From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751982AbdKZQYl (ORCPT ); Sun, 26 Nov 2017 11:24:41 -0500 Received: from mga11.intel.com ([192.55.52.93]:39231 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751392AbdKZQYk (ORCPT ); Sun, 26 Nov 2017 11:24:40 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,459,1505804400"; d="scan'208";a="6301992" Subject: Re: [PATCH 05/23] x86, kaiser: unmap kernel from userspace page tables (core patch) To: Andy Lutomirski References: <20171123003438.48A0EEDE@viggo.jf.intel.com> <20171123003447.1DB395E3@viggo.jf.intel.com> Cc: "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , richard.fellner@student.tugraz.at, moritz.lipp@iaik.tugraz.at, Daniel Gruss , michael.schwarz@iaik.tugraz.at, Linus Torvalds , Kees Cook , Hugh Dickins , X86 ML From: Dave Hansen Message-ID: <2e4773b2-2cb3-284e-f0a7-3eaebc2676e5@linux.intel.com> Date: Sun, 26 Nov 2017 08:24:37 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/26/2017 08:10 AM, Andy Lutomirski wrote: >> As a side benefit, this shouldn't have magical interactions with the >> vsyscall page any more. >> >> Are there cases that this would get wrong? >> > Quick ping: did this get lost? It does drop a warning that the other version of the code has, but that's pretty minor. Basically, we need two checks: pgd_userspace_access() (aka _PAGE_USER) and pgdp_maps_userspace() The original code does pgd_userspace_access() in a top-level if and then the pgdp_maps_userspace() checks at the second level. I think you are basically suggesting that we flip that. Logically, I'm sure we can make it work. It's just a matter of needing to look at other things first. BTW, this comment is, I think incorrect: > if (pgdp_maps_userspace(pgdp)) { ... > } else { > /* > * We can get here due to vmalloc, a vmalloc fault, memory > hot-add, or initial setup > * of kernelmode page tables. Regardless of which particular code > path we're in, > * these mappings should not be automatically propagated to the > usermode tables. > */ Since we pre-populated the entire kernel area's PGDs, I don't think we'll ever have a valid reason to be doing a set_pgd() again on the kernel area. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f70.google.com (mail-pg0-f70.google.com [74.125.83.70]) by kanga.kvack.org (Postfix) with ESMTP id ABC096B0033 for ; Sun, 26 Nov 2017 11:24:41 -0500 (EST) Received: by mail-pg0-f70.google.com with SMTP id s11so26844140pgc.15 for ; Sun, 26 Nov 2017 08:24:41 -0800 (PST) Received: from mga07.intel.com (mga07.intel.com. [134.134.136.100]) by mx.google.com with ESMTPS id u23si7637897pgo.594.2017.11.26.08.24.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Nov 2017 08:24:40 -0800 (PST) Subject: Re: [PATCH 05/23] x86, kaiser: unmap kernel from userspace page tables (core patch) References: <20171123003438.48A0EEDE@viggo.jf.intel.com> <20171123003447.1DB395E3@viggo.jf.intel.com> From: Dave Hansen Message-ID: <2e4773b2-2cb3-284e-f0a7-3eaebc2676e5@linux.intel.com> Date: Sun, 26 Nov 2017 08:24:37 -0800 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Andy Lutomirski Cc: "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , richard.fellner@student.tugraz.at, moritz.lipp@iaik.tugraz.at, Daniel Gruss , michael.schwarz@iaik.tugraz.at, Linus Torvalds , Kees Cook , Hugh Dickins , X86 ML On 11/26/2017 08:10 AM, Andy Lutomirski wrote: >> As a side benefit, this shouldn't have magical interactions with the >> vsyscall page any more. >> >> Are there cases that this would get wrong? >> > Quick ping: did this get lost? It does drop a warning that the other version of the code has, but that's pretty minor. Basically, we need two checks: pgd_userspace_access() (aka _PAGE_USER) and pgdp_maps_userspace() The original code does pgd_userspace_access() in a top-level if and then the pgdp_maps_userspace() checks at the second level. I think you are basically suggesting that we flip that. Logically, I'm sure we can make it work. It's just a matter of needing to look at other things first. BTW, this comment is, I think incorrect: > if (pgdp_maps_userspace(pgdp)) { ... > } else { > /* > * We can get here due to vmalloc, a vmalloc fault, memory > hot-add, or initial setup > * of kernelmode page tables. Regardless of which particular code > path we're in, > * these mappings should not be automatically propagated to the > usermode tables. > */ Since we pre-populated the entire kernel area's PGDs, I don't think we'll ever have a valid reason to be doing a set_pgd() again on the kernel area. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org