From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA3A3C36010 for ; Fri, 11 Apr 2025 06:53:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 15A8928017C; Fri, 11 Apr 2025 02:53:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0E1BE28016E; Fri, 11 Apr 2025 02:53:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E596E28017C; Fri, 11 Apr 2025 02:53:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id BDA6F28016E for ; Fri, 11 Apr 2025 02:53:37 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 82B0DBC5A4 for ; Fri, 11 Apr 2025 06:53:39 +0000 (UTC) X-FDA: 83320847358.05.C6A6880 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by imf29.hostedemail.com (Postfix) with ESMTP id 90F5C12000F for ; Fri, 11 Apr 2025 06:53:37 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=BoWCkce1; spf=pass (imf29.hostedemail.com: domain of npiggin@gmail.com designates 209.85.214.173 as permitted sender) smtp.mailfrom=npiggin@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744354417; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=q0GUgempXeR1Ai6jdCUdrwnFpwuRrrfXxvPcXnoqanQ=; b=j3+Uc5/DbCBDXWiSI237QG9zpcSGYi3+wNJRpBBzEmNjsLf81ox5EWHAYESZ/YZDY2/Cb8 z/Y8GMXHp2pYF4QTiGkKNcpJxG6x5g9+P4RxqiFwA4MY0IPXRyZUqgnaEKWQ8t7EV97M7u +pySRQaTvP7vvk6f1vrRbwBO635bSiU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=BoWCkce1; spf=pass (imf29.hostedemail.com: domain of npiggin@gmail.com designates 209.85.214.173 as permitted sender) smtp.mailfrom=npiggin@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744354417; a=rsa-sha256; cv=none; b=2RLyXSt2QZozpzu+LNpb/Kf/+iPBONy8yxrAzyMjz9rIdDwV6otoFCp6x2eHjQE/sHxbZS F/fE/aL6CIF8Ix4wm/uVqffeTmtU6IDjUid+WcKBgV7CfuaiOpn6IwVn/67IXoOvFZOSg/ 30jpmxM3NYSQPn+vRqlhd2q8NpkP5y4= Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-2279915e06eso17516645ad.1 for ; Thu, 10 Apr 2025 23:53:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744354416; x=1744959216; darn=kvack.org; h=in-reply-to:references:subject:cc:to:from:message-id:date :content-transfer-encoding:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=q0GUgempXeR1Ai6jdCUdrwnFpwuRrrfXxvPcXnoqanQ=; b=BoWCkce1kFbe+FZiA3AatmbJAYOrYry7qCql2ppROnasyFwUy7kmIjxOZKgPccThDJ 6YH0R+ItAJHJS1jYFahkOBw08/dfkZI9hMe3OlrRYAEa+63m6TLXNpD/Cmc5RkNivVcg EHLmaYuiFbwgcbyv5BukSv87WdXxfpiA4YoBcHJqiCcHBc9WqHz42+wWUY9+Mij6FZW9 /lBwVJt3OnImfg3PHLkb0spI2ttJW4Z4Aah92XInlYKc8cho2cz7DIAyM+IPycNr2NCZ dU8SNcHHCu49zkHYkHhXPQeXh1ckGlK6d03WPlHMrVwaaYBwifJTQyrK6Efqdq9IiRe+ SnqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744354416; x=1744959216; h=in-reply-to:references:subject:cc:to:from:message-id:date :content-transfer-encoding:mime-version:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=q0GUgempXeR1Ai6jdCUdrwnFpwuRrrfXxvPcXnoqanQ=; b=KYJpr2uUaee/tL5IEYeoomcfcbWLaZrqMmwd0puk/fbcqT6Od/hMo/46d/jIkJHRKk u5VyQFT9lCF9PJpuC5atSPGOHSnswLepVBOQhxW6LrPnhiXob5lbJmaO3oN65hnWSTmB aCwWpT80i2fypuC75cL/jZ4yxd/yiLngIxv1R1z7TK/ofN1zCF3E05iNFYrc9nb/dV2k ZUz0taTQxpy9wA9z390uYhPd7oH2sZlJT1wipjU4bDrKsXTEU7d1+w+EcgTaKDJ2+6vs eNFPC98Q05I21ZF0PYpJsZ3fRtbzWf72CUu1fIFAURbe69DJaHzZcYGjmPkBMdejPZcf rWmg== X-Forwarded-Encrypted: i=1; AJvYcCVtCZfiLPgFDabGxVA54azo3W2jRrbD2rKtvWrrLii/vA96+wEEfQcWgOre+Z1eVnitI2CXj3rwBw==@kvack.org X-Gm-Message-State: AOJu0YxfH/RSoL25BMiwq3/1GZEaJ99enRMmc3pFjV5DI1kPITZms4i4 UwM7Fan/Qu5z0/C3W67yze3rxFPA8d2UswhWlX0rY/Vmaj9eoQmn X-Gm-Gg: ASbGncv/f9kWFmGFtlkLuuth33N+S4S1HcmAtKauYJRaMVnwf3YsqMkCeyC/TtAVkjy IWJur3WLr37y8P177y+kOXxeqeDJkxpyn7TjaMwDXh8DRZdxk/PTvq3AcOu4Kr/tAWYJz3z8wI5 iE4/Z/SCZ8RPzm8KAeZj9pRKcusBlQbOV3LSjfmiW1r2HCw2kkyXEy00nr/clYV6RSdc6nx/9Ep i7d3FtwkIQHZoiKe0BcEq70m7GbX1RqVfZVMMi3dcKesbzQKmmAmVuUoqMsD1kJCYEkx+Hh1GA4 +uGvr30MahGFG6P0/r0LRa7d3hOFhNMdHQ== X-Google-Smtp-Source: AGHT+IGl0nL5wKmwFlWsQ9ssGXCB2kOLf/x4PGlQUnJhSihZMIEaJP/+c7G4d96OdeU+R8O+pnzM/Q== X-Received: by 2002:a17:902:cec4:b0:224:e33:889b with SMTP id d9443c01a7336-22bea4ade03mr24590165ad.12.1744354416369; Thu, 10 Apr 2025 23:53:36 -0700 (PDT) Received: from localhost ([220.253.99.94]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd2333841sm728200b3a.160.2025.04.10.23.53.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 10 Apr 2025 23:53:35 -0700 (PDT) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 11 Apr 2025 16:53:29 +1000 Message-Id: From: "Nicholas Piggin" To: "Alexander Gordeev" , "Andrew Morton" , "Andrey Ryabinin" Cc: "Hugh Dickins" , "Guenter Roeck" , "Juergen Gross" , "Jeremy Fitzhardinge" , , , , , , , Subject: Re: [PATCH v1 3/4] mm: Protect kernel pgtables in apply_to_pte_range() X-Mailer: aerc 0.19.0 References: <11dbe3ac88130dbd2b8554f9369cd93fe138c655.1744037648.git.agordeev@linux.ibm.com> In-Reply-To: <11dbe3ac88130dbd2b8554f9369cd93fe138c655.1744037648.git.agordeev@linux.ibm.com> X-Rspamd-Queue-Id: 90F5C12000F X-Rspamd-Server: rspam05 X-Rspam-User: X-Stat-Signature: xkur8t4xpr4qthnmfafcx9d66dnsdzi6 X-HE-Tag: 1744354417-276030 X-HE-Meta: U2FsdGVkX1+1CcLVTSh7MycLZmKacHv5rXOjAVtvuQVxXolwdi7S5SluSTl8o1rebyA4Pe8LW95PouxmwgDyUQNdpDpjqs6os1mPEEW4u8VufksXNicFRJf0EaC9HZEmTa/aKkp2PAtgTKa3iPwQtWxE01tO8bLtnQZWxFlMkS3U2wP3Du2bKSK2hR7v+oXbmvrYOJ0siCQN1alU7NsXhgjqHjmNXNlGTjGyt9DG5+e2vW/wr1aB5J/xX2xLP/R9HRZBiMsEulDxBeB5nZwe2uag1tEwFfOma+w+SkPLytXIgGYVdpAQBrMB3tm3HsXAXsKe8hppa2MiguhVQvPW9Kn7Mml3HtQLQFLfCoSI3DP5QJhuOQgYAFM/t4LV1jOD76oaa+tCkMdjn1pGmqwLtMXSDfZv7+2b54uccZ69gLeeScd004x9uxkWTSb+/38Ci3K2kHKaWk3R8eKAIdP/8gWbhQIQDhz8dc03htBzDYj6So3SEkV9c8EWiiy+3yHjSOa+QGJUlD5MdcyMDK2IclgnOWcXOGE4h0Zc8eM4NAvadUSAGmhqe0yzyWftWUNY8sHU701a2MBZt0mTgWPI+zOVEtvTFvJNaXliC5TBlQPdwLvP8hb5/GI5qcig6OowVHYievwjG7WdHEG0BV3DkBtG2RGDqvC13mzUDVU0Se9t7sbuJhWUP+41bi8I2fN2vuZpthTbBtqqIUuanjmScYu0YOfUj40RSmOx+Ze161uVRSHe0n38u6I75kZPyE4OrRIf5fBr68rXJFdjz6DweNkP+N88c8gTmhI4iGifJBsG8rbx9/6y6gFnLWfKGiiMorox/L28ixKb48oiFBzntEZDNGzkEoS4i3csiPJ6yCKSoZQMFvnVy7umok/NALK0XLXh5TDLXh+BmhfwXkhzVOARD2AlsG95NgeEqlSaHVucQxg7I8f/6AP/fhX8RYlELGgysDjCKzQsyqEPKTc jlKHFbkc mIdAEvV8nw6ZRJG87crjsNMtJLNEonvYdQW4mLCaQ++gJMGKIoaKsF3MQC2JaX0E0Oepva/9NiWxROimKHLm226YqZ3eJPz7KehjKQcdgKQJoC+FLOApf4+cuhtnprQgw1p6XrVPQ1yNOVlVexdmqt/EEXsNpr9cUKT2vzHuN6s80ug2nZ6pWUsWg1+GURkM5g+mQQ+iZ5UJlJ0snXB7Dc15ImEmuWXys+OvvkIJ1H79/lal9Dt2SvSzdrMvyXCdg4pfTMEzKV6oon8bXoi183jsVIyvL2aSVqCKnkJHn8b8CxFq8GCatglnEM7hL3W22uJrrgkHsJ5dt+SHdyMA01W3cNJuhHKeo7Gez4/k7ecOIBx8Z5PIr+2k2zitfXy+tahsl4e+9TJpxqIuTLDiivH9SJycqWckub7XlcIM9Z+NeZkodUhBlH/yV7TXoLJiurAhcJAtansmzzZoYSkualuB9hZKLq8Rkla9LoAH2/4sN3cl39g6zMHPL8Ya6gbEkUw+cX4XetRTyaz117E7u2fhtv+OH4vEcmB+dpJY0Cqw/3QG+z7hd2QNsmHINYgiQ0kdxugLbwKBpHLhpPaBV86w87eBdrrzDSoA7 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue Apr 8, 2025 at 1:11 AM AEST, Alexander Gordeev wrote: > The lazy MMU mode can only be entered and left under the protection > of the page table locks for all page tables which may be modified. > Yet, when it comes to kernel mappings apply_to_pte_range() does not > take any locks. That does not conform arch_enter|leave_lazy_mmu_mode() > semantics and could potentially lead to re-schedulling a process while > in lazy MMU mode or racing on a kernel page table updates. > > Signed-off-by: Alexander Gordeev > --- > mm/kasan/shadow.c | 7 ++----- > mm/memory.c | 5 ++++- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c > index edfa77959474..6531a7aa8562 100644 > --- a/mm/kasan/shadow.c > +++ b/mm/kasan/shadow.c > @@ -308,14 +308,14 @@ static int kasan_populate_vmalloc_pte(pte_t *ptep, = unsigned long addr, > __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); > pte =3D pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); > =20 > - spin_lock(&init_mm.page_table_lock); > if (likely(pte_none(ptep_get(ptep)))) { > set_pte_at(&init_mm, addr, ptep, pte); > page =3D 0; > } > - spin_unlock(&init_mm.page_table_lock); > + > if (page) > free_page(page); > + > return 0; > } > =20 kasan_populate_vmalloc_pte() is really the only thing that takes the ptl in the apply_to_page_range fn()... Looks like you may be right. I wonder why they do and nobody else? Just luck? Seems okay. Reviewed-by: Nicholas Piggin > @@ -401,13 +401,10 @@ static int kasan_depopulate_vmalloc_pte(pte_t *ptep= , unsigned long addr, > =20 > page =3D (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT); > =20 > - spin_lock(&init_mm.page_table_lock); > - > if (likely(!pte_none(ptep_get(ptep)))) { > pte_clear(&init_mm, addr, ptep); > free_page(page); > } > - spin_unlock(&init_mm.page_table_lock); > =20 > return 0; > } > diff --git a/mm/memory.c b/mm/memory.c > index f0201c8ec1ce..1f3727104e99 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -2926,6 +2926,7 @@ static int apply_to_pte_range(struct mm_struct *mm,= pmd_t *pmd, > pte =3D pte_offset_kernel(pmd, addr); > if (!pte) > return err; > + spin_lock(&init_mm.page_table_lock); > } else { > if (create) > pte =3D pte_alloc_map_lock(mm, pmd, addr, &ptl); > @@ -2951,7 +2952,9 @@ static int apply_to_pte_range(struct mm_struct *mm,= pmd_t *pmd, > =20 > arch_leave_lazy_mmu_mode(); > =20 > - if (mm !=3D &init_mm) > + if (mm =3D=3D &init_mm) > + spin_unlock(&init_mm.page_table_lock); > + else > pte_unmap_unlock(mapped_pte, ptl); > =20 > *mask |=3D PGTBL_PTE_MODIFIED;