Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp3732183pxb; Tue, 19 Apr 2022 08:46:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyoXdd0kL/glOZEIdY7y7d0uG6128iBHAac+1ybi6biPbqAqEz44vA76RoLPvava2TkjgLm X-Received: by 2002:a63:dd54:0:b0:3a8:f358:5b3f with SMTP id g20-20020a63dd54000000b003a8f3585b3fmr11904006pgj.97.1650383203550; Tue, 19 Apr 2022 08:46:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650383203; cv=none; d=google.com; s=arc-20160816; b=M0hIx3PZESZ4Td9oYcRGwSAKGff+SQmOPumqffLxWhynb6S0jSmRQ0WGMVJKEpWtZU IeBXvmB59yX8hvnB1RgH7Bzp4Jw/0hmwomJbEpT1r4UjaTnHz4N7cTcL70bQE7wYgAX3 8hQzLHSvslehxTEvoC09Bg2K31kx3EuOwWZgFfTn+0YqnacXB5LseArMsoBf8Z9Wv4c2 wE5+po4l52A9rRfe1SmPTM7NGMsnN1wS2nSlp9wfLf8OQMJqVtK17dcaD7uaEn5YCwRm 3D6sUQCfwqjsej77v/KHqZJX1XS4/+95FlaB/bt+tb6UpLNB1qDh8ZUoalr44oweR726 9B/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=cWoWgEcXIMYRuEsZLERLpvc6D4fQ6dZb3dEHGDCcqIs=; b=lpQbeCEAq97lGXneGtvkR+cYXvqV3Ht7Tlx4t6X3XsL+z3ZWCx6Hv4jR5ptp3MixRG Sy/9fR5dRl0RXafOc7iqYb0Tkqk2WIJ2ai50/60fDh1uQW+APvTxXYBKciUUlI2ID22h t0P4xokkFchR2MpngzTfDTX/MVsH4VFsOxBtD47Ql61Lp1Jq66m/6vZ8FDECsp7L2gXB zkjs4b9vvIzfRdBSSm3Z5sVU8GYECKBkURRRN8D8+I7GNAtT2zgWsu9kFont3+3/JRWR wLy7hACHMkeNmMXKZmcnRCP0+2a5eRBpCRkb4e3bUpi6Qi7MKbcMsET882SlUP2jX64j yF9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=fY6TQpn2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t11-20020a056a0021cb00b004fa831f601csi12946218pfj.231.2022.04.19.08.46.22; Tue, 19 Apr 2022 08:46:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@soleen.com header.s=google header.b=fY6TQpn2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238617AbiDSNWq (ORCPT + 99 others); Tue, 19 Apr 2022 09:22:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49384 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351985AbiDSNWk (ORCPT ); Tue, 19 Apr 2022 09:22:40 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60D1A2C8 for ; Tue, 19 Apr 2022 06:19:56 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id y20so12721116eju.7 for ; Tue, 19 Apr 2022 06:19:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soleen.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cWoWgEcXIMYRuEsZLERLpvc6D4fQ6dZb3dEHGDCcqIs=; b=fY6TQpn2KPv+1NlQy1Jow9T1OohAsjrB3oV9ppqNtHvd0r+4OW08v/avNwv1G8Odjm D/2GsdfYMSvjtxG1P4B7SzmR2XTR5xS2bZ0XXxMVMHNciSyV6R5MO6AkQwLdeFk1lHfh Cgt7v30oEPEsJbmsWTr9+ULhOcR1ribWin+0SWBgoc1mhBYRwOlMDx37E219LP/c8iur e8Jl67Cq3yYNgZHQHPlunLvMK0ujRMh0wPaA5jNKhTst45qBNw6ujFZl8BZe81KmcSAw S+BsJt8ItH1FzOurK6u7x4BM44CcrZpOkFaSvq0vaqehD0L+SUhwh2c75xAXXhRm0fg5 rMMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cWoWgEcXIMYRuEsZLERLpvc6D4fQ6dZb3dEHGDCcqIs=; b=aNNiE/FORLQlhMkIDGZY4y/LTHsSblYVfC/3nShBSinZXKX81lYPH9XsMGp4HhZl74 UZ6VjNHK2kPRlnOaHHIyJw+Hf73SgLGMSoyOXJoZY4uE7ktKFf+VSfsMgNBFHIpWNs38 qSga/ReT6YvVvcLNou9U2ML3iVZVPNbGFcqlM+9ZEWAXF50eMWt7w84D13pYJG0TaXsy +wKFeL28IobQhMYX+QKM3GycH11U8pBdsTBHtc9z6NbmJntvj4wXwGq/iouqpVEp2bVJ qydm1Wbun3+hfpPlVYLASvuK1j3teMErk/f/+vJvhp2FrhiCKxE36ZR2viZydId2fLN4 wBbA== X-Gm-Message-State: AOAM533RilKWwmtPPSrlQDm32rFxP1nPLBvnZSeZnaS78Ad8HbDCKTxV Do7T8gQmIL/k0PV4cKzUK0cclXYQBD51Pf4ZVrEr5Q== X-Received: by 2002:a17:907:1c8a:b0:6e9:2a0d:d7b7 with SMTP id nb10-20020a1709071c8a00b006e92a0dd7b7mr13404246ejc.572.1650374394669; Tue, 19 Apr 2022 06:19:54 -0700 (PDT) MIME-Version: 1.0 References: <20220418034444.520928-1-tongtiangen@huawei.com> <20220418034444.520928-4-tongtiangen@huawei.com> <073cb6a6-3dbc-75d4-dbfe-a5299a6b0510@arm.com> In-Reply-To: <073cb6a6-3dbc-75d4-dbfe-a5299a6b0510@arm.com> From: Pasha Tatashin Date: Tue, 19 Apr 2022 09:19:16 -0400 Message-ID: Subject: Re: [PATCH -next v4 3/4] arm64: mm: add support for page table check To: Anshuman Khandual Cc: Tong Tiangen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" , "H. Peter Anvin" , Andrew Morton , Catalin Marinas , Will Deacon , Paul Walmsley , Palmer Dabbelt , Albert Ou , LKML , linux-mm , Linux ARM , linux-riscv@lists.infradead.org, Kefeng Wang , Guohanjun Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2022 at 6:22 AM Anshuman Khandual wrote: > > > On 4/18/22 09:14, Tong Tiangen wrote: > > +#ifdef CONFIG_PAGE_TABLE_CHECK > > +static inline bool pte_user_accessible_page(pte_t pte) > > +{ > > + return pte_present(pte) && (pte_user(pte) || pte_user_exec(pte)); > > +} > > + > > +static inline bool pmd_user_accessible_page(pmd_t pmd) > > +{ > > + return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd)); > > +} > > + > > +static inline bool pud_user_accessible_page(pud_t pud) > > +{ > > + return pud_present(pud) && pud_user(pud); > > +} > > +#endif > Wondering why check for these page table entry states when init_mm > has already being excluded ? Should not user page tables be checked > for in entirety for all updates ? what is the rationale for filtering > out only pxx_user_access_page entries ? The point is to prevent false sharing and memory corruption issues. The idea of PTC to be simple and relatively independent from the MM state machine that catches invalid page sharing. I.e. if an R/W anon page is accessible by user land, that page can never be mapped into another process (internally shared anons are treated as named mappings). Therefore, we try not to rely on MM states, and ensure that when a page-table entry is accessible by user it meets the required assumptions: no false sharing, etc. For example, one bug that was caught with PTC was where a driver on an unload would put memory on a freelist but memory is still mapped in user page table. Pasha