From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E950C433EF for ; Thu, 16 Jun 2022 14:20:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 837626B0071; Thu, 16 Jun 2022 10:20:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7E6DB6B0072; Thu, 16 Jun 2022 10:20:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 688396B0074; Thu, 16 Jun 2022 10:20:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5A2506B0071 for ; Thu, 16 Jun 2022 10:20:15 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 072126121B for ; Thu, 16 Jun 2022 14:20:15 +0000 (UTC) X-FDA: 79584308790.18.1A0B722 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf17.hostedemail.com (Postfix) with ESMTP id 244C240096 for ; Thu, 16 Jun 2022 14:20:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655389214; x=1686925214; h=message-id:date:mime-version:from:subject:to:cc: references:in-reply-to:content-transfer-encoding; bh=NNiKOutRSpw+NHdYgAKwLUELK8yDDC2qcWfMapUkCgc=; b=ZqfQs5P/jV0KhmvQwba5svZlqzGQs3NbwMQMQr1NVWpxpaJpoc9reuTy 37fCr9AaGtodt4Zili7z8HGSSzR2+DgNKo8Qe60ImKfALJiowzvztzMe7 W0ULkw6LaM9XyurAlj4h4JppHLJaFPGr/uFZv+LKH0Um3LI39WAmgeJmB uvOUMo1OmqnwelQqrnQhg1mqx/HHvaEBSrz3aUMuJlqTMSLBsvkYa8Dv6 AtMjmpDFEjfD+Voc3HNWIf3f9XAT1jHcmfCekOifateHo+UnBrTcHoMsH lziE/x6usOU8vKaybdI7Fim1eDTKex4Yo5Uo/yscXLz4ZBFKSBT/wjaiO w==; X-IronPort-AV: E=McAfee;i="6400,9594,10379"; a="343217075" X-IronPort-AV: E=Sophos;i="5.92,305,1650956400"; d="scan'208";a="343217075" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2022 07:20:11 -0700 X-IronPort-AV: E=Sophos;i="5.92,305,1650956400"; d="scan'208";a="641562544" Received: from rrmiller-mobl.amr.corp.intel.com (HELO [10.212.205.54]) ([10.212.205.54]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2022 07:20:09 -0700 Message-ID: <1d6cfffd-582b-b3fa-75b2-5bf21519071b@intel.com> Date: Thu, 16 Jun 2022 07:20:09 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 From: Dave Hansen Subject: Re: [RFC 1/2] x86/mm/cpa: always fail when user address is passed To: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Dan Williams , Paolo Bonzini , Jane Chu , "Aneesh Kumar K . V" , Sean Christopherson , Tianyu Lan , Mike Rapoport , Rick Edgecombe , linux-mm@kvack.org, Borislav Petkov , x86@kernel.org References: <20220614063933.13030-1-42.hyeyoo@gmail.com> <20220614063933.13030-2-42.hyeyoo@gmail.com> <660a5c93-e8cb-1c2f-5b27-c5e341de0bcd@intel.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b="ZqfQs5P/"; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf17.hostedemail.com: domain of dave.hansen@intel.com has no SPF policy when checking 134.134.136.100) smtp.mailfrom=dave.hansen@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655389214; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=k+3n4uGtl+89S5uHkqMP+y7GhtTSHACwxVwCK1TQlH8=; b=dhplYc3L0NmiYa93abQfAG+E131Ezmy/PEBOuy3WKemguSydRZYBn/YO5pmF3UyYqxp6X5 Ycp77mKNphB5xdMYnBlfOo6Kfj9AdAGkP+kC5xvFA9PJkck5VUKLnXBviui2j6ICIDhojD 3++B9VwEd6bonUJxtd+cSg/H2YawWrs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655389214; a=rsa-sha256; cv=none; b=D0Sw9onT1n4ob3qQT2+CGhjQpuetJ7Ds5dw2V44eYFmfnas8x4krbnKZVuuXMbJF+FMB26 1C+Px1dNOohWtXhp2ngoq0rpk2P6NboDdxDPr3iUm7sZrYjA1F8jEnAYQ6M0BOIjxMA48a CneEzvW0hYl+XUOyrWAaSNldQIRAY/g= X-Stat-Signature: nmpztp1s1az548ywkuwdf89kyd7e6psa X-Rspamd-Queue-Id: 244C240096 X-Rspam-User: Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b="ZqfQs5P/"; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf17.hostedemail.com: domain of dave.hansen@intel.com has no SPF policy when checking 134.134.136.100) smtp.mailfrom=dave.hansen@intel.com X-Rspamd-Server: rspam10 X-HE-Tag: 1655389213-549082 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 6/16/22 01:49, Hyeonggon Yoo wrote: > On Tue, Jun 14, 2022 at 11:31:48AM -0700, Dave Hansen wrote: >> On 6/13/22 23:39, Hyeonggon Yoo wrote: >>> @@ -1514,6 +1515,11 @@ static int __change_page_attr(struct cpa_data *cpa, int primary) >>> pte_t *kpte, old_pte; >>> >>> address = __cpa_addr(cpa, cpa->curpage); >>> + >>> + if (WARN((IS_ENABLED(CONFIG_EFI) ? cpa->pgd != efi_mm.pgd : true) >>> + && address <= TASK_SIZE_MAX, >>> + KERN_WARNING "CPA: Got a user address")) >>> + return -EINVAL; >> >> I was expecting this to actually go after _PAGE_USER, not necessarily >> userspace addresses themselves. > > userspace ptes may not have _PAGE_USER set. (e.g. swap entry) > I think it's more accurate to go after user addresses. It would, of course, have to be paired with _PAGE_PRESENT checks. This works both on the way in and out of the set_memory code. It shouldn't clear other bits a PTE with _PAGE_PRESENT|_PAGE_USER and also shouldn't *result* in _PAGE_USER|_PAGE_PRESENT PTEs, even if those PTEs are in the kernel address space. Filtering on the addresses also makes sense. >> What does and should happen with the VDSO, for instance? It's a >> _PAGE_USER mapping, but it's >TASK_SIZE. > > you mean vsyscall? AFAIK address of mapped vDSO image is < TASK_SIZE. > (or please tell me I'm wrong) You're right. That was a silly thinko. >> Should set_page_attr() work on it? > > vsyscall does not need CPA functionalities. > So I don't think it (__change_page_attr()) should work on vsyscall. Agreed.