[PATCH v5 0/6] ptdump: add intermediate directory support

[PATCH v5 0/6] ptdump: add intermediate directory support

[Maxwell Bland]

Makes several improvements to (arm64) ptdump debugging, including:

- support note_page on intermediate table entries
- (arm64) print intermediate entries and add an array for their specific
  attributes
- (arm64) bitfield definitions and printing for hierarchical access
  control bits
- (arm64) adjust the entry ranges to remove the implicit exclusive upper
  bound
- (arm64) indent page table by level while maintaining attribute
  alignment
- (arm64) improve documentation clarity, detail, and precision

Thank you again to the maintainers for their review of this patch.

A comparison of the differences in output is provided here:
github.com/maxwell-bland/linux-patch-data/tree/main/ptdump-non-leaf

New in v5:
- Clean up and fix ptdump.c calls to reference right directory level
- Change "pxd" bit specifier for non-leaf directories to tbl_bits,
  introduce a proper delineation between blk_bits and tbl_bits,
  where table entries will no longer print attributes that are
  specific to blocks
- Because we now support printing details on table descriptors, add
  encodings for the ARMv8 APTable bits
- Make attributes uniformly capitalized, make their explanations more
  precise
- Fix typos

v4:
https://lore.kernel.org/all/aw675dhrbplkitj3szjut2vyidsxokogkjj3vi76wl2x4wybtg@5rhk5ca5zpmv/
- Inclusive upper bounds on range specifications
- Splits commit into multiple smaller commits and separates cosmetic,
  documentation, and logic changes
- Updates documentation more sensibly
- Fixes bug in size computation and handles ULONG_MAX bound overflow

v3:
https://lore.kernel.org/all/fik5ys53dbkpkl22o4s7sw7cxi6dqjcpm2f3kno5tyms73jm5y@buo4jsktsnrt/
- Added tabulation to delineate entries
- Fixed formatting issues with mailer and rebased to mm/linus

v2:
https://lore.kernel.org/r/20240423142307.495726312-1-mbland@motorola.com
- Rebased onto linux-next/akpm (the incorrect branch)

v1:
https://lore.kernel.org/all/20240423121820.874441838-1-mbland@motorola.com/

Maxwell Bland (6):
  mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP
  arm64: add APTable encoding to pagetable defs
  arm64: table descriptor ptdump support
  arm64: indent ptdump by level, aligning attributes
  arm64: exclusive upper bound for ptdump entries
  arm64: add attrs and format to ptdump document

 Documentation/arch/arm64/ptdump.rst    | 131 ++++++++++-----------
 arch/arm64/Kconfig                     |   1 +
 arch/arm64/include/asm/pgtable-hwdef.h |   6 +
 arch/arm64/mm/ptdump.c                 | 150 +++++++++++++++++++------
 mm/Kconfig.debug                       |   8 ++
 mm/ptdump.c                            |  26 +++--
 6 files changed, 214 insertions(+), 108 deletions(-)

-- 
2.43.0

[PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP

[Maxwell Bland]

Provide a Kconfig option indicating if note_page can be called for
intermediate page directories during ptdump.

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 mm/Kconfig.debug |  8 ++++++++
 mm/ptdump.c      | 26 ++++++++++++++++++--------
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
index afc72fde0f03..41071539bf9e 100644
--- a/mm/Kconfig.debug
+++ b/mm/Kconfig.debug
@@ -201,6 +201,14 @@ config PTDUMP_DEBUGFS
 
 	  If in doubt, say N.
 
+config ARCH_SUPPORTS_NON_LEAF_PTDUMP
+	bool "Include intermediate directory entries in pagetable dumps"
+	help
+	  Enable the inclusion of intermediate page directory entries in calls
+	  to the ptdump API. Once an architecture defines correct ptdump
+	  behavior for PGD, PUD, P4D, and PMD entries, this config can be
+	  selected.
+
 config HAVE_DEBUG_KMEMLEAK
 	bool
 
diff --git a/mm/ptdump.c b/mm/ptdump.c
index 106e1d66e9f9..3c8eea232282 100644
--- a/mm/ptdump.c
+++ b/mm/ptdump.c
@@ -26,6 +26,11 @@ static inline int note_kasan_page_table(struct mm_walk *walk,
 }
 #endif
 
+static inline bool has_non_leaf_ptdump(void)
+{
+	return IS_ENABLED(CONFIG_ARCH_SUPPORTS_NON_LEAF_PTDUMP);
+}
+
 static int ptdump_pgd_entry(pgd_t *pgd, unsigned long addr,
 			    unsigned long next, struct mm_walk *walk)
 {
@@ -41,10 +46,11 @@ static int ptdump_pgd_entry(pgd_t *pgd, unsigned long addr,
 	if (st->effective_prot)
 		st->effective_prot(st, 0, pgd_val(val));
 
-	if (pgd_leaf(val)) {
+	if (has_non_leaf_ptdump() || pgd_leaf(val))
 		st->note_page(st, addr, 0, pgd_val(val));
+
+	if (pgd_leaf(val))
 		walk->action = ACTION_CONTINUE;
-	}
 
 	return 0;
 }
@@ -64,10 +70,11 @@ static int ptdump_p4d_entry(p4d_t *p4d, unsigned long addr,
 	if (st->effective_prot)
 		st->effective_prot(st, 1, p4d_val(val));
 
-	if (p4d_leaf(val)) {
+	if (has_non_leaf_ptdump() || p4d_leaf(val))
 		st->note_page(st, addr, 1, p4d_val(val));
+
+	if (p4d_leaf(val))
 		walk->action = ACTION_CONTINUE;
-	}
 
 	return 0;
 }
@@ -87,10 +94,11 @@ static int ptdump_pud_entry(pud_t *pud, unsigned long addr,
 	if (st->effective_prot)
 		st->effective_prot(st, 2, pud_val(val));
 
-	if (pud_leaf(val)) {
+	if (has_non_leaf_ptdump() || pud_leaf(val))
 		st->note_page(st, addr, 2, pud_val(val));
+
+	if (pud_leaf(val))
 		walk->action = ACTION_CONTINUE;
-	}
 
 	return 0;
 }
@@ -108,10 +116,12 @@ static int ptdump_pmd_entry(pmd_t *pmd, unsigned long addr,
 
 	if (st->effective_prot)
 		st->effective_prot(st, 3, pmd_val(val));
-	if (pmd_leaf(val)) {
+
+	if (has_non_leaf_ptdump() || pmd_leaf(val))
 		st->note_page(st, addr, 3, pmd_val(val));
+
+	if (pmd_leaf(val))
 		walk->action = ACTION_CONTINUE;
-	}
 
 	return 0;
 }
-- 
2.43.0

Re: [PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP

[kernel test robot]

Hello,

kernel test robot noticed "WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page" on:

commit: 14095f3901f4e6cf7be49ce2b0b6477bcc9613b8 ("[PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP")
url: https://github.com/intel-lab-lkp/linux/commits/Maxwell-Bland/mm-add-ARCH_SUPPORTS_NON_LEAF_PTDUMP/20240626-022827
base: https://git.kernel.org/cgit/linux/kernel/git/arm64/linux.git for-next/core
patch link: https://lore.kernel.org/all/yrgrhwfbl7rnmgekiolmojutaqf24x5zphyrwijakzma5pjhre@3yncjv5tqvar/
patch subject: [PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP

in testcase: rcutorture
version: 
with following parameters:

	runtime: 300s
	test: cpuhotplug
	torture_type: srcu



compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+-----------------------------------------------------+------------+------------+
|                                                     | 39b9075172 | 14095f3901 |
+-----------------------------------------------------+------------+------------+
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 0          | 12         |
| RIP:note_page                                       | 0          | 12         |
+-----------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202407051002.96bf438-oliver.sang@intel.com


[   12.539216][    T1] ------------[ cut here ]------------
[   12.539661][    T1] x86/mm: Found insecure W+X mapping at address 0xffff8a0000000000
[ 12.540267][ T1] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:248 note_page (arch/x86/mm/dump_pagetables.c:246) 
[   12.540995][    T1] Modules linked in:
[   12.541300][    T1] CPU: 0 PID: 1 Comm: swapper Not tainted 6.10.0-rc3-00027-g14095f3901f4 #1
[ 12.541987][ T1] RIP: 0010:note_page (arch/x86/mm/dump_pagetables.c:246) 
[ 12.542465][ T1] Code: 0d ba e8 2a 28 0a 01 e9 78 fe ff ff e8 a0 17 1a 00 c6 05 e5 bc 72 02 01 90 48 8b 73 58 48 c7 c7 00 91 16 ba e8 08 d2 08 00 90 <0f> 0b 90 90 e9 5f f7 ff ff e8 79 17 1a 00 89 ee 48 c7 c7 f0 34 46
All code
========
   0:	0d ba e8 2a 28       	or     $0x282ae8ba,%eax
   5:	0a 01                	or     (%rcx),%al
   7:	e9 78 fe ff ff       	jmp    0xfffffffffffffe84
   c:	e8 a0 17 1a 00       	call   0x1a17b1
  11:	c6 05 e5 bc 72 02 01 	movb   $0x1,0x272bce5(%rip)        # 0x272bcfd
  18:	90                   	nop
  19:	48 8b 73 58          	mov    0x58(%rbx),%rsi
  1d:	48 c7 c7 00 91 16 ba 	mov    $0xffffffffba169100,%rdi
  24:	e8 08 d2 08 00       	call   0x8d231
  29:	90                   	nop
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	e9 5f f7 ff ff       	jmp    0xfffffffffffff792
  33:	e8 79 17 1a 00       	call   0x1a17b1
  38:	89 ee                	mov    %ebp,%esi
  3a:	48                   	rex.W
  3b:	c7                   	.byte 0xc7
  3c:	c7                   	(bad)
  3d:	f0 34 46             	lock xor $0x46,%al

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	90                   	nop
   3:	90                   	nop
   4:	e9 5f f7 ff ff       	jmp    0xfffffffffffff768
   9:	e8 79 17 1a 00       	call   0x1a1787
   e:	89 ee                	mov    %ebp,%esi
  10:	48                   	rex.W
  11:	c7                   	.byte 0xc7
  12:	c7                   	(bad)
  13:	f0 34 46             	lock xor $0x46,%al
[   12.544127][    T1] RSP: 0000:ffffab0600013c40 EFLAGS: 00010293
[   12.548776][    T1] RAX: ffffffffb85090a7 RBX: ffffab0600013e38 RCX: ffff8a1f806b8000
[   12.549432][    T1] RDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffba63a550
[   12.550073][    T1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[   12.550737][    T1] R10: 0000000000000000 R11: ffffffffb8ca1100 R12: 0000000000000000
[   12.551383][    T1] R13: ffff8a0000000000 R14: 0000000000000067 R15: 0000000000000067
[   12.552048][    T1] FS:  0000000000000000(0000) GS:ffffffffba45f000(0000) knlGS:0000000000000000
[   12.552780][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   12.553335][    T1] CR2: ffff8a22bffff000 CR3: 0000000102c30000 CR4: 00000000000406b0
[   12.553993][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   12.554730][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   12.555398][    T1] Call Trace:
[   12.555676][    T1]  <TASK>
[ 12.555924][ T1] ? __warn (kernel/panic.c:239) 
[ 12.556257][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:246) 
[ 12.556625][ T1] ? report_bug (lib/bug.c:?) 
[ 12.557009][ T1] ? handle_bug (arch/x86/kernel/traps.c:239) 
[ 12.557371][ T1] ? exc_invalid_op (arch/x86/kernel/traps.c:260) 
[ 12.557760][ T1] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) 
[ 12.558171][ T1] ? io_serial_in (arch/x86/kernel/early_printk.c:121) 
[ 12.558591][ T1] ? __warn_printk (include/linux/context_tracking.h:155) 
[ 12.559010][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:246) 
[ 12.559384][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:252) 
[ 12.559751][ T1] ptdump_p4d_entry (mm/ptdump.c:79) 
[ 12.560149][ T1] walk_pgd_range (mm/pagewalk.c:250) 
[ 12.560567][ T1] ? lock_acquire (kernel/locking/lockdep.c:5754) 
[ 12.560941][ T1] walk_page_range_novma (mm/pagewalk.c:589) 
[ 12.561367][ T1] ptdump_walk_pgd (mm/ptdump.c:167) 
[ 12.561761][ T1] ? rest_init (init/main.c:1459) 
[ 12.562131][ T1] ptdump_walk_pgd_level_checkwx (arch/x86/mm/dump_pagetables.c:395 arch/x86/mm/dump_pagetables.c:444) 
[ 12.562636][ T1] ? ptdump_walk_pgd_level_core (arch/x86/mm/dump_pagetables.c:276) 
[ 12.563115][ T1] ? note_page (arch/x86/mm/dump_pagetables.c:252) 
[ 12.563477][ T1] ? rest_init (init/main.c:1459) 
[ 12.563839][ T1] kernel_init (init/main.c:1483) 
[ 12.564187][ T1] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 12.564550][ T1] ? rest_init (init/main.c:1459) 
[ 12.564897][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:254) 
[   12.565276][    T1]  </TASK>
[   12.565526][    T1] irq event stamp: 789373
[ 12.565883][ T1] hardirqs last enabled at (789381): console_unlock (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 kernel/printk/printk.c:341 kernel/printk/printk.c:2746 kernel/printk/printk.c:3065) 
[ 12.566712][ T1] hardirqs last disabled at (789390): console_unlock (kernel/printk/printk.c:339) 
[ 12.567498][ T1] softirqs last enabled at (789142): __irq_exit_rcu (include/linux/sched.h:2189 kernel/softirq.c:620 kernel/softirq.c:639) 
[ 12.568260][ T1] softirqs last disabled at (789131): __irq_exit_rcu (include/linux/sched.h:2189 kernel/softirq.c:620 kernel/softirq.c:639) 
[   12.569027][    T1] ---[ end trace 0000000000000000 ]---



The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240705/202407051002.96bf438-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v5 1/6] mm: add ARCH_SUPPORTS_NON_LEAF_PTDUMP

[Maxwell Bland]

On Fri, Jul 05, 2024 at 10:52:26AM GMT, kernel test robot wrote:
> 
> 
> Hello,
> 
> kernel test robot noticed "WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page" on:
> 
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20240705/202407051002.96bf438-oliver.sang@intel.com
> 

Note this config has CONFIG_ARCH_SUPPORTS_NON_LEAF_PTDUMP=y, added by
this patchset, but x86 does not yet support non-leaf ptdump semantics.

x86 support is on my TODOs, but I am caught up in other work (a LSM
and/or *.ko preventing dynamically-allocated datastructure write
gadgets! (-: ).

Regards,
Maxwell Bland

[PATCH v5 2/6] arm64: add APTable encoding to pagetable defs

[Maxwell Bland]

Add in the APTable permission bit encoding to describe table-level
hierarchical access control

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 arch/arm64/include/asm/pgtable-hwdef.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
index 9943ff0af4c9..8c229fc96c0a 100644
--- a/arch/arm64/include/asm/pgtable-hwdef.h
+++ b/arch/arm64/include/asm/pgtable-hwdef.h
@@ -146,6 +146,11 @@
 #define PMD_SECT_UXN		(_AT(pmdval_t, 1) << 54)
 #define PMD_TABLE_PXN		(_AT(pmdval_t, 1) << 59)
 #define PMD_TABLE_UXN		(_AT(pmdval_t, 1) << 60)
+/*
+ * APTable[1:0] encoding for hierarchical data access control
+ */
+#define PMD_TABLE_KERN		(_AT(pmdval_t, 1) << 61)
+#define PMD_TABLE_PRDONLY	(_AT(pmdval_t, 1) << 62)
 
 /*
  * AttrIndx[2:0] encoding (mapping attributes defined in the MAIR* registers).
-- 
2.43.0

[PATCH v5 3/6] arm64: table descriptor ptdump support

[Maxwell Bland]

Distinguish between table and block descriptor attribute bitfields,
enable the Kconfig option to print table descriptors and intermediate
page table entries, and support printing of attributes specific to table
descriptors, such as PXNTable.

This is useful when debugging protection systems that leverage
hierarchical access control.

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 arch/arm64/Kconfig     |   1 +
 arch/arm64/mm/ptdump.c | 142 +++++++++++++++++++++++++++++++----------
 2 files changed, 108 insertions(+), 35 deletions(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 5d91259ee7b5..f4c3290160db 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -98,6 +98,7 @@ config ARM64
 	select ARCH_SUPPORTS_NUMA_BALANCING
 	select ARCH_SUPPORTS_PAGE_TABLE_CHECK
 	select ARCH_SUPPORTS_PER_VMA_LOCK
+	select ARCH_SUPPORTS_NON_LEAF_PTDUMP
 	select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
 	select ARCH_WANT_COMPAT_IPC_PARSE_VERSION if COMPAT
 	select ARCH_WANT_DEFAULT_BPF_JIT
diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c
index 6986827e0d64..33ca6d182a6a 100644
--- a/arch/arm64/mm/ptdump.c
+++ b/arch/arm64/mm/ptdump.c
@@ -24,6 +24,7 @@
 #include <asm/memory.h>
 #include <asm/pgtable-hwdef.h>
 #include <asm/ptdump.h>
+#include <asm/pgalloc.h>
 
 
 #define pt_dump_seq_printf(m, fmt, args...)	\
@@ -64,7 +65,7 @@ struct prot_bits {
 	const char	*clear;
 };
 
-static const struct prot_bits pte_bits[] = {
+static const struct prot_bits blk_bits[] = {
 	{
 		.mask	= PTE_VALID,
 		.val	= PTE_VALID,
@@ -78,13 +79,13 @@ static const struct prot_bits pte_bits[] = {
 	}, {
 		.mask	= PTE_RDONLY,
 		.val	= PTE_RDONLY,
-		.set	= "ro",
+		.set	= "RO",
 		.clear	= "RW",
 	}, {
 		.mask	= PTE_PXN,
 		.val	= PTE_PXN,
 		.set	= "NX",
-		.clear	= "x ",
+		.clear	= "X ",
 	}, {
 		.mask	= PTE_SHARED,
 		.val	= PTE_SHARED,
@@ -142,44 +143,101 @@ static const struct prot_bits pte_bits[] = {
 		.set	= "MEM/NORMAL-TAGGED",
 	}
 };
+static const size_t num_blk_bits = ARRAY_SIZE(blk_bits);
+
+static const struct prot_bits tbl_bits[] = {
+	{
+		.mask	= PTE_VALID,
+		.val	= PTE_VALID,
+		.set	= " ",
+		.clear	= "F",
+	}, {
+		.mask	= PMD_TABLE_BIT,
+		.val	= PMD_TABLE_BIT,
+		.set	= "TBL",
+		.clear	= "   ",
+	}, {
+		.mask	= PTE_AF,
+		.val	= PTE_AF,
+		.set	= "AF",
+		.clear	= "  ",
+	}, {
+		.mask	= PMD_TABLE_PXN,
+		.val	= PMD_TABLE_PXN,
+		.set	= "NX",
+		.clear	= "     ",
+	}, {
+		.mask	= PMD_TABLE_UXN,
+		.val	= PMD_TABLE_UXN,
+		.set	= "UXN",
+		.clear	= "      ",
+	}, {
+		.mask	= PMD_TABLE_KERN,
+		.val	= PMD_TABLE_KERN,
+		.set	= "KRN",
+		.clear	= "    "
+	}, {
+		.mask	= PMD_TABLE_PRDONLY,
+		.val	= PMD_TABLE_PRDONLY,
+		.set	= "RO",
+		.clear	= "RW"
+	}
+};
+static const size_t num_tbl_bits = ARRAY_SIZE(tbl_bits);
 
 struct pg_level {
-	const struct prot_bits *bits;
+	const struct prot_bits *blk_bits;
+	const struct prot_bits *tbl_bits;
 	char name[4];
-	int num;
 	u64 mask;
+	unsigned long size;
 };
 
 static struct pg_level pg_level[] __ro_after_init = {
 	{ /* pgd */
-		.name	= "PGD",
-		.bits	= pte_bits,
-		.num	= ARRAY_SIZE(pte_bits),
+		.name		= "PGD",
+		.blk_bits	= blk_bits,
+		.size		= PGDIR_SIZE,
+		.tbl_bits	= tbl_bits
 	}, { /* p4d */
-		.name	= "P4D",
-		.bits	= pte_bits,
-		.num	= ARRAY_SIZE(pte_bits),
+		.name		= "P4D",
+		.blk_bits	= blk_bits,
+		.size		= P4D_SIZE,
+		.tbl_bits	= tbl_bits
 	}, { /* pud */
-		.name	= "PUD",
-		.bits	= pte_bits,
-		.num	= ARRAY_SIZE(pte_bits),
+		.name		= "PUD",
+		.blk_bits	= blk_bits,
+		.size		= PUD_SIZE,
+		.tbl_bits	= tbl_bits
 	}, { /* pmd */
-		.name	= "PMD",
-		.bits	= pte_bits,
-		.num	= ARRAY_SIZE(pte_bits),
+		.name		= "PMD",
+		.blk_bits	= blk_bits,
+		.size		= PMD_SIZE,
+		.tbl_bits	= tbl_bits
 	}, { /* pte */
-		.name	= "PTE",
-		.bits	= pte_bits,
-		.num	= ARRAY_SIZE(pte_bits),
+		.name		= "PTE",
+		.blk_bits	= blk_bits,
+		.size		= PAGE_SIZE,
+		.tbl_bits	= NULL
 	},
 };
 
-static void dump_prot(struct pg_state *st, const struct prot_bits *bits,
-			size_t num)
+static void dump_prot(struct pg_state *st, struct pg_level level)
 {
 	unsigned i;
+	const struct prot_bits *bits;
+	int num_bits;
 
-	for (i = 0; i < num; i++, bits++) {
+	if ((st->current_prot & PTE_TABLE_BIT) == PTE_TABLE_BIT &&
+	    level.tbl_bits) {
+		bits = level.tbl_bits;
+		num_bits = num_tbl_bits;
+	} else {
+		bits = level.blk_bits;
+		num_bits = num_blk_bits;
+	}
+
+	for (i = 0; i < num_bits; i++, bits++) {
 		const char *s;
 
 		if ((st->current_prot & bits->mask) == bits->val)
@@ -251,21 +309,30 @@ static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 			note_prot_wx(st, addr);
 		}
 
-		pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
-				   st->start_address, addr);
+		if (st->start_address == addr) {
+			if (check_add_overflow(addr, pg_level[st->level].size,
+					       &delta))
+				delta = ULONG_MAX - addr + 1;
+			else
+				delta = pg_level[st->level].size;
+			pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
+					   addr, addr + delta);
+		} else {
+			delta = (addr - st->start_address);
+			pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
+					   st->start_address, addr);
+		}
 
-		delta = (addr - st->start_address) >> 10;
+		delta >>= 10;
 		while (!(delta & 1023) && unit[1]) {
 			delta >>= 10;
 			unit++;
 		}
 		pt_dump_seq_printf(st->seq, "%9lu%c %s", delta, *unit,
 				   pg_level[st->level].name);
-		if (st->current_prot && pg_level[st->level].bits)
-			dump_prot(st, pg_level[st->level].bits,
-				  pg_level[st->level].num);
+		if (st->current_prot && pg_level[st->level].blk_bits)
+			dump_prot(st, pg_level[st->level]);
 		pt_dump_seq_puts(st->seq, "\n");
-
 		if (addr >= st->marker[1].start_address) {
 			st->marker++;
 			pt_dump_seq_printf(st->seq, "---[ %s ]---\n", st->marker->name);
@@ -311,11 +378,16 @@ void ptdump_walk(struct seq_file *s, struct ptdump_info *info)
 static void __init ptdump_initialize(void)
 {
 	unsigned i, j;
-
-	for (i = 0; i < ARRAY_SIZE(pg_level); i++)
-		if (pg_level[i].bits)
-			for (j = 0; j < pg_level[i].num; j++)
-				pg_level[i].mask |= pg_level[i].bits[j].mask;
+	struct pg_level *level = pg_level;
+
+	for (i = 0; i < ARRAY_SIZE(pg_level); i++, level++) {
+		if (level->blk_bits)
+			for (j = 0; j < num_blk_bits; j++)
+				level->mask |= level->blk_bits[j].mask;
+		if (level->tbl_bits)
+			for (j = 0; j < num_tbl_bits; j++)
+				level->mask |= level->tbl_bits[j].mask;
+	}
 }
 
 static struct ptdump_info kernel_ptdump_info __ro_after_init = {
-- 
2.43.0

[PATCH v5 4/6] arm64: indent ptdump by level, aligning attributes

[Maxwell Bland]

Outputs each level of the page table with two additional spaces for
parsers, distinction, and readability while maintaining the alignment of
region size and attributes.

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 arch/arm64/mm/ptdump.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c
index 33ca6d182a6a..0660b74413a2 100644
--- a/arch/arm64/mm/ptdump.c
+++ b/arch/arm64/mm/ptdump.c
@@ -303,6 +303,10 @@ static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 		   addr >= st->marker[1].start_address) {
 		const char *unit = units;
 		unsigned long delta;
+		unsigned int i;
+
+		for (i = 0; i < st->level; i++)
+			pt_dump_seq_printf(st->seq, "  ");
 
 		if (st->current_prot) {
 			note_prot_uxn(st, addr);
@@ -323,6 +327,10 @@ static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 					   st->start_address, addr);
 		}
 
+		/* Align region information regardlesss of level */
+		for (i = st->level; i < 4; i++)
+			pt_dump_seq_printf(st->seq, "  ");
+
 		delta >>= 10;
 		while (!(delta & 1023) && unit[1]) {
 			delta >>= 10;
-- 
2.43.0

[PATCH v5 5/6] arm64: exclusive upper bound for ptdump entries

[Maxwell Bland]

Update the upper bound of all ptdump entries to not include the byte
which is actually governed by the next entry. As the lowest byte is
included and governed, this makes the size specifications exact.

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 arch/arm64/mm/ptdump.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c
index 0660b74413a2..f13acf9b1cd8 100644
--- a/arch/arm64/mm/ptdump.c
+++ b/arch/arm64/mm/ptdump.c
@@ -320,11 +320,11 @@ static void note_page(struct ptdump_state *pt_st, unsigned long addr, int level,
 			else
 				delta = pg_level[st->level].size;
 			pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
-					   addr, addr + delta);
+					   addr, addr + delta - 1);
 		} else {
 			delta = (addr - st->start_address);
 			pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx   ",
-					   st->start_address, addr);
+					   st->start_address, addr - 1);
 		}
 
 		/* Align region information regardlesss of level */
-- 
2.43.0

[PATCH v5 6/6] arm64: add attrs and format to ptdump document

[Maxwell Bland]

Update the ptdump content with a precise explanation of the attribute
symbols and the coalescing of identical entries implicit in the code.

Remove unnecessary layout example given the existing cat example,
and opt instead for a precise, clear explanation of address markers,
format, attributes.

Update example to match the new cosmetic and intermediate-directory
printing changes.

Signed-off-by: Maxwell Bland <mbland@motorola.com>
---
 Documentation/arch/arm64/ptdump.rst | 126 ++++++++++++++--------------
 1 file changed, 61 insertions(+), 65 deletions(-)

diff --git a/Documentation/arch/arm64/ptdump.rst b/Documentation/arch/arm64/ptdump.rst
index 5dcfc5d7cddf..785b96ab2e89 100644
--- a/Documentation/arch/arm64/ptdump.rst
+++ b/Documentation/arch/arm64/ptdump.rst
@@ -29,68 +29,64 @@ configurations and mount debugfs::
  mount -t debugfs nodev /sys/kernel/debug
  cat /sys/kernel/debug/kernel_page_tables
 
-On analysing the output of ``cat /sys/kernel/debug/kernel_page_tables``
-one can derive information about the virtual address range of the entry,
-followed by size of the memory region covered by this entry, the
-hierarchical structure of the page tables and finally the attributes
-associated with each page. The page attributes provide information about
-access permissions, execution capability, type of mapping such as leaf
-level PTE or block level PGD, PMD and PUD, and access status of a page
-within the kernel memory. Assessing these attributes can assist in
-understanding the memory layout, access patterns and security
-characteristics of the kernel pages.
-
-Kernel virtual memory layout example::
-
- start address        end address         size             attributes
- +---------------------------------------------------------------------------------------+
- | ---[ Linear Mapping start ]---------------------------------------------------------- |
- | ..................                                                                    |
- | 0xfff0000000000000-0xfff0000000210000  2112K PTE RW NX SHD AF  UXN  MEM/NORMAL-TAGGED |
- | 0xfff0000000210000-0xfff0000001c00000 26560K PTE ro NX SHD AF  UXN  MEM/NORMAL        |
- | ..................                                                                    |
- | ---[ Linear Mapping end ]------------------------------------------------------------ |
- +---------------------------------------------------------------------------------------+
- | ---[ Modules start ]----------------------------------------------------------------- |
- | ..................                                                                    |
- | 0xffff800000000000-0xffff800008000000   128M PTE                                      |
- | ..................                                                                    |
- | ---[ Modules end ]------------------------------------------------------------------- |
- +---------------------------------------------------------------------------------------+
- | ---[ vmalloc() area ]---------------------------------------------------------------- |
- | ..................                                                                    |
- | 0xffff800008010000-0xffff800008200000  1984K PTE ro x  SHD AF       UXN  MEM/NORMAL   |
- | 0xffff800008200000-0xffff800008e00000    12M PTE ro x  SHD AF  CON  UXN  MEM/NORMAL   |
- | ..................                                                                    |
- | ---[ vmalloc() end ]----------------------------------------------------------------- |
- +---------------------------------------------------------------------------------------+
- | ---[ Fixmap start ]------------------------------------------------------------------ |
- | ..................                                                                    |
- | 0xfffffbfffdb80000-0xfffffbfffdb90000    64K PTE ro x  SHD AF  UXN  MEM/NORMAL        |
- | 0xfffffbfffdb90000-0xfffffbfffdba0000    64K PTE ro NX SHD AF  UXN  MEM/NORMAL        |
- | ..................                                                                    |
- | ---[ Fixmap end ]-------------------------------------------------------------------- |
- +---------------------------------------------------------------------------------------+
- | ---[ PCI I/O start ]----------------------------------------------------------------- |
- | ..................                                                                    |
- | 0xfffffbfffe800000-0xfffffbffff800000    16M PTE                                      |
- | ..................                                                                    |
- | ---[ PCI I/O end ]------------------------------------------------------------------- |
- +---------------------------------------------------------------------------------------+
- | ---[ vmemmap start ]----------------------------------------------------------------- |
- | ..................                                                                    |
- | 0xfffffc0002000000-0xfffffc0002200000     2M PTE RW NX SHD AF  UXN  MEM/NORMAL        |
- | 0xfffffc0002200000-0xfffffc0020000000   478M PTE                                      |
- | ..................                                                                    |
- | ---[ vmemmap end ]------------------------------------------------------------------- |
- +---------------------------------------------------------------------------------------+
-
-``cat /sys/kernel/debug/kernel_page_tables`` output::
-
- 0xfff0000001c00000-0xfff0000080000000     2020M PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
- 0xfff0000080000000-0xfff0000800000000       30G PMD
- 0xfff0000800000000-0xfff0000800700000        7M PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
- 0xfff0000800700000-0xfff0000800710000       64K PTE  ro NX SHD AF   UXN    MEM/NORMAL-TAGGED
- 0xfff0000800710000-0xfff0000880000000  2089920K PTE  RW NX SHD AF   UXN    MEM/NORMAL-TAGGED
- 0xfff0000880000000-0xfff0040000000000     4062G PMD
- 0xfff0040000000000-0xffff800000000000     3964T PGD
+``/sys/kernel/debug/kernel_page_tables`` provides a line of information
+for each group of page table entries sharing the same attributes and
+type of mapping, i.e. page descriptor PTE or table descriptor PGD, PMD,
+and PUD.  Assessing these attributes can assist in determining memory
+layout, access patterns and security characteristics of the kernel
+pages.
+
+Lines are formatted as follows::
+
+ <start_vaddr>-<end_vaddr> <size> <type> <attributes>
+
+Note that the set of attributes, and therefore formatting, is not
+equivalent between block (or page) and table descriptor entries. For
+example, PMD table descriptors can support the PXNTable permission bit
+and do not share that same set of attributes as PTEs.
+
+The following attributes are presently supported::
+
+F		Entry is invalid
+RO		Memory is read-only
+RW		Memory is read-write
+X		Memory is privileged executable
+NX		Memory is privileged execute never
+UXN		Memory is unprivileged execute never
+USR		Memory is unprivileged accessible
+KRN		Memory is unprivileged inaccessible (e.g. APTable bits)
+SHD		Memory is shared
+AF		Entry accessed flag is set
+NG		Entry Not-Global flag is set
+CON		Entry contiguous bit is set
+GP		Page is guarded with branch target integrity protection
+TBL		Entry is a table descriptor
+BLK		Entry is a block descriptor
+DEVICE/*	Entry is device memory, see ARM reference for types
+MEM/*		Entry is non-device memory, see ARM reference for types
+
+The beginning and end of each region is also delineated by a single line
+tag in the following format::
+
+ ---[ <marker_name> ]---
+
+With supported address markers including the kernel's linear mapping,
+kasan shadow memory, kernel modules memory, vmalloc memory, PCI I/O
+memory, and the kernel's fixmap region.
+
+Example ``cat /sys/kernel/debug/kernel_page_tables`` output::
+
+ ---[ Linear Mapping start ]---
+ 0xffff000000000000-0xffff1affffffffff                  27T PGD
+ 0xffff1b0000000000-0xffffffffffffffff                 229T PGD   TBL    NX UXN      RW
+     0xffff1b0000000000-0xffff1b397fffffff             230G PUD
+     0xffff1b3980000000-0xffff1b39bfffffff               1G PUD   TBL    NX UXN      RW
+       0xffff1b3980000000-0xffff1b39801fffff             2M PMD   TBL    NX UXN      RW
+         0xffff1b3980000000-0xffff1b39801fffff           2M PTE       RW NX SHD AF NG         UXN    MEM/NORMAL-TAGGED
+       0xffff1b3980200000-0xffff1b39803fffff             2M PMD   TBL    NX UXN      RW
+         0xffff1b3980200000-0xffff1b398020ffff          64K PTE       RW NX SHD AF NG         UXN    MEM/NORMAL-TAGGED
+         0xffff1b3980210000-0xffff1b39803fffff        1984K PTE       RO NX SHD AF NG         UXN    MEM/NORMAL
+       0xffff1b3980400000-0xffff1b3981dfffff            26M PMD       RO NX SHD AF NG     BLK UXN    MEM/NORMAL
+       0xffff1b3981e00000-0xffff1b3981ffffff             2M PMD   TBL    NX UXN      RW
+         0xffff1b3981e00000-0xffff1b3981e1ffff         128K PTE       RO NX SHD AF NG         UXN    MEM/NORMAL
+         0xffff1b3981e20000-0xffff1b3981ffffff        1920K PTE       RW NX SHD AF NG         UXN    MEM/NORMAL-TAGGED
-- 
2.43.0

Re: [PATCH v5 6/6] arm64: add attrs and format to ptdump document

[Randy Dunlap]

On 6/24/24 3:16 PM, Maxwell Bland wrote:
> Update the ptdump content with a precise explanation of the attribute
> symbols and the coalescing of identical entries implicit in the code.
> 
> Remove unnecessary layout example given the existing cat example,
> and opt instead for a precise, clear explanation of address markers,
> format, attributes.
> 
> Update example to match the new cosmetic and intermediate-directory
> printing changes.
> 
> Signed-off-by: Maxwell Bland <mbland@motorola.com>
> ---
>  Documentation/arch/arm64/ptdump.rst | 126 ++++++++++++++--------------
>  1 file changed, 61 insertions(+), 65 deletions(-)

This now passes my review FWIW. Thanks.

Reviewed-by: Randy Dunlap <rdunlap@infradead.org>

-- 
~Randy