From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19F25D0EE19 for ; Fri, 11 Oct 2024 18:12:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8A7B76B00AA; Fri, 11 Oct 2024 14:12:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 858926B00AD; Fri, 11 Oct 2024 14:12:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F8016B00AE; Fri, 11 Oct 2024 14:12:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 54BA86B00AA for ; Fri, 11 Oct 2024 14:12:13 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 33464141133 for ; Fri, 11 Oct 2024 18:12:08 +0000 (UTC) X-FDA: 82662115662.23.B9E6DD9 Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by imf04.hostedemail.com (Postfix) with ESMTP id F423F40012 for ; Fri, 11 Oct 2024 18:12:06 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=XYgmNTJb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf04.hostedemail.com: domain of jannh@google.com designates 209.85.167.48 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728670228; a=rsa-sha256; cv=none; b=O0qILhDqp9KPHFIs+4AXH0wq96ceJTTRSkDbM/S9Cd/GXus6avs0K0s+bC1Ylevj18UlLL 5jehQXLJtCBpAyNYTHd220l/+vBpOfDNoehBSPbRc2bHcEjS8ei67vGPtjL6s8XZNFUAiN OFQOseTq33wshIkCulXYhkKE6tErjik= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=XYgmNTJb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf04.hostedemail.com: domain of jannh@google.com designates 209.85.167.48 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728670228; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=U4QUEAvuItTJMy94+jKLWqoCIp0W+URFrqf/vG7UNuo=; b=urBDQmuXwpn5HHH/ZoPHBErffUBNJ0vog6+KtCk0+C8iYjcpEvUrOO6jel1dLhsqtoHqnS H23d/yZ3M9lPF/IcIyhb72rWnNai5IkmvQWDHcuRAFadon99rBr3YsQc+X+5cXIWX3JhW4 kC3rCK2qqIlbZZ7iFV/6Y0NAABmRS/A= Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-5398c2e4118so2944e87.0 for ; Fri, 11 Oct 2024 11:12:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728670329; x=1729275129; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=U4QUEAvuItTJMy94+jKLWqoCIp0W+URFrqf/vG7UNuo=; b=XYgmNTJbxpcVu6x0OvjiMrbu8grRvCaV2e3B5J2X/eF1Vv0NKAmRU3rhT2yq1F3O7r 2dSrjz7H3GnhPmeuQxLCyW1NQgk5i+HI8s4cnCpwKpOz4mo87QkupmBMbY4fLW5nkt4j tV5p94lCE+w/qmaK17OZItqnd1WZyvuqIJzQh9q3/kkBijlzNFjvzWsCFsVThj9Eo5jJ gTkiTZ6KzRak52pswSOh+kdP7Oo76EJMNWhcKmmZnFQldu2wKLQaI5itzgp28tdu24Yu HibYq+Sfe2O/oVAU5K61i0pb2Xq4zFMl3OFoTaWjUn93FZZ+wvqC7FG4YWUBWXc+tLjZ gdqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728670329; x=1729275129; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U4QUEAvuItTJMy94+jKLWqoCIp0W+URFrqf/vG7UNuo=; b=BoSAXKnV640bkoJBjC06AIGhqf9bHXG/Co9LHOVbvQatf+JVYlizPkeqY7QH/6G19G 9IEkJHykL6NmD5HABihq817h1cK90Lks6t+rbPHC62jm46Hioy7oaWYqmdx8a85IxgX1 faVCloO5KOr2R0R/w+5Ug/GmRNZTv75FLpBCmjN5EhlMMTwiWy3M2urnf/2ebJ4UktWJ lMBiMU6BkuCUjvVjW8AEhkL1+lurpwdqOkyugFRm8myowhZOvyejG9T9ZFI9FcJBAvzw yA+BYRmPIxTOlYUkmSuFuw1aY51NZo+9wUyorifRewwQsbG59Y55NgapFjjbQuklJvhV iZQg== X-Forwarded-Encrypted: i=1; AJvYcCVuorI83Fz/PizHKwwEDu0o6bI5USg4EFYZACIK/FX9R4wng18N/Cp2g2qAAmcLYJg74A+Z+Ncepg==@kvack.org X-Gm-Message-State: AOJu0YyvKaUOv/T8Z8mAOhw48YJl/b2TXgxWj3c2G7YcVZJ85/5Hqb2w BqencCZ787aEqw7T4fx4gERpTji7HsAeV6oHLXEPk9Md8E0jmbGPYx0KocNF0CXPojj3X7IZLTF UE0XPsmYegVoZL1vHuiuzei6no4I88wrguLsv X-Google-Smtp-Source: AGHT+IHszcTOAJDo9suMTQpE1T+TwsQ+ZbV6e4c4tPFut+YhcBxxSfRiq/t0zWe2x2NaGNCWK9O+TN7sCAdr7VBETHA= X-Received: by 2002:a05:6512:2821:b0:535:3d14:1313 with SMTP id 2adb3069b0e04-539e5e762e7mr28704e87.0.1728670328709; Fri, 11 Oct 2024 11:12:08 -0700 (PDT) MIME-Version: 1.0 References: <03570f8a0ad2a9c0a92cc0c594e375c4185eccdc.1727440966.git.lorenzo.stoakes@oracle.com> In-Reply-To: <03570f8a0ad2a9c0a92cc0c594e375c4185eccdc.1727440966.git.lorenzo.stoakes@oracle.com> From: Jann Horn Date: Fri, 11 Oct 2024 20:11:32 +0200 Message-ID: Subject: Re: [RFC PATCH 2/4] mm: add PTE_MARKER_GUARD PTE marker To: Lorenzo Stoakes Cc: Andrew Morton , Suren Baghdasaryan , "Liam R . Howlett" , Matthew Wilcox , Vlastimil Babka , "Paul E . McKenney" , David Hildenbrand , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Muchun Song , Richard Henderson , Ivan Kokshaysky , Matt Turner , Thomas Bogendoerfer , "James E . J . Bottomley" , Helge Deller , Chris Zankel , Max Filippov , Arnd Bergmann , linux-alpha@vger.kernel.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linux-arch@vger.kernel.org, Shuah Khan , Christian Brauner , linux-kselftest@vger.kernel.org, Sidhartha Kumar Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: F423F40012 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: dy9hims4dxh7z6rzg1utmdiijuogregd X-HE-Tag: 1728670326-159998 X-HE-Meta: U2FsdGVkX1+96mwxXQ+M0Ivnp4vn3NNAN2ZEv/lVCjM4TUm+sVbB5pl7KBmtcxtYfdvLSewyuRTeHNtU5l3K0/XfvCiisiXBd9OJI+cOi1IpYJ6VFNokwvbqKD+Ry/pL8xlMdJY/qze1R3nyE0m83JeibzGnYPfPmzO17DE2MYM0FTHqqgFjewu8ZoE9pnxWUs/3FogZjPeU6cBM+aWy0QA2GWUVljO4hOzIGlQ3B+5pGi8H6u1rNYKlfehM3Vc8af7UFzSZYSrqvliJHPIshCmgIUeGveGJKjo0uPq4PCFlazvdU4zm013E4NI0PBoqy0ZDO0jZswVYuEMX8t2QdUNeuRmx8kVBJfiE6CkXg/p/f6OKRkwgxnnkJLEUs8Ub9MerlTTTsX0U4qTErm7iT7dNUjzBGOAhGcH0o0H7bmTwWnKxv1HnFw1cd2YEnfV/cjOwlLD9qouLfZ8qHlKPxNdswjRDJxq2zkjezraA7umah+qI2nndVclPwa6rU/LaQCYEpnsJhPY8EpZPPRIHrUj8zH899iXOdv2owhXVAdGY6XPgreq/Ipn7JKa+dJej5xyR+IOcBxvKQZg01zvR3hZFC8GJnMHji9UpWLLaK8BmzWDHLWdu+CbjJvsO1i71pQfsVllKd4qZKAmlVK0vJlVfDe+EUol4lXTjp1fzQ+oQAkAKUXxMWzP7JxQznKkx7S+bzpf3CiZG5whhfvVkVe5vVvlL8qD0g+VrAdZDTx1/P7Rd3WfivleUaxWGnE1G9Bo0OnKpyMA3mPg22POfwEN4BwaHp2JHZ3Aj6SBSxkH91e+WClDnv05zCv1Npjd+Qhj0Z8Rjx514Z8wufXCVJnyqymcAwpZTehFyWz/96hRVgbT0CqxokORLv4hsCxAbe9cIMys8guxIf3ozLdn816ya0le88pUsGwHUtrY4x2MfVFF6/Aiz0fQq9PDUkzyVYW1R/c5HrEBXkCnO89+ OWsbr96y HsZfIUpjHfPsFvpueX0W3NaPtSxSiMFgzQfe7350So3L8dxKJ7fXj14RyxpTvhrYclQ5yDHMPl6/+4pkDaue1u2/q1eUnYlIIakl7UsZdq/ZEQ6smztIDNuJGGRsNVYUShuDlkkWLMZ1CI0vfjAD3s257s7msKH7V8g+Str16bJAYbnrHMO4pa2X09pcz7QmFk/Z8REW3FGEX5riXeahDnrjFCtfa/2GBz2SaglFlYLU1IXtMtXB2lUOwvhHctbwMgHb/i9DdlvuSnjM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Sep 27, 2024 at 2:51=E2=80=AFPM Lorenzo Stoakes wrote: > Add a new PTE marker that results in any access causing the accessing > process to segfault. [...] > static inline int is_poisoned_swp_entry(swp_entry_t entry) > +{ > + /* > + * We treat guard pages as poisoned too as these have the same se= mantics > + * as poisoned ranges, only with different fault handling. > + */ > + return is_pte_marker_entry(entry) && > + (pte_marker_get(entry) & > + (PTE_MARKER_POISONED | PTE_MARKER_GUARD)); > +} This means MADV_FREE will also clear guard PTEs, right? > diff --git a/mm/memory.c b/mm/memory.c > index 5c6486e33e63..6c413c3d72fd 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1457,7 +1457,7 @@ static inline bool should_zap_folio(struct zap_deta= ils *details, > return !folio_test_anon(folio); > } > > -static inline bool zap_drop_file_uffd_wp(struct zap_details *details) > +static inline bool zap_drop_markers(struct zap_details *details) > { > if (!details) > return false; > @@ -1478,7 +1478,7 @@ zap_install_uffd_wp_if_needed(struct vm_area_struct= *vma, > if (vma_is_anonymous(vma)) > return; > > - if (zap_drop_file_uffd_wp(details)) > + if (zap_drop_markers(details)) > return; > > for (;;) { > @@ -1673,7 +1673,15 @@ static unsigned long zap_pte_range(struct mmu_gath= er *tlb, > * drop the marker if explicitly requested. > */ > if (!vma_is_anonymous(vma) && > - !zap_drop_file_uffd_wp(details)) > + !zap_drop_markers(details)) > + continue; > + } else if (is_guard_swp_entry(entry)) { > + /* > + * Ordinary zapping should not remove guard PTE > + * markers. Only do so if we should remove PTE ma= rkers > + * in general. > + */ > + if (!zap_drop_markers(details)) > continue; Just a comment: It's nice that the feature is restricted to anonymous VMAs, otherwise we'd have to figure out here what to do about unmap_mapping_folio() (which sets ZAP_FLAG_DROP_MARKER together with details.single_folio)... > } else if (is_hwpoison_entry(entry) || > is_poisoned_swp_entry(entry)) { > @@ -4005,6 +4013,10 @@ static vm_fault_t handle_pte_marker(struct vm_faul= t *vmf) > if (marker & PTE_MARKER_POISONED) > return VM_FAULT_HWPOISON; > > + /* Hitting a guard page is always a fatal condition. */ > + if (marker & PTE_MARKER_GUARD) > + return VM_FAULT_SIGSEGV; > + > if (pte_marker_entry_uffd_wp(entry)) > return pte_marker_handle_uffd_wp(vmf); > > -- > 2.46.2 >