From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6808EE7FF4 for ; Mon, 11 Sep 2023 13:26:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A4436B029D; Mon, 11 Sep 2023 09:26:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 42D606B029E; Mon, 11 Sep 2023 09:26:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 31C006B029F; Mon, 11 Sep 2023 09:26:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1E8136B029D for ; Mon, 11 Sep 2023 09:26:24 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E025D14063B for ; Mon, 11 Sep 2023 13:26:23 +0000 (UTC) X-FDA: 81224390646.19.3F2F777 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf13.hostedemail.com (Postfix) with ESMTP id 38E1C20027 for ; Mon, 11 Sep 2023 13:26:18 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=lrewdIRI; dmarc=none; spf=none (imf13.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1694438781; a=rsa-sha256; cv=none; b=doiDNdCnK506/sK8VL2501UgWF7ATJHkW3YDMwmX+AGcGPVIQQsHsNIYQ/ImBMzrCpYMWx SDW7ZSFn2kTmIpRkqiOztPby8wDHnOFj44tGqBdmyEZEWATH4oEFLDoCanCwSn0X+tQ/TX mZyegfGKZFVgl6ruas4syq/wKWtWW7E= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=lrewdIRI; dmarc=none; spf=none (imf13.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1694438781; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wP2szp+jTJIKevwc9pquiJB7kq4tgwrIrdBfL9KhesI=; b=uQf7RTgyNe5pCK8GyfkTrJCtF4i6OruOiZJJrPYTbjPE7e7pPSQzy0bZiHi/eQkS3HbgIf 543TArXSX0UlG/xj2TW5c41YZXopbseFleWdYgppGzEuOedamxfiU7zXFgj6++z19xg9ev N0WWC+Vya34OvdhtdIcj9UDzsM4DKDg= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=wP2szp+jTJIKevwc9pquiJB7kq4tgwrIrdBfL9KhesI=; b=lrewdIRIPHPn8jO9o3Fn8lvuCP yr2rJ8jaFXmcwzxMr992lqRtIAzooIp9PpHQkm7XHNcpaKrqwKRcU+iHuK5LqPANbUwCaALX4lCC0 Ibei47n8NhtoBox7CLCEjdgzKpUt93Y/lNyfbRjES32NgaTh621eDQlAsHYa+etoEwhqkiEXYyFS8 tVSwqM/7WRZcfoE5c57p9ZLacVT6c8ZuLzE4Y+LI6xU2RwAnSBgwH+DSrMuPp0+hy0QmR+7z9BMcC mWTMASMYPcG3U1UxbEXaTltDZAcVkIy3qyqFB9GEKegemZhww1KqvZ5iLIi+lMfksZ3Cqo0BritQ2 lZMsNzkQ==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1qfgvZ-001AmI-Ky; Mon, 11 Sep 2023 13:26:09 +0000 Date: Mon, 11 Sep 2023 14:26:09 +0100 From: Matthew Wilcox To: Yin Fengwei Cc: syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] BUG: Bad page map (7) Message-ID: References: <000000000000d099fa0604f03351@google.com> <0465d13d-83b6-163d-438d-065d03e9ba76@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0465d13d-83b6-163d-438d-065d03e9ba76@intel.com> X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 38E1C20027 X-Stat-Signature: 1wrh7mtd8gcwew89ztpx44shh5fsr3au X-HE-Tag: 1694438778-120932 X-HE-Meta: U2FsdGVkX18wYjN7CAlEeiut57GHOpTxKIL+Md1OGnohyXCZvuBcbPJH/WwIAZ4sfHxr3wpyY0YehhQZ+YYHvMsSoc74npPXL3V7KwBLEfuQkU7zC1gBue8Ao2pZyo5IkAeNpYA0ScpT6QGGqzTGQpOZRDW4o0nRcK7eBIVBCCLTOOcJubfnb0k7wVgsxN65Q4Qcs807ybswfoy9EKNV12M4ujA0cVYe9VWx8jQkGSN/G2pSPwVBgQpYmg+UJb82dYgufcLC4JUd9uf3l7pc/2fFnNRXYVypNrgQ1Gh8J8Bq0hIZjpgzn8rPgnfQWBR9ORyNizy0LFSr3be49LNt4986HCIQRayMQAHw6YLdyn0i1WihHXJkNOvOwrEOuv6aAcNp5jVoBWsFnY8RNOdPpi7+T0VrSEvAQFxcksM7Gv6KWpL4tc4jqsSayy4op6dvnQ/6T5eXXmMzSILmfYSykg/05w02U42lSYA026NbIYrkz5oJ8N2CU3i9HRgF0aawkUt4LoBbCHOsXW9Gcdp5XBFYVdLprkk/hT8exyoQh7daSM42FkKYfF077Arh/avcBrzqmmv8qXKhzAeLe1c5F7JwYLsw010QLOJcbQe232izN3xm2spMXhdObVIvVSXqohvBORspWZxrcP2zoDj+K6xhrcAbOGGWWFkGeWOMnG3qjSLkDFZi6x/M4qLXN9jf1GjOnkzZAufrWU6aIOqW9NVxrXhjq+ZwpxjijQcD2mi9xcE0ydjijB+6aTQa9QEE9yPbuSMV+/hI3WHfaM9aKwP5KO4WXyINW0iQUf0nqXaaqeLG+1kqhVVXtUokfXzvFV4AIFv1horJK+x2Mxjyty2SO6WUB+ysRe11nNgDfx/XjrrtLvpOULgCqUB/ZXOWKXSZSux93G7CDEmYCW2fT9WakQjuQwqU6z4PJFUNini8nwhGtJiYfgjElOmweccxguQhKHFf1xFyp0noNE8 xCiK0oB7 rHNAgUONn6mlAaiT3NopLB0QG9nsleOiFGq+dPuFeFy8Sf4ZQcL2jgxr4msqHFbxFxjs/bMLlMroiS6kvOz7mdQA/jssgMlmrCNKINxw9xfEvKMmhgqcQIFDB4Sbkwn+9tqH+zebPTb3WSHGlQqv3YMLUmmwLra9ilSm9Ul4lmRe2TbYAnN6beHLmSIgPYazYgsAxOAlwRw9QbhPM2GQkR1o5dKI/piJGiZDM42Pk7t6L4xVeLN8qVAq8P18rTC/ar3AUi5eHWbkIf9RTIxnYseiQaA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Sep 11, 2023 at 03:12:27PM +0800, Yin Fengwei wrote: > > +static inline void set_ptes(struct mm_struct *mm, unsigned long addr, > + pte_t *ptep, pte_t pte, unsigned int nr) > +{ > + bool protnone = (pte_flags(pte) & (_PAGE_PROTNONE | _PAGE_PRESENT)) > + == _PAGE_PROTNONE; > + > + page_table_check_ptes_set(mm, ptep, pte, nr); > + > + for(;;) { > + native_set_pte(ptep, pte); > + if (--nr == 0) > + break; > + > + ptep++; > + if (protnone) > + pte = __pte(pte_val(pte) - (1UL << PFN_PTE_SHIFT)); > + else > + pte = __pte(pte_val(pte) + (1UL << PFN_PTE_SHIFT)); > + } > +} > +#define set_ptes set_ptes Thanks for figuring this out. I don't think I would have been able to! I think this solution probably breaks pgtable-2level configs, unfortunately. How about this? If other architectures decide to adopt the inverted page table entry in the future, it'll work for them too. #syz test diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h index e9482a11ac52..a89be3e9b032 100644 --- a/arch/x86/include/asm/pgtable-2level.h +++ b/arch/x86/include/asm/pgtable-2level.h @@ -123,9 +123,6 @@ static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask) return val; } -static inline bool __pte_needs_invert(u64 val) -{ - return false; -} +#define __pte_needs_invert(val) false #endif /* _ASM_X86_PGTABLE_2LEVEL_H */ diff --git a/arch/x86/include/asm/pgtable-invert.h b/arch/x86/include/asm/pgtable-invert.h index a0c1525f1b6f..f21726add655 100644 --- a/arch/x86/include/asm/pgtable-invert.h +++ b/arch/x86/include/asm/pgtable-invert.h @@ -17,6 +17,7 @@ static inline bool __pte_needs_invert(u64 val) { return val && !(val & _PAGE_PRESENT); } +#define __pte_needs_invert __pte_needs_invert /* Get a mask to xor with the page table entry to get the correct pfn. */ static inline u64 protnone_mask(u64 val) diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index 1fba072b3dac..34b12e94b850 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -205,6 +205,10 @@ static inline int pmd_young(pmd_t pmd) #define arch_flush_lazy_mmu_mode() do {} while (0) #endif +#ifndef __pte_needs_invert +#define __pte_needs_invert(pte) false +#endif + #ifndef set_ptes /** * set_ptes - Map consecutive pages to a contiguous range of addresses. @@ -231,7 +235,10 @@ static inline void set_ptes(struct mm_struct *mm, unsigned long addr, if (--nr == 0) break; ptep++; - pte = __pte(pte_val(pte) + (1UL << PFN_PTE_SHIFT)); + if (__pte_needs_invert(pte_val(pte))) + pte = __pte(pte_val(pte) - (1UL << PFN_PTE_SHIFT)); + else + pte = __pte(pte_val(pte) + (1UL << PFN_PTE_SHIFT)); } arch_leave_lazy_mmu_mode(); }