Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp901503pxb; Tue, 14 Sep 2021 11:08:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzPTkKARCFpKWVraIM9aLPLyZxm3XBkd0BjYIWh+nS8U0inll3idYpkjHfpCjc2zSCJ2XKx X-Received: by 2002:a2e:b014:: with SMTP id y20mr16485728ljk.311.1631642921275; Tue, 14 Sep 2021 11:08:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631642921; cv=none; d=google.com; s=arc-20160816; b=TuR8ZQ99FnWXTzW0D2DJZvSU9BVxzGDm/Ezg0juP8FkQ4V90iFOYN8iTiedsTkv//A cvQTEuPmX7AYp4l+AGWZNGIvuDGeNiIc5txCXwC6rATXMgiW5I9dxs10Ih+wsE8jNF1j UjeLodTG4+T46uTIZY5H4Dr3K3exiPF+5lFWHH3/RQ9AsikV+cS+b/pkGUEh3+rmii/k MAtVFZ9nIl8A7EtAZq4ardTd8Qb9MvCBH1/LQoUY+fdPKTWK/LeqUnikSMtlVhRtNlPN LOnbsL8DGmNVL5yWW0ggp6/QxzOmqUuiHc69r9pZYGEano5HaZHxQ6a/G65ysCi6Ji/4 ssYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:organization :from:references:cc:to:subject:dkim-signature; bh=WdkTeh35hskFjppx/AtCQ+7sni5H8rOPzWMjSfWm50U=; b=nc/uKZZu9b0yVzpy3QorqVSChYOpltDAJy9kn/tBJ8bfFnCTaUIjWGMBN4yAQ3V55p PmCQN5+DPOBtLtZdfuvN7Agf88JHwEsfxqOid+u/AYpXfBlQ15/mg8yhyf5ny1p1pgdg vpGQBAnZ9CzPLOYNLUfX3IltOnYEtWnT6Wgn7bHPDX6cLP3Ic9OZEQFA+oYp13YJjWfc H2HCRG3svCtNdzCvtWvwtTT5sYouXgptjmI5jw9Ox/NCuky0xy6vGKqTiSF8EWNkUgl9 R18C6JJNtndqYM5wPWxse9yL8+DcoeuVcCSDsQfNNxeY5mh0vRSzZr/aPwv5S7qLHHeZ Lnvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="V1x/lpqK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x31si13733254lfu.347.2021.09.14.11.08.11; Tue, 14 Sep 2021 11:08:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="V1x/lpqK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229464AbhINSHk (ORCPT + 99 others); Tue, 14 Sep 2021 14:07:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:35930 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230035AbhINSHj (ORCPT ); Tue, 14 Sep 2021 14:07:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631642781; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WdkTeh35hskFjppx/AtCQ+7sni5H8rOPzWMjSfWm50U=; b=V1x/lpqKZrj/nOekKwl9yjJBE979ubRrXkUP/oRc678n8F5WfdI3y+o/Gq6y9rkL3Y4BVK k3P8iUwVyjXubW5F4dAbwe/8DqFSDiyR/yJxMhZM3QvWRoDz9gngQFiVhb2EA/U0AAHVmr BobHd/o+Oh4Y3BFYv1YsZE9nageGhQ8= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-545-tGTAs4zNMRSUtZa7Y9DzCQ-1; Tue, 14 Sep 2021 14:06:20 -0400 X-MC-Unique: tGTAs4zNMRSUtZa7Y9DzCQ-1 Received: by mail-wm1-f72.google.com with SMTP id 17-20020a05600c029100b00305eac9f29aso56031wmk.1 for ; Tue, 14 Sep 2021 11:06:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=WdkTeh35hskFjppx/AtCQ+7sni5H8rOPzWMjSfWm50U=; b=kz+KSWsHEaxlo3rlgMWHXQZyFZZtpZCJswJuhI7cq6n8ic0pJiLYq6Z64zqRqV6dRN m+/KXLF1opFprr+arTO12iDXX3YWT91SpH7axXy1pK34L9paLOKCVmiRPG2DJbnDgZO7 aeMLK2c1LlCjDPOYToOeUjnoorMJLxqqxGrnBlQaI32kjGM28xNOepiRDpG50iO3dHER G1qTqWkpfpTLI3hqsDWvXcNA28yrF7hIFQBDWBEGf/VKpKVEiPc6DaFKhHCasLLeqV5G FKU0BE1ZvHYMAmJBFkyQyDTjKfMNd+FzW2a/83vQ2FTBFoUnpfRBigOn3k7veXvI07Wq QUZQ== X-Gm-Message-State: AOAM530nmaK/S4mMIYuSzc2oiWQ26SGQx4qFWAc5oVExLbanV7sq2kSK XQQn3rUagbPDwds0CjZ269PWj++z2MxZdPJG2oBbvLIR1+aY/BuW9UDJ/kQlIDY/Vl0ajme1MVS ZmJjHdS/I6idRxxue5vXy0G0T X-Received: by 2002:a1c:c903:: with SMTP id f3mr450193wmb.101.1631642779380; Tue, 14 Sep 2021 11:06:19 -0700 (PDT) X-Received: by 2002:a1c:c903:: with SMTP id f3mr450166wmb.101.1631642779102; Tue, 14 Sep 2021 11:06:19 -0700 (PDT) Received: from [192.168.3.132] (p5b0c6041.dip0.t-ipconnect.de. [91.12.96.65]) by smtp.gmail.com with ESMTPSA id g143sm1846758wme.16.2021.09.14.11.06.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 14 Sep 2021 11:06:18 -0700 (PDT) Subject: Re: [PATCH resend RFC 0/9] s390: fixes, cleanups and optimizations for page table walkers To: Claudio Imbrenda Cc: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, Christian Borntraeger , Janosch Frank , Cornelia Huck , Heiko Carstens , Vasily Gorbik , Niklas Schnelle , Gerald Schaefer , Ulrich Weigand References: <20210909162248.14969-1-david@redhat.com> <20210914185033.367020b3@p-imbrenda> From: David Hildenbrand Organization: Red Hat Message-ID: <858a5f3b-99c0-6da3-6a60-8d01886399c6@redhat.com> Date: Tue, 14 Sep 2021 20:06:17 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210914185033.367020b3@p-imbrenda> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14.09.21 18:50, Claudio Imbrenda wrote: > On Thu, 9 Sep 2021 18:22:39 +0200 > David Hildenbrand wrote: > >> Resend because I missed ccing people on the actual patches ... >> >> RFC because the patches are essentially untested and I did not actually >> try to trigger any of the things these patches are supposed to fix. It > > this is an interesting series, and the code makes sense, but I would > really like to see some regression tests, and maybe even some > selftests to trigger (at least some of) the issues. Yep, it most certainly needs regression testing before picking any of this. selftests would be great, but I won't find time for it in the foreseeable future. > > the follow-up question is: how did we manage to go on so long without > noticing these issues? :D Excellent question - I guess we simply weren't aware of the dos and don'ts when dealing with process page tables :) > >> merely matches my current understanding (and what other code does :) ). I >> did compile-test as far as possible. >> >> After learning more about the wonderful world of page tables and their >> interaction with the mmap_sem and VMAs, I spotted some issues in our >> page table walkers that allow user space to trigger nasty behavior when >> playing dirty tricks with munmap() or mmap() of hugetlb. While some issues >> should be hard to trigger, others are fairly easy because we provide >> conventient interfaces (e.g., KVM_S390_GET_SKEYS and KVM_S390_SET_SKEYS). >> >> Future work: >> - Don't use get_locked_pte() when it's not required to actually allocate >> page tables -- similar to how storage keys are now handled. Examples are >> get_pgste() and __gmap_zap. >> - Don't use get_locked_pte() and instead let page fault logic allocate page >> tables when we actually do need page tables -- also, similar to how >> storage keys are now handled. Examples are set_pgste_bits() and >> pgste_perform_essa(). >> - Maybe switch to mm/pagewalk.c to avoid custom page table walkers. For >> __gmap_zap() that's very easy. >> >> Cc: Christian Borntraeger >> Cc: Janosch Frank >> Cc: Cornelia Huck >> Cc: Claudio Imbrenda >> Cc: Heiko Carstens >> Cc: Vasily Gorbik >> Cc: Niklas Schnelle >> Cc: Gerald Schaefer >> Cc: Ulrich Weigand >> >> David Hildenbrand (9): >> s390/gmap: validate VMA in __gmap_zap() >> s390/gmap: don't unconditionally call pte_unmap_unlock() in >> __gmap_zap() >> s390/mm: validate VMA in PGSTE manipulation functions >> s390/mm: fix VMA and page table handling code in storage key handling >> functions >> s390/uv: fully validate the VMA before calling follow_page() >> s390/pci_mmio: fully validate the VMA before calling follow_pte() >> s390/mm: no need for pte_alloc_map_lock() if we know the pmd is >> present >> s390/mm: optimize set_guest_storage_key() >> s390/mm: optimize reset_guest_reference_bit() >> >> arch/s390/kernel/uv.c | 2 +- >> arch/s390/mm/gmap.c | 11 +++- >> arch/s390/mm/pgtable.c | 109 +++++++++++++++++++++++++++------------ >> arch/s390/pci/pci_mmio.c | 4 +- >> 4 files changed, 89 insertions(+), 37 deletions(-) >> >> >> base-commit: 7d2a07b769330c34b4deabeed939325c77a7ec2f > -- Thanks, David / dhildenb