Received: by 10.213.65.68 with SMTP id h4csp924345imn; Wed, 14 Mar 2018 04:29:43 -0700 (PDT) X-Google-Smtp-Source: AG47ELv7IAZjGlQw2hhgPLWKSGen0Qi8Nt9oCnH54v5HWClvzl3gr92mbSmHLJkQGos/80TOqd0P X-Received: by 10.99.176.15 with SMTP id h15mr3402509pgf.448.1521026983331; Wed, 14 Mar 2018 04:29:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521026983; cv=none; d=google.com; s=arc-20160816; b=wVRgTOnNt9x5PrelkaSLNJ4u7GzWDSzBchdvCdpD4H9V6oMCkEbNXrOUKxmT5flLui eswtZpp9SM5Hk6QyVQX+GsjIMqLRCmaOVkrDVFZwm/z59VwxXo4eeT6EhHeutJ4CHyuS tPgyW6OC4g49RwJp6vkRP1XrYF84lJ9jLTeHBvzSvWDNM3bQXF1OLzWn9JFUQVWqFE5N GLcDHxA+rH1t/JjfGYG7Cq1XInZqRHCHo46uz76fkqpI4pws+4pqffjxIH04jWPkxtZF nJZYQQJkE5WeMCVF6z9VSLsTQqK9gi2SK+RGWbGmoy4e/PP8CsQPtsFcuE6HKPMYLjCw 1pMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dmarc-filter :dkim-signature:dkim-signature:arc-authentication-results; bh=dJ+CaBsHy7yIpc6EyR12SbpkF4nw4MLq2jIEeX2tlkc=; b=GuoTZTCheRE57+2/Wle+LCgFtHF6s5e8l4Ku3ubhLkwzPi5Sick8AWVjK1JmkaQptL zkQS+b9v02Y67jdRJX0gOt+MqsFnDGIwCBMYtR7RDg9TogDlfgvOEpEnO3CMzFjdC2Xp aNZWj8DIP94FU/p25ABPPAN8AW2GKoYneSvLdYZyLP0Uz9gRurDxCtjP1aVqXi6YXIlf cZ0LqKQDtX2GTFttZA4nwhS+/OzsbT3zmjW8fV4myWpA/n0AOwOdDj+Ag6Ml2KQk5ZF3 RJWcqj9uGh/smZNER7z3lHn/ABKSKKcDoGv3SyqyVbclwtNOfsthVxwcmhPkc/aIKahU fZmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=Oo8VJ9NJ; dkim=pass header.i=@codeaurora.org header.s=default header.b=KlMBPYHb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si1708528pgc.72.2018.03.14.04.29.28; Wed, 14 Mar 2018 04:29:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=Oo8VJ9NJ; dkim=pass header.i=@codeaurora.org header.s=default header.b=KlMBPYHb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751971AbeCNL1m (ORCPT + 99 others); Wed, 14 Mar 2018 07:27:42 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:59344 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751370AbeCNL1h (ORCPT ); Wed, 14 Mar 2018 07:27:37 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 5B4156084A; Wed, 14 Mar 2018 11:27:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1521026857; bh=QCOMaM96MjbnQJehNVYiOzJBB6+Jbi2MTLQ7u4sQe88=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Oo8VJ9NJUHG05knSGY4ijkV8mfN/mIKBUm78sQKQRe/l2TmsoVJ/giQth+smSg4pU x8JkYAI84tbXqwh7FP4rvNECfLFvvCMsMDXE9zAUhTP3K6tHrl88oYz+Qz5nsg5866 fl21ZC4GQ7liCga6QIMonBFy7I6+WIFikdxMI4Tw= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from [10.204.79.109] (blr-c-bdr-fw-01_globalnat_allzones-outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: cpandya@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 06D4D60390; Wed, 14 Mar 2018 11:27:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1521026856; bh=QCOMaM96MjbnQJehNVYiOzJBB6+Jbi2MTLQ7u4sQe88=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=KlMBPYHbiry4SjpaIiKdBUEAuuN9FmbI9FvDwinVX8bPZXSHq2loBt1LbT36ybZdL gl5VsotuPlfKr5SbPuF/zBO+DH97BQQNHms5uUXnS+Ks6/iiXd7uIj2MxebOFzVjzH 8wEdWxxjuGsXYowexnyixXB67NCJhYjddwNM8pQw= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 06D4D60390 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=cpandya@codeaurora.org Subject: Re: [PATCH v1 3/4] arm64: Fix the page leak in pud/pmd_set_huge To: Mark Rutland Cc: catalin.marinas@arm.com, will.deacon@arm.com, arnd@arndb.de, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, james.morse@arm.com, kristina.martsenko@arm.com, takahiro.akashi@linaro.org, gregkh@linuxfoundation.org, tglx@linutronix.de, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, akpm@linux-foundation.org, toshi.kani@hpe.com References: <1521017305-28518-1-git-send-email-cpandya@codeaurora.org> <1521017305-28518-4-git-send-email-cpandya@codeaurora.org> <20180314105343.nxw2mwkm4pao3hur@lakrids.cambridge.arm.com> From: Chintan Pandya Message-ID: Date: Wed, 14 Mar 2018 16:57:29 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180314105343.nxw2mwkm4pao3hur@lakrids.cambridge.arm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/14/2018 4:23 PM, Mark Rutland wrote: > On Wed, Mar 14, 2018 at 02:18:24PM +0530, Chintan Pandya wrote: >> While setting huge page, we need to take care of >> previously existing next level mapping. Since, >> we are going to overrite previous mapping, the >> only reference to next level page table will get >> lost and the next level page table will be zombie, >> occupying space forever. So, free it before >> overriding. > >> @@ -939,6 +940,9 @@ int pud_set_huge(pud_t *pudp, phys_addr_t phys, pgprot_t prot) >> return 0; >> >> BUG_ON(phys & ~PUD_MASK); >> + if (pud_val(*pud) && !pud_huge(*pud)) >> + free_page((unsigned long)__va(pud_val(*pud))); >> + >> set_pud(pudp, pfn_pud(__phys_to_pfn(phys), sect_prot)); >> return 1; >> } >> @@ -953,6 +957,9 @@ int pmd_set_huge(pmd_t *pmdp, phys_addr_t phys, pgprot_t prot) >> return 0; >> >> BUG_ON(phys & ~PMD_MASK); >> + if (pmd_val(*pmd) && !pmd_huge(*pmd)) >> + free_page((unsigned long)__va(pmd_val(*pmd))); >> + > > As Marc noted, (assuming the subsequent revert is applied) in both of > these cases, these tables are still live, and thus it is not safe to > free them. > > Consider that immediately after freeing the pages, they may get > re-allocated elsewhere, where they may be modified. If this happens > before TLB invalidation, page table walks may allocate junk into TLBs, > resulting in a number of problems. Ah okay. What about this sequence, 1) I store old PMD/PUD values 2) Update the PMD/PUD with section mapping 3) Invalidate TLB 4) Then free the *leaked* page > > It is *never* safe to free a live page table, therefore NAK to this > patch. > > Thanks, > Mark. > Chintan -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project