From: Peter Zijlstra <peterz@infradead.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: linux-kernel@vger.kernel.org, tglx@linutronix.de, x86@kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Andy Lutomirsky <luto@kernel.org>,
Borislav Petkov <bpetkov@suse.de>,
Greg KH <gregkh@linuxfoundation.org>,
keescook@google.com, hughd@google.com,
Brian Gerst <brgerst@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>,
David Laight <David.Laight@aculab.com>,
Eduardo Valentin <eduval@amazon.com>,
aliguori@amazon.com, Will Deacon <will.deacon@arm.com>,
linux-mm@kvack.org, kirill.shutemov@linux.intel.com,
dan.j.williams@intel.com
Subject: Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()
Date: Fri, 15 Dec 2017 09:00:41 +0100 [thread overview]
Message-ID: <20171215080041.zftzuxdonxrtmssq@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <8eedb9a3-0ba2-52df-58f6-3ed869d18ca3@intel.com>
On Thu, Dec 14, 2017 at 09:04:56PM -0800, Dave Hansen wrote:
>
> I've got some additions to the selftests and a fix where we pass FOLL_*
> flags around a bit more instead of just 'write'. I'll get those out as
> soon as I do a bit more testing.
Try the below; I have more in the works, but this already fixes a whole
bunch of obvious fail and should fix the case I described.
The thing is, you should _never_ return NULL for an access error, that's
complete crap.
You should also not blindly change every pte_write() test to
pte_access_permitted(), that's also wrong, because then you're missing
the read-access tests.
Basically you need to very carefully audit each and every
p??_access_permitted() call; they're currently mostly wrong.
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -66,7 +66,7 @@ static int follow_pfn_pte(struct vm_area
*/
static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
{
- return pte_access_permitted(pte, WRITE) ||
+ return pte_write(pte) ||
((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
}
@@ -153,6 +153,11 @@ static struct page *follow_page_pte(stru
}
if (flags & FOLL_GET) {
+ if (!pte_access_permitted(pte, !!(flags & FOLL_WRITE))) {
+ page = ERR_PTR(-EFAULT);
+ goto out;
+ }
+
get_page(page);
/* drop the pgmap reference now that we hold the page */
@@ -244,6 +249,15 @@ static struct page *follow_pmd_mask(stru
pmd_migration_entry_wait(mm, pmd);
goto retry;
}
+
+ if (flags & FOLL_GET) {
+ if (!pmd_access_permitted(*pmd, !!(flags & FOLL_WRITE))) {
+ page = ERR_PTR(-EFAULT);
+ spin_unlock(ptr);
+ return page;
+ }
+ }
+
if (pmd_devmap(*pmd)) {
ptl = pmd_lock(mm, pmd);
page = follow_devmap_pmd(vma, address, pmd, flags);
@@ -326,6 +340,15 @@ static struct page *follow_pud_mask(stru
return page;
return no_page_table(vma, flags);
}
+
+ if (flags & FOLL_GET) {
+ if (!pud_access_permitted(*pud, !!(flags & FOLL_WRITE))) {
+ page = ERR_PTR(-EFAULT);
+ spin_unlock(ptr);
+ return page;
+ }
+ }
+
if (pud_devmap(*pud)) {
ptl = pud_lock(mm, pud);
page = follow_devmap_pud(vma, address, pud, flags);
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -870,9 +870,6 @@ struct page *follow_devmap_pmd(struct vm
*/
WARN_ONCE(flags & FOLL_COW, "mm: In follow_devmap_pmd with FOLL_COW set");
- if (!pmd_access_permitted(*pmd, flags & FOLL_WRITE))
- return NULL;
-
if (pmd_present(*pmd) && pmd_devmap(*pmd))
/* pass */;
else
@@ -1012,9 +1009,6 @@ struct page *follow_devmap_pud(struct vm
assert_spin_locked(pud_lockptr(mm, pud));
- if (!pud_access_permitted(*pud, flags & FOLL_WRITE))
- return NULL;
-
if (pud_present(*pud) && pud_devmap(*pud))
/* pass */;
else
@@ -1386,7 +1380,7 @@ int do_huge_pmd_wp_page(struct vm_fault
*/
static inline bool can_follow_write_pmd(pmd_t pmd, unsigned int flags)
{
- return pmd_access_permitted(pmd, WRITE) ||
+ return pmd_write(pmd) ||
((flags & FOLL_FORCE) && (flags & FOLL_COW) && pmd_dirty(pmd));
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-12-15 8:00 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-14 11:27 [PATCH v2 00/17] x86/ldt: Use a VMA based read only mapping Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted() Peter Zijlstra
2017-12-14 12:41 ` Peter Zijlstra
2017-12-14 14:37 ` Peter Zijlstra
2017-12-14 20:44 ` Dave Hansen
2017-12-14 20:54 ` Peter Zijlstra
2017-12-14 21:18 ` Peter Zijlstra
2017-12-15 5:04 ` Dave Hansen
2017-12-15 6:09 ` Linus Torvalds
2017-12-15 7:51 ` Peter Zijlstra
2017-12-16 0:20 ` Linus Torvalds
2017-12-16 0:29 ` Dan Williams
2017-12-16 1:10 ` Linus Torvalds
2017-12-16 1:25 ` Dave Hansen
2017-12-16 2:28 ` Linus Torvalds
2017-12-16 2:48 ` Al Viro
2017-12-16 2:52 ` Linus Torvalds
2017-12-16 3:00 ` Linus Torvalds
2017-12-16 3:21 ` Dave Hansen
2017-12-16 1:29 ` Dan Williams
2017-12-16 0:31 ` Al Viro
2017-12-16 1:05 ` Linus Torvalds
2017-12-15 8:00 ` Peter Zijlstra [this message]
2017-12-15 10:25 ` Peter Zijlstra
2017-12-15 11:38 ` Peter Zijlstra
2017-12-15 16:38 ` Dan Williams
2017-12-18 11:54 ` Peter Zijlstra
2017-12-18 18:42 ` Dan Williams
2017-12-15 14:04 ` Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 02/17] mm: Exempt special mappings from mlock(), mprotect() and madvise() Peter Zijlstra
2017-12-14 16:19 ` Andy Lutomirski
2017-12-14 17:36 ` Peter Zijlstra
2018-01-02 16:44 ` Dmitry Safonov
2017-12-14 11:27 ` [PATCH v2 03/17] arch: Allow arch_dup_mmap() to fail Peter Zijlstra
2017-12-14 16:22 ` Andy Lutomirski
2017-12-14 11:27 ` [PATCH v2 04/17] x86/ldt: Rework locking Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 05/17] x86/ldt: Prevent ldt inheritance on exec Peter Zijlstra
2017-12-14 16:32 ` Andy Lutomirski
2017-12-14 11:27 ` [PATCH v2 06/17] x86/ldt: Do not install LDT for kernel threads Peter Zijlstra
2017-12-14 19:43 ` Peter Zijlstra
2017-12-14 21:27 ` Andy Lutomirski
2017-12-14 11:27 ` [PATCH v2 07/17] mm/softdirty: Move VM_SOFTDIRTY into high bits Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 08/17] mm/x86: Allow special mappings with user access cleared Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 09/17] mm: Provide vm_special_mapping::close Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 10/17] selftest/x86: Implement additional LDT selftests Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 11/17] selftests/x86/ldt_gdt: Prepare for access bit forced Peter Zijlstra
2017-12-14 16:20 ` Andy Lutomirski
2017-12-14 19:43 ` Linus Torvalds
2017-12-14 21:22 ` Andy Lutomirski
2017-12-14 21:44 ` Linus Torvalds
2017-12-14 21:48 ` Linus Torvalds
2017-12-14 22:02 ` Peter Zijlstra
2017-12-14 22:14 ` Linus Torvalds
2017-12-14 22:24 ` Peter Zijlstra
2017-12-14 22:52 ` Linus Torvalds
2017-12-14 22:11 ` Andy Lutomirski
2017-12-14 22:15 ` Linus Torvalds
2017-12-14 22:30 ` Andy Lutomirski
2017-12-14 22:23 ` Thomas Gleixner
2017-12-14 22:50 ` Linus Torvalds
2017-12-14 11:27 ` [PATCH v2 12/17] mm: Make populate_vma_page_range() available Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 13/17] x86/mm: Force LDT desc accessed bit Peter Zijlstra
2017-12-14 16:21 ` Andy Lutomirski
2017-12-14 11:27 ` [PATCH v2 14/17] x86/ldt: Reshuffle code Peter Zijlstra
2017-12-14 16:23 ` Andy Lutomirski
2017-12-14 16:31 ` Thomas Gleixner
2017-12-14 16:32 ` Thomas Gleixner
2017-12-14 16:34 ` Andy Lutomirski
2017-12-14 17:47 ` Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 15/17] x86/ldt: Prepare for VMA mapping Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 16/17] x86/ldt: Add VMA management code Peter Zijlstra
2017-12-14 11:27 ` [PATCH v2 17/17] x86/ldt: Make it read only VMA mapped Peter Zijlstra
2017-12-14 12:03 ` [PATCH v2 00/17] x86/ldt: Use a VMA based read only mapping Thomas Gleixner
2017-12-14 12:08 ` Peter Zijlstra
2017-12-14 16:35 ` Andy Lutomirski
2017-12-14 17:50 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171215080041.zftzuxdonxrtmssq@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=David.Laight@aculab.com \
--cc=aliguori@amazon.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bpetkov@suse.de \
--cc=brgerst@gmail.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dvlasenk@redhat.com \
--cc=eduval@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox