Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1909996pxp; Mon, 21 Mar 2022 07:29:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgLmYI7VmYsGDMFi200oiW/s76WiOLWNS8e128HDuz8TQ2eiEKWua2ITEUCOJ7Sly2SZtJ X-Received: by 2002:a17:906:dc8b:b0:6df:7a71:1321 with SMTP id cs11-20020a170906dc8b00b006df7a711321mr20694849ejc.476.1647872990812; Mon, 21 Mar 2022 07:29:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647872990; cv=none; d=google.com; s=arc-20160816; b=hRVlyLAC3UJsXuZpKl2ohOLvd1lrVLBbhZvYaXzTI3NN41YaBNTYK89YDBjqIuhMYs n9mlMxvXQgtPAGI89tte89Ek58dl76ZIb/ATwI8CXUiQ5vNKHBcd/MVufVzCCC306xLZ dMHNeXqI37crD/CN9ybsu93V2QLqQStGpUMVqxn6WaxTkcNOpVCZevd3Jz4dBcdjew7g XALWRYsZbc4S9Ld0RhlvTuprQfJFaoANo7ERPJHoVG0aV4+laXxMj9Q5+gtUNhTUTBiF LGFHMXOtpFHB7lWD6ohikNb4WmZWQwcz3JtOO/2j/SS/rVQHbUZLL1x2Y4tzHtm0DSGf yHJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:references :cc:to:subject:from:user-agent:mime-version:date:message-id; bh=n0WLbPEO48LqgsuqeNuti8Qpe0oynKGdsZKv5fZKbjQ=; b=ywIekgp0heKTaMHhvTQVYcbirug3dAXXgaAqdhqsQvFLi+3lxaP0Rkg+lWeO1U0xGu kI2ZA0XQ6USXJNl3dgUzMJ6fDDgX4Y2ThpF8m0dWuRiOGIZpKE+799pw5OmwYj0EI2Os PGgIG8Owgljd9lBYktxCCwH4ltOguyBNUFLJi/RzkjR4G7Jv1zncVdMOUfoVfIXEi5JP YZ7Y56Jt9pxp8g8Qx0QHiaDfAsBZkz7/JYHb6n0Iftsdt5WOtKCUjZA2A72SLTxIH84q FkhdRBy5Ljr1lHNemcoFDa2UzIVgMV8WjrrNPJ1X/F+uaRbUhrVE5M2fH8kRQ+yeIt39 pYqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 9-20020a170906008900b006df7a1b2f6dsi8284823ejc.218.2022.03.21.07.29.22; Mon, 21 Mar 2022 07:29:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344556AbiCUGRG (ORCPT + 99 others); Mon, 21 Mar 2022 02:17:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238570AbiCUGRG (ORCPT ); Mon, 21 Mar 2022 02:17:06 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11B5D8A31F for ; Sun, 20 Mar 2022 23:15:40 -0700 (PDT) Received: from kwepemi500002.china.huawei.com (unknown [172.30.72.53]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4KMPTB6yTQzfYr5; Mon, 21 Mar 2022 14:14:06 +0800 (CST) Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemi500002.china.huawei.com (7.221.188.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Mon, 21 Mar 2022 14:15:38 +0800 Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Mon, 21 Mar 2022 14:15:37 +0800 Message-ID: Date: Mon, 21 Mar 2022 14:15:36 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 From: Tong Tiangen Subject: Re: [PATCH -next 3/4] arm64: mm: add support for page table check To: Catalin Marinas CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , , "H. Peter Anvin" , Pasha Tatashin , Andrew Morton , "Will Deacon" , Paul Walmsley , "Palmer Dabbelt" , Palmer Dabbelt , Albert Ou , , , , References: <20220317141203.3646253-1-tongtiangen@huawei.com> <20220317141203.3646253-4-tongtiangen@huawei.com> In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To kwepemm600017.china.huawei.com (7.193.23.234) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-5.2 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/3/19 1:18, Catalin Marinas 写道: > On Fri, Mar 18, 2022 at 11:58:22AM +0800, Tong Tiangen wrote: >> 在 2022/3/18 3:00, Catalin Marinas 写道: >>> On Thu, Mar 17, 2022 at 02:12:02PM +0000, Tong Tiangen wrote: >>>> @@ -628,6 +647,25 @@ static inline unsigned long pmd_page_vaddr(pmd_t pmd) >>>> #define pud_leaf(pud) pud_sect(pud) >>>> #define pud_valid(pud) pte_valid(pud_pte(pud)) >>>> +#ifdef CONFIG_PAGE_TABLE_CHECK >>>> +static inline bool pte_user_accessible_page(pte_t pte) >>>> +{ >>>> + return (pte_val(pte) & PTE_VALID) && (pte_val(pte) & PTE_USER); >>>> +} > [...] >>> Do we care about PROT_NONE mappings here? They have the valid bit >>> cleared but pte_present() is true. >>> >> >> PTC will not check this special type(PROT_NONE) of page. > > PROT_NONE is just a permission but since we don't have independent read > and write bits in the pte, we implement it as an invalid pte (bit 0 > cleared). The other content of the pte is fine, so pte_pfn() should > still work. PTC could as well check this, I don't think it hurts. You have a point and the logic should be: pte_present(pte) && (pte_user(pte) || pte_user_exec(pte)) > >>>> +static inline bool pmd_user_accessible_page(pmd_t pmd) >>>> +{ >>>> + return pmd_leaf(pmd) && (pmd_val(pmd) & PTE_VALID) && >>>> + (pmd_val(pmd) & PTE_USER); >>>> +} >>> >>> pmd_leaf() implies valid, so you can skip it if that's the aim. >> >> PTC only checks whether the memory block corresponding to the pmd_leaf type >> can access, for !pmd_leaf, PTC checks at the pte level. So i think this is >> necessary. > > My point is that the (pmd_val(pmd) & PTE_VALID) check is superfluous > since that's covered by pmd_leaf() already. Oh,i got it,you're right and these will be fixed in v2. Considering all your suggestions, The final logic should be: +#define pte_user(pte) (!!(pte_val(pte) & PTE_USER)) +#define pmd_user(pmd) pte_user(pmd_pte(pmd)) +#define pmd_user_exec(pmd) pte_user_exec(pmd_pte(pmd)) +#define pud_user(pud) pte_user(pud_pte(pud)) +static inline bool pte_user_accessible_page(pte_t pte) +{ + return pte_present(pte) && (pte_user(pte)|| pte_user_exec(pte)); +} +static inline bool pmd_user_accessible_page(pmd_t pmd) +{ + return pmd_present(pmd) && (pmd_user(pmd)|| pmd_user_exec(pmd)); +} +static inline bool pud_user_accessible_page(pud_t pud) +{ + return pud_present(pud) && pud_user(pud); +} >