pte_update(), which has now been renamed as > >> __check_safe_pte_update(). > >> > >> Cc: Catalin Marinas > >> Cc: Will Deacon > >> Cc: Mark Rutland > >> Cc: Andrew Morton > >> Cc: linux-arm-kernel@lists.infradead.org > >> Cc: linux-kernel@vger.kernel.org > >> Signed-off-by: Anshuman Khandual > >> --- > >> This applies on v6.1-rc4 > >> > >> arch/arm64/include/asm/pgtable.h | 8 ++++++-- > >> arch/arm64/mm/mmu.c | 8 +++++++- > >> 2 files changed, 13 insertions(+), 3 deletions(-) > > > > I remember Mark saying that BBM is sometimes violated by the core code in > > cases where the pte isn't actually part of a live pgtable (e.g. if it's on > > the stack or part of a newly allocated table). Won't that cause false > > positives here? > > Could you please elaborate ? If the pte is not on a live page table, then > pte_valid() will return negative on such entries. So any update there will > be safe. I am wondering, how this change will cause false positives which > would not have been possible earlier. I don't think pte_valid() will always return false for these entries. Consider, for example, ptes which are valid but which live in a table that is not reachable by the MMU. I think this is what Mark had in mind, but it would be helpful if he could chime in with the specific example he ran into. Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel