Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp961704pxb; Thu, 21 Oct 2021 12:54:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkJoiXYfTPZ5oUz+UeAslwexJeeL8AyKVrUJ/cNmlaDcSYji7ZxRyEdNATkNJpv1237nPz X-Received: by 2002:a63:1d13:: with SMTP id d19mr5924864pgd.383.1634846089624; Thu, 21 Oct 2021 12:54:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634846089; cv=none; d=google.com; s=arc-20160816; b=tTvnYmM8bbHM0iEtjfI563/F0w88clv5GekYVI0KwlhldBRx9P3xSRYJ4rfKzeZaCS y1bJ+NkybcaIIwZ4yc9xPTzx+mMadqxHUjQmJekRVp0OT7WkDtf8/ijhJo6QiCVvCtVF l5GNe0u8Eg4X6H2GThmA6qya7FLetwpqiU1WDYAcYq/tTh8XZC3pF3ZktapGGH40p8q6 6GW+a50VT3G+qhj3fDUlKOvZ7oYVZD+7KVHAy7Y5NImPn0zmm9X30GOdIaBWfDvnyV4Z g0hVDi/4K5JOoZ4p/E4t+KBKy3Vsnvysh0Z3s/pf958YR6QkiB7urlA3EpXELfUMsqsI S8pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZkXKIl0cvonpSMPGbZtkMfANAFTOohR0bKnvqthvOXw=; b=MQDsAn/kPxJM/y4PksEu5Ih5LwbJndDUQpgPFSMASfQBMPe8sDp5bpOhkCyMOy2rm/ rTEWeB033VezJBXOWty5ID/4+T2SthgNu5O64T/rSrKHlz4SHK66rF7b+sA5YINqyYkG H6hO1JBEscVTQqVWDH2ZWG4T7+3rE6rhGbK7RgNEukLJsGs8ZcKQlUe6MOUHnCqUvfB5 vy2L40sZSr+r51XIpTUX723Cm6en24OPyjxViKrGnTmmcLgMRMCd+DPLdMXNcY+7tLfD YhVSeVlPt18wXcRDmKq6fwk0/k4CmRJBdNp05aRI+9mJH1pg07NsVxyqBdLVJ57kleBd DyZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JutQJLFx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h9si3047341pgc.380.2021.10.21.12.54.37; Thu, 21 Oct 2021 12:54:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=JutQJLFx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231898AbhJUTzJ (ORCPT + 99 others); Thu, 21 Oct 2021 15:55:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231924AbhJUTzI (ORCPT ); Thu, 21 Oct 2021 15:55:08 -0400 Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D187DC061764 for ; Thu, 21 Oct 2021 12:52:51 -0700 (PDT) Received: by mail-pg1-x52b.google.com with SMTP id q187so1278869pgq.2 for ; Thu, 21 Oct 2021 12:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZkXKIl0cvonpSMPGbZtkMfANAFTOohR0bKnvqthvOXw=; b=JutQJLFxA+3lL90mZzR5yi7o5P/8Etyk+Xr3rSPjfgVQe85aUnXiu7bYYc2kWNmws2 VsWMouTl3YB6Pq7NcS6pip1fYYxtcsG3Ez9la13QpAVxXaucpYDuWh6Kd7AFNOUJ8617 TkPo8H2jC7nB16PUtjcOBdfU1sOT5kEiNQWcN+dfy7bDzVNNqOib0MHgbWgRYIYe8SXP devpb+kyUVY+LYsB5JUab9lEr7+nSM+QGrY0gspIVN3HpCeXSaurHAn38A9kRy0rWbdW Mi2kYLEgwZAQlKct4VpEm4YyuoppuvNr2dzsguH/Jv6uMMDPf4En3Ar4tOL1U5Ovph9W adeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkXKIl0cvonpSMPGbZtkMfANAFTOohR0bKnvqthvOXw=; b=GfVQUACa3xW37ZGm1XskaYYu2DpQFk+izND1lHQIxQb9LNWRCiieEoZ6EYkFKpZJmm iIZiB/6qKI9noKEJFTCx2ZKx0J1idIDjHcQX7h6kVDLac1FlT1m/5w5JcbToakAgsBfO NEYEUU5cSXZgtXpNlRA3tcpiBVsV9xNRoG1zDXygine94ubszetFkpP1YfI4CkS2ggKu eN65BVaMJAX0gZ5fUA2FSrQcHzm3u5pAX/ik7Q22JM5TKkunUQiMyoXTd3RPXjNBEG8a 3qZRe9H9lgp1whDtbt6721dLHJjOYmGxTecMkXz+tgiOHHFXOp4JiUKWEs43oht49ZgR 3wlg== X-Gm-Message-State: AOAM532dPVibP2tUTx2Tk98KhgxaLYduWD6wyGOOiZH1Ezj1JtgEJNf7 fv7XlkgsKHIsim9uoY3OfEA= X-Received: by 2002:a05:6a00:1255:b0:44c:dd49:b39a with SMTP id u21-20020a056a00125500b0044cdd49b39amr8050182pfi.66.1634845971227; Thu, 21 Oct 2021 12:52:51 -0700 (PDT) Received: from sc2-haas01-esx0118.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id n202sm7098078pfd.160.2021.10.21.12.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 12:52:50 -0700 (PDT) From: Nadav Amit X-Google-Original-From: Nadav Amit To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Nadav Amit , Andrea Arcangeli , Andrew Cooper , Andrew Morton , Andy Lutomirski , Dave Hansen , Peter Xu , Peter Zijlstra , Thomas Gleixner , Will Deacon , Yu Zhao , Nick Piggin , x86@kernel.org Subject: [PATCH v2 3/5] x86/mm: check exec permissions on fault Date: Thu, 21 Oct 2021 05:21:10 -0700 Message-Id: <20211021122112.592634-4-namit@vmware.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211021122112.592634-1-namit@vmware.com> References: <20211021122112.592634-1-namit@vmware.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nadav Amit access_error() currently does not check for execution permission violation. As a result, spurious page-faults due to execution permission violation cause SIGSEGV. It appears not to be an issue so far, but the next patches avoid TLB flushes on permission promotion, which can lead to this scenario. nodejs for instance crashes when TLB flush is avoided on permission promotion. Add a check to prevent access_error() from returning mistakenly that page-faults due to instruction fetch are not allowed. Intel SDM does not indicate whether "instruction fetch" and "write" in the hardware error code are mutual exclusive, so check both before returning whether the access is allowed. Cc: Andrea Arcangeli Cc: Andrew Cooper Cc: Andrew Morton Cc: Andy Lutomirski Cc: Dave Hansen Cc: Peter Xu Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Will Deacon Cc: Yu Zhao Cc: Nick Piggin Cc: x86@kernel.org Signed-off-by: Nadav Amit --- arch/x86/mm/fault.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index b2eefdefc108..e776130473ce 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -1100,10 +1100,17 @@ access_error(unsigned long error_code, struct vm_area_struct *vma) (error_code & X86_PF_INSTR), foreign)) return 1; - if (error_code & X86_PF_WRITE) { + if (error_code & (X86_PF_WRITE | X86_PF_INSTR)) { /* write, present and write, not present: */ - if (unlikely(!(vma->vm_flags & VM_WRITE))) + if ((error_code & X86_PF_WRITE) && + unlikely(!(vma->vm_flags & VM_WRITE))) return 1; + + /* exec, present and exec, not present: */ + if ((error_code & X86_PF_INSTR) && + unlikely(!(vma->vm_flags & VM_EXEC))) + return 1; + return 0; } -- 2.25.1