linux-um.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] um: improve UML page fault handling
@ 2023-12-15 12:14 Petr Tesarik
  2023-12-15 12:14 ` [PATCH 1/2] um: do not panic on kernel mode faults Petr Tesarik
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Petr Tesarik @ 2023-12-15 12:14 UTC (permalink / raw)
  To: Richard Weinberger, Anton Ivanov, Johannes Berg,
	open list:USER-MODE LINUX (UML),
	open list
  Cc: Roberto Sassu, petr, Petr Tesarik

From: Petr Tesarik <petr.tesarik1@huawei-partners.com>

Improve UML handling of segmentation faults in kernel mode. Although
such page faults are generally caused by a kernel bug, it is annoying
if they cause an infinite loop, or panic the kernel. More importantly,
a robust implementation allows to write KUnit tests for various guard
pages, preventing potential kernel self-protection regressions.

Petr Tesarik (2):
  um: do not panic on kernel mode faults
  um: oops on accessing an non-present page in the vmalloc area

 arch/um/kernel/trap.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

-- 
2.34.1



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/2] um: do not panic on kernel mode faults
  2023-12-15 12:14 [PATCH 0/2] um: improve UML page fault handling Petr Tesarik
@ 2023-12-15 12:14 ` Petr Tesarik
  2023-12-15 12:14 ` [PATCH 2/2] um: oops on accessing an non-present page in the vmalloc area Petr Tesarik
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 7+ messages in thread
From: Petr Tesarik @ 2023-12-15 12:14 UTC (permalink / raw)
  To: Richard Weinberger, Anton Ivanov, Johannes Berg,
	open list:USER-MODE LINUX (UML),
	open list
  Cc: Roberto Sassu, petr, Petr Tesarik

From: Petr Tesarik <petr.tesarik1@huawei-partners.com>

Do not call panic() on unrecoverable page faults in kernel mode. Although
such page faults always indicate a bug in the kernel, other architectures
prefer to kill only the current process and continue.

The new behavior is useful for testing intentional kernel mode page faults
with KUnit.

Signed-off-by: Petr Tesarik <petr.tesarik1@huawei-partners.com>
---
 arch/um/kernel/trap.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index 6d8ae86ae978..1124a382fd14 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -17,6 +17,14 @@
 #include <os.h>
 #include <skas.h>
 
+static void page_fault_oops(struct uml_pt_regs *regs, unsigned long address,
+			    unsigned long ip)
+{
+	pr_alert("Kernel mode fault at addr 0x%lx, ip 0x%lx\n", address, ip);
+	show_regs(container_of(regs, struct pt_regs, regs));
+	make_task_dead(SIGKILL);
+}
+
 /*
  * Note this is constrained to return 0, -EFAULT, -EACCES, -ENOMEM by
  * segv().
@@ -249,11 +257,8 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user,
 	else if (!is_user && arch_fixup(ip, regs))
 		goto out;
 
-	if (!is_user) {
-		show_regs(container_of(regs, struct pt_regs, regs));
-		panic("Kernel mode fault at addr 0x%lx, ip 0x%lx",
-		      address, ip);
-	}
+	if (!is_user)
+		page_fault_oops(regs, address, ip);
 
 	show_segv_info(regs);
 
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 2/2] um: oops on accessing an non-present page in the vmalloc area
  2023-12-15 12:14 [PATCH 0/2] um: improve UML page fault handling Petr Tesarik
  2023-12-15 12:14 ` [PATCH 1/2] um: do not panic on kernel mode faults Petr Tesarik
@ 2023-12-15 12:14 ` Petr Tesarik
  2024-01-03 12:51 ` [PATCH 0/2] um: improve UML page fault handling Petr Tesařík
  2024-01-04 23:22 ` Richard Weinberger
  3 siblings, 0 replies; 7+ messages in thread
From: Petr Tesarik @ 2023-12-15 12:14 UTC (permalink / raw)
  To: Richard Weinberger, Anton Ivanov, Johannes Berg,
	open list:USER-MODE LINUX (UML),
	open list
  Cc: Roberto Sassu, petr, Petr Tesarik

From: Petr Tesarik <petr.tesarik1@huawei-partners.com>

If a segmentation fault is caused by an address in the vmalloc area, check
that the target page is present.

Currently, if the kernel hits a guard page the vmalloc area, UML assumes
that the fault is caused merely by a stale mapping and will be fixed by
flush_tlb_kernel_vm(). Of course, this will not create any mapping for a
guard page, so the faulting instruction will cause exactly the same fault
when it is executed again, effectively creating a beautiful (but useless)
infinite loop.

Signed-off-by: Petr Tesarik <petr.tesarik1@huawei-partners.com>
---
 arch/um/kernel/trap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index 1124a382fd14..ca9b5fd83c52 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -214,11 +214,15 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user,
 	int err;
 	int is_write = FAULT_WRITE(fi);
 	unsigned long address = FAULT_ADDRESS(fi);
+	pte_t *pte;
 
 	if (!is_user && regs)
 		current->thread.segv_regs = container_of(regs, struct pt_regs, regs);
 
 	if (!is_user && (address >= start_vm) && (address < end_vm)) {
+		pte = virt_to_pte(&init_mm, address);
+		if (!pte_present(*pte))
+			page_fault_oops(regs, address, ip);
 		flush_tlb_kernel_vm();
 		goto out;
 	}
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH 0/2] um: improve UML page fault handling
  2023-12-15 12:14 [PATCH 0/2] um: improve UML page fault handling Petr Tesarik
  2023-12-15 12:14 ` [PATCH 1/2] um: do not panic on kernel mode faults Petr Tesarik
  2023-12-15 12:14 ` [PATCH 2/2] um: oops on accessing an non-present page in the vmalloc area Petr Tesarik
@ 2024-01-03 12:51 ` Petr Tesařík
  2024-01-04 23:22 ` Richard Weinberger
  3 siblings, 0 replies; 7+ messages in thread
From: Petr Tesařík @ 2024-01-03 12:51 UTC (permalink / raw)
  To: Richard Weinberger, Anton Ivanov, Johannes Berg
  Cc: Petr Tesarik, open list:USER-MODE LINUX (UML),
	open list, Roberto Sassu, Petr Tesarik

Happy New Year, everyone!

I can fully understand that you all have had other priorities around
the year end; it was no different with me. ;-)

However, may I kindly ask for some feedback on my proposed fixes?

Petr T

On Fri, 15 Dec 2023 13:14:29 +0100
Petr Tesarik <petrtesarik@huaweicloud.com> wrote:

> From: Petr Tesarik <petr.tesarik1@huawei-partners.com>
> 
> Improve UML handling of segmentation faults in kernel mode. Although
> such page faults are generally caused by a kernel bug, it is annoying
> if they cause an infinite loop, or panic the kernel. More importantly,
> a robust implementation allows to write KUnit tests for various guard
> pages, preventing potential kernel self-protection regressions.
> 
> Petr Tesarik (2):
>   um: do not panic on kernel mode faults
>   um: oops on accessing an non-present page in the vmalloc area
> 
>  arch/um/kernel/trap.c | 19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
> 



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 0/2] um: improve UML page fault handling
  2023-12-15 12:14 [PATCH 0/2] um: improve UML page fault handling Petr Tesarik
                   ` (2 preceding siblings ...)
  2024-01-03 12:51 ` [PATCH 0/2] um: improve UML page fault handling Petr Tesařík
@ 2024-01-04 23:22 ` Richard Weinberger
  2024-01-05  6:51   ` Petr Tesařík
  3 siblings, 1 reply; 7+ messages in thread
From: Richard Weinberger @ 2024-01-04 23:22 UTC (permalink / raw)
  To: Petr Tesarik
  Cc: anton ivanov, Johannes Berg, linux-um, linux-kernel,
	Roberto Sassu, petr, Petr Tesarik

----- Ursprüngliche Mail -----
> Von: "Petr Tesarik" <petrtesarik@huaweicloud.com>
> An: "richard" <richard@nod.at>, "anton ivanov" <anton.ivanov@cambridgegreys.com>, "Johannes Berg"
> <johannes@sipsolutions.net>, "linux-um" <linux-um@lists.infradead.org>, "linux-kernel" <linux-kernel@vger.kernel.org>
> CC: "Roberto Sassu" <roberto.sassu@huaweicloud.com>, petr@tesarici.cz, "Petr Tesarik"
> <petr.tesarik1@huawei-partners.com>
> Gesendet: Freitag, 15. Dezember 2023 13:14:29
> Betreff: [PATCH 0/2] um: improve UML page fault handling

> From: Petr Tesarik <petr.tesarik1@huawei-partners.com>
> 
> Improve UML handling of segmentation faults in kernel mode. Although
> such page faults are generally caused by a kernel bug, it is annoying
> if they cause an infinite loop, or panic the kernel. More importantly,
> a robust implementation allows to write KUnit tests for various guard
> pages, preventing potential kernel self-protection regressions.
> 
> Petr Tesarik (2):
>  um: do not panic on kernel mode faults
>  um: oops on accessing an non-present page in the vmalloc area

I think this is a good thing to have.
For the implementation side, this needs to use the oops_* helpers
from kernel/panic.c and taint the kernel, etc...
See arch/x86/kernel/dumpstack.c die() and friends.

Thanks,
//richard


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 0/2] um: improve UML page fault handling
  2024-01-04 23:22 ` Richard Weinberger
@ 2024-01-05  6:51   ` Petr Tesařík
  2024-01-26  9:55     ` Petr Tesařík
  0 siblings, 1 reply; 7+ messages in thread
From: Petr Tesařík @ 2024-01-05  6:51 UTC (permalink / raw)
  To: Richard Weinberger
  Cc: Petr Tesarik, anton ivanov, Johannes Berg, linux-um,
	linux-kernel, Roberto Sassu, Petr Tesarik

Helo Richard,

Am Fri, 5 Jan 2024 00:22:11 +0100 (CET)
schrieb Richard Weinberger <richard@nod.at>:

> ----- Ursprüngliche Mail -----
> > Von: "Petr Tesarik" <petrtesarik@huaweicloud.com>
> > An: "richard" <richard@nod.at>, "anton ivanov" <anton.ivanov@cambridgegreys.com>, "Johannes Berg"
> > <johannes@sipsolutions.net>, "linux-um" <linux-um@lists.infradead.org>, "linux-kernel" <linux-kernel@vger.kernel.org>
> > CC: "Roberto Sassu" <roberto.sassu@huaweicloud.com>, petr@tesarici.cz, "Petr Tesarik"
> > <petr.tesarik1@huawei-partners.com>
> > Gesendet: Freitag, 15. Dezember 2023 13:14:29
> > Betreff: [PATCH 0/2] um: improve UML page fault handling  
> 
> > From: Petr Tesarik <petr.tesarik1@huawei-partners.com>
> > 
> > Improve UML handling of segmentation faults in kernel mode. Although
> > such page faults are generally caused by a kernel bug, it is annoying
> > if they cause an infinite loop, or panic the kernel. More importantly,
> > a robust implementation allows to write KUnit tests for various guard
> > pages, preventing potential kernel self-protection regressions.
> > 
> > Petr Tesarik (2):
> >  um: do not panic on kernel mode faults
> >  um: oops on accessing an non-present page in the vmalloc area  
> 
> I think this is a good thing to have.

Thanks for the feedback.

> For the implementation side, this needs to use the oops_* helpers
> from kernel/panic.c and taint the kernel, etc...

Yes, I did see that coming but wanted to get some confirmation that
it's worth the effort.

> See arch/x86/kernel/dumpstack.c die() and friends.

This implementation also calls die notifiers, but AFAICS different
architectures are not very consistent in their use. Do you also
require die notifiers for the UML implementation?

Petr T


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 0/2] um: improve UML page fault handling
  2024-01-05  6:51   ` Petr Tesařík
@ 2024-01-26  9:55     ` Petr Tesařík
  0 siblings, 0 replies; 7+ messages in thread
From: Petr Tesařík @ 2024-01-26  9:55 UTC (permalink / raw)
  To: Richard Weinberger
  Cc: Petr Tesarik, anton ivanov, Johannes Berg, linux-um,
	linux-kernel, Roberto Sassu, Petr Tesarik

On Fri, 5 Jan 2024 07:51:09 +0100
Petr Tesařík <petr@tesarici.cz> wrote:

> Helo Richard,
> 
> Am Fri, 5 Jan 2024 00:22:11 +0100 (CET)
> schrieb Richard Weinberger <richard@nod.at>:
> 
> > ----- Ursprüngliche Mail -----  
> > > Von: "Petr Tesarik" <petrtesarik@huaweicloud.com>
> > > An: "richard" <richard@nod.at>, "anton ivanov" <anton.ivanov@cambridgegreys.com>, "Johannes Berg"
> > > <johannes@sipsolutions.net>, "linux-um" <linux-um@lists.infradead.org>, "linux-kernel" <linux-kernel@vger.kernel.org>
> > > CC: "Roberto Sassu" <roberto.sassu@huaweicloud.com>, petr@tesarici.cz, "Petr Tesarik"
> > > <petr.tesarik1@huawei-partners.com>
> > > Gesendet: Freitag, 15. Dezember 2023 13:14:29
> > > Betreff: [PATCH 0/2] um: improve UML page fault handling    
> >   
> > > From: Petr Tesarik <petr.tesarik1@huawei-partners.com>
> > > 
> > > Improve UML handling of segmentation faults in kernel mode. Although
> > > such page faults are generally caused by a kernel bug, it is annoying
> > > if they cause an infinite loop, or panic the kernel. More importantly,
> > > a robust implementation allows to write KUnit tests for various guard
> > > pages, preventing potential kernel self-protection regressions.
> > > 
> > > Petr Tesarik (2):
> > >  um: do not panic on kernel mode faults
> > >  um: oops on accessing an non-present page in the vmalloc area    
> > 
> > I think this is a good thing to have.  
> 
> Thanks for the feedback.
> 
> > For the implementation side, this needs to use the oops_* helpers
> > from kernel/panic.c and taint the kernel, etc...  
> 
> Yes, I did see that coming but wanted to get some confirmation that
> it's worth the effort.
> 
> > See arch/x86/kernel/dumpstack.c die() and friends.  
> 
> This implementation also calls die notifiers, but AFAICS different
> architectures are not very consistent in their use. Do you also
> require die notifiers for the UML implementation?

It seems I won't have time for this in the near future... Can I start
by sending a trivial patch that panics the kernel if kernel mode tries
to access a vmalloc guard page? That's something I can do immediately,
and it's still better than getting page faults in an infinite loop...

Petr T


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-01-26  9:55 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-15 12:14 [PATCH 0/2] um: improve UML page fault handling Petr Tesarik
2023-12-15 12:14 ` [PATCH 1/2] um: do not panic on kernel mode faults Petr Tesarik
2023-12-15 12:14 ` [PATCH 2/2] um: oops on accessing an non-present page in the vmalloc area Petr Tesarik
2024-01-03 12:51 ` [PATCH 0/2] um: improve UML page fault handling Petr Tesařík
2024-01-04 23:22 ` Richard Weinberger
2024-01-05  6:51   ` Petr Tesařík
2024-01-26  9:55     ` Petr Tesařík

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).