Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp249173pxb; Mon, 25 Oct 2021 07:35:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzTI4S2i9wmlxcZYwYhbqOoUE8pyfYc6SdvQGrzHjNU1+pliVFnYQlHAzfrUriz7c1XMmHn X-Received: by 2002:a63:7405:: with SMTP id p5mr13974632pgc.426.1635172552279; Mon, 25 Oct 2021 07:35:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635172552; cv=none; d=google.com; s=arc-20160816; b=luEPb2ts2WtZzeLFOIGBcbka+uktDRn37a50bAwyCWZ2myA7NcO8eAK5vybTVU0tYS xYm1g5fsh7WrWoh0y9u4Gc7Ax5VWhsU8RkECLJbzWQVTMpKj7wsKKZEkijvTze7pJvy6 TA0M/5fPUbX3N01J1eFDM2eDAfOsEO7pSuz/1y67xIOS/LkD11wL+1nztvEjnGhb/RZK vJPUZHZGq1YMb9SZ2odx146wfKbOLZhG902y30VspFhZOkY5JMoWCisXkS26gXyWqcG9 DcOF1kmc7rFYDf0GcANZv2tMmrWOq4yZHhLf36dlXswlZ0YcLgp2DIR2FfPJ2vk/lj/w crUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:autocrypt:from :references:cc:to:subject; bh=nGhTgPiJUUYc2oNBu4LoS8MiNLdUksFVxg0DAm5Zpyg=; b=fgdV3vvQlIc5WdLKnkv7hNwwNa82yqdkbGi1j16QTE+Vj/iJPTS1tiSy3CAu0vIE05 Zn53rtHKlzMCKg9OLMRzFg9vvINBYnRMUq0AaOdzeS0y+n4J6qALudqpzg3OysT9qPj3 WE1xX9e5hGhZfBtiZ1iusGWZa5z/AMixGphKJ0glZSiad5anWcedQJCUztIXgsjemf2A vG34B2T5hGDz/riASYp4jItq2gQm550sKf2/ZwTmB3T+GrK2jXNmoh4KEa6jqAzSRVpn +uuSuWJgzaCTF9dKvgdf1NH18U11QAO5NhiCO3U5UaCgAvNjPZPCrr99nY9zNTZpiVef RJlg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q12si31024337plx.447.2021.10.25.07.35.39; Mon, 25 Oct 2021 07:35:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231350AbhJYOWz (ORCPT + 99 others); Mon, 25 Oct 2021 10:22:55 -0400 Received: from mga12.intel.com ([192.55.52.136]:43872 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230510AbhJYOWz (ORCPT ); Mon, 25 Oct 2021 10:22:55 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10147"; a="209760241" X-IronPort-AV: E=Sophos;i="5.87,180,1631602800"; d="scan'208";a="209760241" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2021 07:20:30 -0700 X-IronPort-AV: E=Sophos;i="5.87,180,1631602800"; d="scan'208";a="634756109" Received: from cdsmith3-mobl.amr.corp.intel.com (HELO [10.212.229.230]) ([10.212.229.230]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Oct 2021 07:20:29 -0700 Subject: Re: [PATCH v2 3/5] x86/mm: check exec permissions on fault To: Nadav Amit , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Nadav Amit , Andrea Arcangeli , Andrew Cooper , Andrew Morton , Andy Lutomirski , Dave Hansen , Peter Xu , Peter Zijlstra , Thomas Gleixner , Will Deacon , Yu Zhao , Nick Piggin , x86@kernel.org References: <20211021122112.592634-1-namit@vmware.com> <20211021122112.592634-4-namit@vmware.com> From: Dave Hansen Autocrypt: addr=dave.hansen@intel.com; keydata= xsFNBE6HMP0BEADIMA3XYkQfF3dwHlj58Yjsc4E5y5G67cfbt8dvaUq2fx1lR0K9h1bOI6fC oAiUXvGAOxPDsB/P6UEOISPpLl5IuYsSwAeZGkdQ5g6m1xq7AlDJQZddhr/1DC/nMVa/2BoY 2UnKuZuSBu7lgOE193+7Uks3416N2hTkyKUSNkduyoZ9F5twiBhxPJwPtn/wnch6n5RsoXsb ygOEDxLEsSk/7eyFycjE+btUtAWZtx+HseyaGfqkZK0Z9bT1lsaHecmB203xShwCPT49Blxz VOab8668QpaEOdLGhtvrVYVK7x4skyT3nGWcgDCl5/Vp3TWA4K+IofwvXzX2ON/Mj7aQwf5W iC+3nWC7q0uxKwwsddJ0Nu+dpA/UORQWa1NiAftEoSpk5+nUUi0WE+5DRm0H+TXKBWMGNCFn c6+EKg5zQaa8KqymHcOrSXNPmzJuXvDQ8uj2J8XuzCZfK4uy1+YdIr0yyEMI7mdh4KX50LO1 pmowEqDh7dLShTOif/7UtQYrzYq9cPnjU2ZW4qd5Qz2joSGTG9eCXLz5PRe5SqHxv6ljk8mb ApNuY7bOXO/A7T2j5RwXIlcmssqIjBcxsRRoIbpCwWWGjkYjzYCjgsNFL6rt4OL11OUF37wL QcTl7fbCGv53KfKPdYD5hcbguLKi/aCccJK18ZwNjFhqr4MliQARAQABzShEYXZpZCBDaHJp c3RvcGhlciBIYW5zZW4gPGRhdmVAc3I3MS5uZXQ+wsF7BBMBAgAlAhsDBgsJCAcDAgYVCAIJ CgsEFgIDAQIeAQIXgAUCTo3k0QIZAQAKCRBoNZUwcMmSsMO2D/421Xg8pimb9mPzM5N7khT0 2MCnaGssU1T59YPE25kYdx2HntwdO0JA27Wn9xx5zYijOe6B21ufrvsyv42auCO85+oFJWfE K2R/IpLle09GDx5tcEmMAHX6KSxpHmGuJmUPibHVbfep2aCh9lKaDqQR07gXXWK5/yU1Dx0r VVFRaHTasp9fZ9AmY4K9/BSA3VkQ8v3OrxNty3OdsrmTTzO91YszpdbjjEFZK53zXy6tUD2d e1i0kBBS6NLAAsqEtneplz88T/v7MpLmpY30N9gQU3QyRC50jJ7LU9RazMjUQY1WohVsR56d ORqFxS8ChhyJs7BI34vQusYHDTp6PnZHUppb9WIzjeWlC7Jc8lSBDlEWodmqQQgp5+6AfhTD kDv1a+W5+ncq+Uo63WHRiCPuyt4di4/0zo28RVcjtzlGBZtmz2EIC3vUfmoZbO/Gn6EKbYAn rzz3iU/JWV8DwQ+sZSGu0HmvYMt6t5SmqWQo/hyHtA7uF5Wxtu1lCgolSQw4t49ZuOyOnQi5 f8R3nE7lpVCSF1TT+h8kMvFPv3VG7KunyjHr3sEptYxQs4VRxqeirSuyBv1TyxT+LdTm6j4a mulOWf+YtFRAgIYyyN5YOepDEBv4LUM8Tz98lZiNMlFyRMNrsLV6Pv6SxhrMxbT6TNVS5D+6 UorTLotDZKp5+M7BTQRUY85qARAAsgMW71BIXRgxjYNCYQ3Xs8k3TfAvQRbHccky50h99TUY sqdULbsb3KhmY29raw1bgmyM0a4DGS1YKN7qazCDsdQlxIJp9t2YYdBKXVRzPCCsfWe1dK/q 66UVhRPP8EGZ4CmFYuPTxqGY+dGRInxCeap/xzbKdvmPm01Iw3YFjAE4PQ4hTMr/H76KoDbD cq62U50oKC83ca/PRRh2QqEqACvIH4BR7jueAZSPEDnzwxvVgzyeuhwqHY05QRK/wsKuhq7s UuYtmN92Fasbxbw2tbVLZfoidklikvZAmotg0dwcFTjSRGEg0Gr3p/xBzJWNavFZZ95Rj7Et db0lCt0HDSY5q4GMR+SrFbH+jzUY/ZqfGdZCBqo0cdPPp58krVgtIGR+ja2Mkva6ah94/oQN lnCOw3udS+Eb/aRcM6detZr7XOngvxsWolBrhwTQFT9D2NH6ryAuvKd6yyAFt3/e7r+HHtkU kOy27D7IpjngqP+b4EumELI/NxPgIqT69PQmo9IZaI/oRaKorYnDaZrMXViqDrFdD37XELwQ gmLoSm2VfbOYY7fap/AhPOgOYOSqg3/Nxcapv71yoBzRRxOc4FxmZ65mn+q3rEM27yRztBW9 AnCKIc66T2i92HqXCw6AgoBJRjBkI3QnEkPgohQkZdAb8o9WGVKpfmZKbYBo4pEAEQEAAcLB XwQYAQIACQUCVGPOagIbDAAKCRBoNZUwcMmSsJeCEACCh7P/aaOLKWQxcnw47p4phIVR6pVL e4IEdR7Jf7ZL00s3vKSNT+nRqdl1ugJx9Ymsp8kXKMk9GSfmZpuMQB9c6io1qZc6nW/3TtvK pNGz7KPPtaDzvKA4S5tfrWPnDr7n15AU5vsIZvgMjU42gkbemkjJwP0B1RkifIK60yQqAAlT YZ14P0dIPdIPIlfEPiAWcg5BtLQU4Wg3cNQdpWrCJ1E3m/RIlXy/2Y3YOVVohfSy+4kvvYU3 lXUdPb04UPw4VWwjcVZPg7cgR7Izion61bGHqVqURgSALt2yvHl7cr68NYoFkzbNsGsye9ft M9ozM23JSgMkRylPSXTeh5JIK9pz2+etco3AfLCKtaRVysjvpysukmWMTrx8QnI5Nn5MOlJj 1Ov4/50JY9pXzgIDVSrgy6LYSMc4vKZ3QfCY7ipLRORyalFDF3j5AGCMRENJjHPD6O7bl3Xo 4DzMID+8eucbXxKiNEbs21IqBZbbKdY1GkcEGTE7AnkA3Y6YB7I/j9mQ3hCgm5muJuhM/2Fr OPsw5tV/LmQ5GXH0JQ/TZXWygyRFyyI2FqNTx4WHqUn3yFj8rwTAU1tluRUYyeLy0ayUlKBH ybj0N71vWO936MqP6haFERzuPAIpxj2ezwu0xb1GjTk4ynna6h5GjnKgdfOWoRtoWndMZxbA z5cecg== Message-ID: Date: Mon, 25 Oct 2021 07:20:27 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20211021122112.592634-4-namit@vmware.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/21/21 5:21 AM, Nadav Amit wrote: > access_error() currently does not check for execution permission > violation. Ye > As a result, spurious page-faults due to execution permission > violation cause SIGSEGV. While I could totally believe that something is goofy when VMAs are being changed underneath a page fault, I'm having trouble figuring out why the "if (error_code & X86_PF_WRITE)" code is being modified. > It appears not to be an issue so far, but the next patches avoid TLB > flushes on permission promotion, which can lead to this scenario. nodejs > for instance crashes when TLB flush is avoided on permission promotion. Just to be clear, "promotion" is going from something like: W=0->W=1 or NX=1->NX=0 right? I tend to call that "relaxing" permissions. Currently, X86_PF_WRITE faults are considered an access error unless the VMA to which the write occurred allows writes. Returning "no access error" permits continuing and handling the copy-on-write. It sounds like you want to expand that. You want to add a whole class of new faults that can be ignored: not just that some COW handling might be necessary, but that the PTE itself might be out of date. Just like a "COW fault" may just result in setting the PTE.W=1 and moving on with our day, an instruction fault might now just end up with setting PTE.NX=0 and also moving on with our day. I'm really confused why the "error_code & X86_PF_WRITE" case is getting modified. I would have expected it to be something like just adding: /* read, instruction fetch */ if (error_code & X86_PF_INSN) { /* Avoid enforcing access error if spurious: */ if (unlikely(!(vma->vm_flags & VM_EXEC))) return 1; return 0; } I'm really confused what X86_PF_WRITE and X86_PF_INSN have in common other than both being able to (now) be generated spuriously.