Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1850310imm; Thu, 24 May 2018 01:40:50 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq0VmdOeYz9+k04OTpsK8FCUnbpUrg7dIIHaODXLNSEr2ih4DBmcjVuhGXaM7EEcTnhjf9b X-Received: by 2002:a62:8ac1:: with SMTP id o62-v6mr6331184pfk.141.1527151250697; Thu, 24 May 2018 01:40:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527151250; cv=none; d=google.com; s=arc-20160816; b=RAAhRjBUizkvHUXJco7vSE1jWZCVBByPioLkWyAIP9bCg5wUfp4dtsD1rTUFdPqd/L PAxRtREggCG+4ZCWuhGZImLmo2Mp1YXJhKjt1zcG08L1TSddhiD1NCBodMH9axrUPX5p L9CnszOve0SXFmjOhM8buv7i4q3XGG7xTaH87s2SmrCGDl8u/IGAT5McJh89lnyv/6no AwrvM4KccSbDFEE0n0Y9gA2cPKAMA4ZHT/lUUsPMBysX6cPhzzwDbnrAx5S5ejNXUrvn KJOAT2RFR741FWzp7UW/iddAySR6a1FCYIrCpX4yZu0JBpif4ocvaDqNt/mFI08Y5HxK ysVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=vTjDrn++c6pRhOjyu9UMXP85P9NT74TloNweNYJOuH8=; b=ZKcU2uizrXXXYwU2qPeVj2c//rQZDePhoWffnCSaHXayeuKHB+ywI9fmf9ezd0vbkl BH718wI2hpuc0LEy1cNRsWYw3EV7XidOBH4p+CuXmOXXjLTVeolcue86i+PG+6QD7mZf Y+Nr9KrFGkzmFkh7PPG5PWN1BO5Jo9PlcpubazkMTIe4Jym7nFQ3xKtTyJpFa/Op3kk0 wX7SDYf5BkogM0eGsTJYj7CcGSDnRqk8wZqkytyCwKcRHG4Bscq1vgwiYdeMSJkmBpnI 07nhPVeivX9bQlZoPZq4WZtq/Y8YbNARIiL++MihuOt3MD0w5B1g5qCd3GDmsgyq3rC7 Jt+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lQkcvOmm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z30-v6si20206868pfg.266.2018.05.24.01.40.36; Thu, 24 May 2018 01:40:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=lQkcvOmm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965466AbeEXIjD (ORCPT + 99 others); Thu, 24 May 2018 04:39:03 -0400 Received: from mail-wr0-f194.google.com ([209.85.128.194]:33833 "EHLO mail-wr0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965042AbeEXIi6 (ORCPT ); Thu, 24 May 2018 04:38:58 -0400 Received: by mail-wr0-f194.google.com with SMTP id j1-v6so1533120wrm.1 for ; Thu, 24 May 2018 01:38:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vTjDrn++c6pRhOjyu9UMXP85P9NT74TloNweNYJOuH8=; b=lQkcvOmm29hq1wLvQP2JHmxWhHa2fR8U86KKtkB/CsYzXm87za6HtnBuAsRN8uiWq0 dmGZ+BX3zFHZ1l7Sx65lSM4TH5dRsl9tR9FD4x6YWvsObFswcckJrKvch0dPfKqfaZXi m369pjuvRc3XfeH97hGAfaX9GjSjWP/8uN+UZIiWbEya7B/DKoI+L0ENZwk5AuKDEtrn lPhqzInBH4ik5cfA1zrwq2AMkyBIUyfbVfTwfcx6xcPScNbF7q6yeYqsaUXbrtlBhCJC 9/P8oCXVAKJ6/l/AXeOCJJG8ctmbW3yhT375V+lHhjV/xFAqM1/SnMFGVuUSfpehVB3H 66Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vTjDrn++c6pRhOjyu9UMXP85P9NT74TloNweNYJOuH8=; b=TNyDMw8vcb1Mra9w3abnP0R5t98ima0+p61L/hd7KyAmlf/vKf0qq0Jif3pPT8hLbe ANhobL9QKcDD9Fy5pEeLKiN0QIy77YlnFF6usTMcWdEYWVe7hIjInrGmt1LuwgQ9rjEn CJ+OW16k1NXqFcc8FwzStBd5HoCO5RrS1uwhRPadNhxwjxeagQXIIDoWUcixhvzqaWbY U7lklIUCRrYX8ieDIAPv9tQyngHuLsXgPG7q9Gf3By99iax/uP1lwlIO3fUyU27PxpHQ uf4bdGgJ4gGmQylO5qz9ei6lp3YZaFNW+aWJzy5/FRmmnN9wO5HQMEeEqhBEgIWQ2UYl LTAw== X-Gm-Message-State: ALKqPwdI/QipchlO34strWDwIseznWlvVEhtM1wt/jkN1gsYYYxBD3Bi j9fjA5oPMEc5TFJbxLnoDRsWcFEiMev2mIFbG05cAUYU X-Received: by 2002:adf:b456:: with SMTP id v22-v6mr4937036wrd.67.1527151137456; Thu, 24 May 2018 01:38:57 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:8446:0:0:0:0:0 with HTTP; Thu, 24 May 2018 01:38:56 -0700 (PDT) In-Reply-To: <20180523184346.487-1-labbott@redhat.com> References: <20180523184346.487-1-labbott@redhat.com> From: Peter Robinson Date: Thu, 24 May 2018 09:38:56 +0100 Message-ID: Subject: Re: [PATCHv2] arm64: Make sure permission updates happen for pmd/pud To: Laura Abbott Cc: Catalin Marinas , Will Deacon , Ard Biesheuvel , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 23, 2018 at 7:43 PM, Laura Abbott wrote: > Commit 15122ee2c515 ("arm64: Enforce BBM for huge IO/VMAP mappings") > disallowed block mappings for ioremap since that code does not honor > break-before-make. The same APIs are also used for permission updating > though and the extra checks prevent the permission updates from happening, > even though this should be permitted. This results in read-only permissions > not being fully applied. Visibly, this can occasionaly be seen as a failure > on the built in rodata test when the test data ends up in a section or > as an odd RW gap on the page table dump. Fix this by using > pgattr_change_is_safe instead of p*d_present for determining if the > change is permitted. > > Reported-by: Peter Robinson > Fixes: 15122ee2c515 ("arm64: Enforce BBM for huge IO/VMAP mappings") > Signed-off-by: Laura Abbott Tested-by: Peter Robinson Tested on Macbin, mustang, pine64, RPi3+ and db410c and fixes the issue I saw. > --- > v2: Switch to using pgattr_change_is_safe per suggestion of Will > --- > arch/arm64/mm/mmu.c | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index 2dbb2c9f1ec1..493ff75670ff 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -933,13 +933,15 @@ int pud_set_huge(pud_t *pudp, phys_addr_t phys, pgprot_t prot) > { > pgprot_t sect_prot = __pgprot(PUD_TYPE_SECT | > pgprot_val(mk_sect_prot(prot))); > + pud_t new_pud = pfn_pud(__phys_to_pfn(phys), sect_prot); > > - /* ioremap_page_range doesn't honour BBM */ > - if (pud_present(READ_ONCE(*pudp))) > + /* Only allow permission changes for now */ > + if (!pgattr_change_is_safe(READ_ONCE(pud_val(*pudp)), > + pud_val(new_pud))) > return 0; > > BUG_ON(phys & ~PUD_MASK); > - set_pud(pudp, pfn_pud(__phys_to_pfn(phys), sect_prot)); > + set_pud(pudp, new_pud); > return 1; > } > > @@ -947,13 +949,15 @@ int pmd_set_huge(pmd_t *pmdp, phys_addr_t phys, pgprot_t prot) > { > pgprot_t sect_prot = __pgprot(PMD_TYPE_SECT | > pgprot_val(mk_sect_prot(prot))); > + pmd_t new_pmd = pfn_pmd(__phys_to_pfn(phys), sect_prot); > > - /* ioremap_page_range doesn't honour BBM */ > - if (pmd_present(READ_ONCE(*pmdp))) > + /* Only allow permission changes for now */ > + if (!pgattr_change_is_safe(READ_ONCE(pmd_val(*pmdp)), > + pmd_val(new_pmd))) > return 0; > > BUG_ON(phys & ~PMD_MASK); > - set_pmd(pmdp, pfn_pmd(__phys_to_pfn(phys), sect_prot)); > + set_pmd(pmdp, new_pmd); > return 1; > } > > -- > 2.17.0 >