From: Laurent Dufour <ldufour@linux.ibm.com> To: Suren Baghdasaryan <surenb@google.com> Cc: linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Sachin Sant <sachinp@linux.ibm.com> Subject: [PATCH] powerpc/mm: fix mmap_lock bad unlock Date: Mon, 6 Mar 2023 16:42:44 +0100 [thread overview] Message-ID: <20230306154244.17560-1-ldufour@linux.ibm.com> (raw) In-Reply-To: <20230227173632.3292573-32-surenb@google.com> When page fault is tried holding the per VMA lock, bad_access_pkey() and bad_access() should not be called because it is assuming the mmap_lock is held. In the case a bad access is detected, fall back to the default path, grabbing the mmap_lock to handle the fault and report the error. Fixes: 169db3bb4609 ("powerc/mm: try VMA lock-based page fault handling first") Reported-by: Sachin Sant <sachinp@linux.ibm.com> Link: https://lore.kernel.org/linux-mm/842502FB-F99C-417C-9648-A37D0ECDC9CE@linux.ibm.com Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com> --- arch/powerpc/mm/fault.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index c7ae86b04b8a..e191b3ebd8d6 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -479,17 +479,13 @@ static int ___do_page_fault(struct pt_regs *regs, unsigned long address, if (unlikely(access_pkey_error(is_write, is_exec, (error_code & DSISR_KEYFAULT), vma))) { - int rc = bad_access_pkey(regs, address, vma); - vma_end_read(vma); - return rc; + goto lock_mmap; } if (unlikely(access_error(is_write, is_exec, vma))) { - int rc = bad_access(regs, address); - vma_end_read(vma); - return rc; + goto lock_mmap; } fault = handle_mm_fault(vma, address, flags | FAULT_FLAG_VMA_LOCK, regs); -- 2.39.2
WARNING: multiple messages have this Message-ID (diff)
From: Laurent Dufour <ldufour@linux.ibm.com> To: Suren Baghdasaryan <surenb@google.com> Cc: linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Sachin Sant <sachinp@linux.ibm.com> Subject: [PATCH] powerpc/mm: fix mmap_lock bad unlock Date: Mon, 6 Mar 2023 16:42:44 +0100 [thread overview] Message-ID: <20230306154244.17560-1-ldufour@linux.ibm.com> (raw) In-Reply-To: <20230227173632.3292573-32-surenb@google.com> When page fault is tried holding the per VMA lock, bad_access_pkey() and bad_access() should not be called because it is assuming the mmap_lock is held. In the case a bad access is detected, fall back to the default path, grabbing the mmap_lock to handle the fault and report the error. Fixes: 169db3bb4609 ("powerc/mm: try VMA lock-based page fault handling first") Reported-by: Sachin Sant <sachinp@linux.ibm.com> Link: https://lore.kernel.org/linux-mm/842502FB-F99C-417C-9648-A37D0ECDC9CE@linux.ibm.com Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com> --- arch/powerpc/mm/fault.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index c7ae86b04b8a..e191b3ebd8d6 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -479,17 +479,13 @@ static int ___do_page_fault(struct pt_regs *regs, unsigned long address, if (unlikely(access_pkey_error(is_write, is_exec, (error_code & DSISR_KEYFAULT), vma))) { - int rc = bad_access_pkey(regs, address, vma); - vma_end_read(vma); - return rc; + goto lock_mmap; } if (unlikely(access_error(is_write, is_exec, vma))) { - int rc = bad_access(regs, address); - vma_end_read(vma); - return rc; + goto lock_mmap; } fault = handle_mm_fault(vma, address, flags | FAULT_FLAG_VMA_LOCK, regs); -- 2.39.2
next prev parent reply other threads:[~2023-03-06 15:59 UTC|newest] Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-27 17:35 [PATCH v4 00/33] Per-VMA locks Suren Baghdasaryan 2023-02-27 17:35 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 01/33] maple_tree: Be more cautious about dead nodes Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 02/33] maple_tree: Detect dead nodes in mas_start() Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 03/33] maple_tree: Fix freeing of nodes in rcu mode Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 04/33] maple_tree: remove extra smp_wmb() from mas_dead_leaves() Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 05/33] maple_tree: Fix write memory barrier of nodes once dead for RCU mode Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 06/33] maple_tree: Add smp_rmb() to dead node detection Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 07/33] maple_tree: Add RCU lock checking to rcu callback functions Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 08/33] mm: Enable maple tree RCU mode by default Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 09/33] mm: introduce CONFIG_PER_VMA_LOCK Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 10/33] mm: rcu safe VMA freeing Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 11/33] mm: move mmap_lock assert function definitions Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 12/33] mm: add per-VMA lock and helper functions to control it Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 13/33] mm: mark VMA as being written when changing vm_flags Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 14/33] mm/mmap: move vma_prepare before vma_adjust_trans_huge Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 15/33] mm/khugepaged: write-lock VMA while collapsing a huge page Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 16/33] mm/mmap: write-lock VMAs in vma_prepare before modifying them Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 17/33] mm/mremap: write-lock VMA while remapping it to a new address range Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-03-01 7:01 ` Hyeonggon Yoo 2023-03-01 7:01 ` Hyeonggon Yoo 2023-02-27 17:36 ` [PATCH v4 18/33] mm: write-lock VMAs before removing them from VMA tree Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-03-01 7:43 ` Hyeonggon Yoo 2023-03-01 7:43 ` Hyeonggon Yoo 2023-03-01 7:56 ` Hyeonggon Yoo 2023-03-01 7:56 ` Hyeonggon Yoo 2023-03-01 18:34 ` Suren Baghdasaryan 2023-03-01 18:34 ` Suren Baghdasaryan 2023-03-01 18:42 ` Suren Baghdasaryan 2023-03-01 18:42 ` Suren Baghdasaryan 2023-03-02 0:53 ` Hyeonggon Yoo 2023-03-02 0:53 ` Hyeonggon Yoo 2023-03-02 2:21 ` Suren Baghdasaryan 2023-03-02 2:21 ` Suren Baghdasaryan 2023-03-01 19:07 ` Suren Baghdasaryan 2023-03-01 19:07 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 19/33] mm: conditionally write-lock VMA in free_pgtables Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 20/33] kernel/fork: assert no VMA readers during its destruction Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 21/33] mm/mmap: prevent pagefault handler from racing with mmu_notifier registration Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 22/33] mm: introduce vma detached flag Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 23/33] mm: introduce lock_vma_under_rcu to be used from arch-specific code Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 24/33] mm: fall back to mmap_lock if vma->anon_vma is not yet set Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-03-01 9:54 ` Hyeonggon Yoo 2023-03-01 9:54 ` Hyeonggon Yoo 2023-02-27 17:36 ` [PATCH v4 25/33] mm: add FAULT_FLAG_VMA_LOCK flag Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 26/33] mm: prevent do_swap_page from handling page faults under VMA lock Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 27/33] mm: prevent userfaults to be handled under per-vma lock Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 28/33] mm: introduce per-VMA lock statistics Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 29/33] x86/mm: try VMA lock-based page fault handling first Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-06-29 14:40 ` Jiri Slaby 2023-06-29 14:40 ` Jiri Slaby 2023-06-29 15:30 ` Suren Baghdasaryan 2023-06-29 15:30 ` Suren Baghdasaryan 2023-06-30 6:35 ` Jiri Slaby 2023-06-30 6:35 ` Jiri Slaby 2023-06-30 8:28 ` Jiri Slaby 2023-06-30 8:28 ` Jiri Slaby 2023-06-30 8:43 ` Jiri Slaby 2023-06-30 8:43 ` Jiri Slaby 2023-06-30 17:40 ` Suren Baghdasaryan 2023-06-30 17:40 ` Suren Baghdasaryan 2023-07-03 10:47 ` Jiri Slaby 2023-07-03 10:47 ` Jiri Slaby 2023-07-03 13:52 ` Holger Hoffstätte 2023-07-03 14:45 ` Suren Baghdasaryan 2023-07-03 15:24 ` Suren Baghdasaryan 2023-07-03 18:28 ` Suren Baghdasaryan 2023-07-05 22:15 ` Suren Baghdasaryan 2023-07-05 22:37 ` Holger Hoffstätte 2023-07-05 22:55 ` Suren Baghdasaryan 2023-07-06 14:27 ` Holger Hoffstätte 2023-07-06 16:11 ` Suren Baghdasaryan 2023-07-07 2:23 ` Suren Baghdasaryan 2023-07-07 4:40 ` Suren Baghdasaryan 2023-07-11 6:20 ` Jiri Slaby 2023-06-29 17:06 ` Linux regression tracking #adding (Thorsten Leemhuis) 2023-06-29 17:06 ` Linux regression tracking #adding (Thorsten Leemhuis) 2023-07-10 10:45 ` Linux regression tracking #update (Thorsten Leemhuis) 2023-07-03 9:58 ` Linux regression tracking (Thorsten Leemhuis) 2023-07-03 9:58 ` Linux regression tracking (Thorsten Leemhuis) 2023-02-27 17:36 ` [PATCH v4 30/33] arm64/mm: " Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 31/33] powerc/mm: " Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-03-06 15:42 ` Laurent Dufour [this message] 2023-03-06 15:42 ` [PATCH] powerpc/mm: fix mmap_lock bad unlock Laurent Dufour 2023-03-06 20:25 ` [PATCH v4 31/33] powerc/mm: try VMA lock-based page fault handling first Suren Baghdasaryan 2023-03-06 20:25 ` Suren Baghdasaryan 2023-03-06 20:25 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 32/33] mm/mmap: free vm_area_struct without call_rcu in exit_mmap Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-02-27 17:36 ` [PATCH v4 33/33] mm: separate vma->lock from vm_area_struct Suren Baghdasaryan 2023-02-27 17:36 ` Suren Baghdasaryan 2023-07-11 10:35 ` [PATCH v4 00/33] Per-VMA locks Leon Romanovsky 2023-07-11 10:35 ` Leon Romanovsky 2023-07-11 10:39 ` Vlastimil Babka 2023-07-11 10:39 ` Vlastimil Babka 2023-07-11 11:01 ` Leon Romanovsky 2023-07-11 11:01 ` Leon Romanovsky 2023-07-11 11:09 ` Leon Romanovsky 2023-07-11 11:09 ` Leon Romanovsky 2023-07-11 16:35 ` Suren Baghdasaryan 2023-07-11 16:35 ` Suren Baghdasaryan 2023-07-11 17:14 ` Leon Romanovsky 2023-07-11 17:14 ` Leon Romanovsky 2023-03-06 13:55 [PATCH] powerpc/mm: fix mmap_lock bad unlock Laurent Dufour 2023-03-06 13:55 ` Laurent Dufour 2023-03-06 14:07 ` David Hildenbrand 2023-03-06 14:07 ` David Hildenbrand 2023-03-06 14:09 ` Laurent Dufour 2023-03-06 14:09 ` Laurent Dufour 2023-03-06 17:13 ` Suren Baghdasaryan 2023-03-06 17:13 ` Suren Baghdasaryan
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230306154244.17560-1-ldufour@linux.ibm.com \ --to=ldufour@linux.ibm.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=sachinp@linux.ibm.com \ --cc=surenb@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.