From: Tycho Andersen <tycho@docker.com>
To: Yisheng Xie <xieyisheng1@huawei.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com,
Marco Benatto <marco.antonio.780@gmail.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
x86@kernel.org
Subject: [kernel-hardening] Re: [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Mon, 11 Sep 2017 07:50:20 -0700 [thread overview]
Message-ID: <20170911145020.fat456njvyagcomu@docker> (raw)
In-Reply-To: <302be94d-7e44-001d-286c-2b0cd6098f7b@huawei.com>
Hi Yisheng,
On Mon, Sep 11, 2017 at 03:24:09PM +0800, Yisheng Xie wrote:
> > +void xpfo_alloc_pages(struct page *page, int order, gfp_t gfp)
> > +{
> > + int i, flush_tlb = 0;
> > + struct xpfo *xpfo;
> > +
> > + if (!static_branch_unlikely(&xpfo_inited))
> > + return;
> > +
> > + for (i = 0; i < (1 << order); i++) {
> > + xpfo = lookup_xpfo(page + i);
> > + if (!xpfo)
> > + continue;
> > +
> > + WARN(test_bit(XPFO_PAGE_UNMAPPED, &xpfo->flags),
> > + "xpfo: unmapped page being allocated\n");
> > +
> > + /* Initialize the map lock and map counter */
> > + if (unlikely(!xpfo->inited)) {
> > + spin_lock_init(&xpfo->maplock);
> > + atomic_set(&xpfo->mapcount, 0);
> > + xpfo->inited = true;
> > + }
> > + WARN(atomic_read(&xpfo->mapcount),
> > + "xpfo: already mapped page being allocated\n");
> > +
> > + if ((gfp & GFP_HIGHUSER) == GFP_HIGHUSER) {
> > + /*
> > + * Tag the page as a user page and flush the TLB if it
> > + * was previously allocated to the kernel.
> > + */
> > + if (!test_and_set_bit(XPFO_PAGE_USER, &xpfo->flags))
> > + flush_tlb = 1;
>
> I'm not sure whether I am miss anything, however, when the page was previously allocated
> to kernel, should we unmap the physmap (the kernel's page table) here? For we allocate
> the page to user now
Yes, I think you're right. Oddly, the XPFO_READ_USER test works
correctly for me, but I think (?) should not because of this bug...
Tycho
WARNING: multiple messages have this Message-ID (diff)
From: Tycho Andersen <tycho@docker.com>
To: Yisheng Xie <xieyisheng1@huawei.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com,
Marco Benatto <marco.antonio.780@gmail.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
x86@kernel.org
Subject: Re: [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Mon, 11 Sep 2017 07:50:20 -0700 [thread overview]
Message-ID: <20170911145020.fat456njvyagcomu@docker> (raw)
In-Reply-To: <302be94d-7e44-001d-286c-2b0cd6098f7b@huawei.com>
Hi Yisheng,
On Mon, Sep 11, 2017 at 03:24:09PM +0800, Yisheng Xie wrote:
> > +void xpfo_alloc_pages(struct page *page, int order, gfp_t gfp)
> > +{
> > + int i, flush_tlb = 0;
> > + struct xpfo *xpfo;
> > +
> > + if (!static_branch_unlikely(&xpfo_inited))
> > + return;
> > +
> > + for (i = 0; i < (1 << order); i++) {
> > + xpfo = lookup_xpfo(page + i);
> > + if (!xpfo)
> > + continue;
> > +
> > + WARN(test_bit(XPFO_PAGE_UNMAPPED, &xpfo->flags),
> > + "xpfo: unmapped page being allocated\n");
> > +
> > + /* Initialize the map lock and map counter */
> > + if (unlikely(!xpfo->inited)) {
> > + spin_lock_init(&xpfo->maplock);
> > + atomic_set(&xpfo->mapcount, 0);
> > + xpfo->inited = true;
> > + }
> > + WARN(atomic_read(&xpfo->mapcount),
> > + "xpfo: already mapped page being allocated\n");
> > +
> > + if ((gfp & GFP_HIGHUSER) == GFP_HIGHUSER) {
> > + /*
> > + * Tag the page as a user page and flush the TLB if it
> > + * was previously allocated to the kernel.
> > + */
> > + if (!test_and_set_bit(XPFO_PAGE_USER, &xpfo->flags))
> > + flush_tlb = 1;
>
> I'm not sure whether I am miss anything, however, when the page was previously allocated
> to kernel, should we unmap the physmap (the kernel's page table) here? For we allocate
> the page to user now
Yes, I think you're right. Oddly, the XPFO_READ_USER test works
correctly for me, but I think (?) should not because of this bug...
Tycho
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Tycho Andersen <tycho@docker.com>
To: Yisheng Xie <xieyisheng1@huawei.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-hardening@lists.openwall.com,
Marco Benatto <marco.antonio.780@gmail.com>,
Juerg Haefliger <juerg.haefliger@canonical.com>,
x86@kernel.org
Subject: Re: [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO)
Date: Mon, 11 Sep 2017 07:50:20 -0700 [thread overview]
Message-ID: <20170911145020.fat456njvyagcomu@docker> (raw)
In-Reply-To: <302be94d-7e44-001d-286c-2b0cd6098f7b@huawei.com>
Hi Yisheng,
On Mon, Sep 11, 2017 at 03:24:09PM +0800, Yisheng Xie wrote:
> > +void xpfo_alloc_pages(struct page *page, int order, gfp_t gfp)
> > +{
> > + int i, flush_tlb = 0;
> > + struct xpfo *xpfo;
> > +
> > + if (!static_branch_unlikely(&xpfo_inited))
> > + return;
> > +
> > + for (i = 0; i < (1 << order); i++) {
> > + xpfo = lookup_xpfo(page + i);
> > + if (!xpfo)
> > + continue;
> > +
> > + WARN(test_bit(XPFO_PAGE_UNMAPPED, &xpfo->flags),
> > + "xpfo: unmapped page being allocated\n");
> > +
> > + /* Initialize the map lock and map counter */
> > + if (unlikely(!xpfo->inited)) {
> > + spin_lock_init(&xpfo->maplock);
> > + atomic_set(&xpfo->mapcount, 0);
> > + xpfo->inited = true;
> > + }
> > + WARN(atomic_read(&xpfo->mapcount),
> > + "xpfo: already mapped page being allocated\n");
> > +
> > + if ((gfp & GFP_HIGHUSER) == GFP_HIGHUSER) {
> > + /*
> > + * Tag the page as a user page and flush the TLB if it
> > + * was previously allocated to the kernel.
> > + */
> > + if (!test_and_set_bit(XPFO_PAGE_USER, &xpfo->flags))
> > + flush_tlb = 1;
>
> I'm not sure whether I am miss anything, however, when the page was previously allocated
> to kernel, should we unmap the physmap (the kernel's page table) here? For we allocate
> the page to user now
Yes, I think you're right. Oddly, the XPFO_READ_USER test works
correctly for me, but I think (?) should not because of this bug...
Tycho
next prev parent reply other threads:[~2017-09-11 14:50 UTC|newest]
Thread overview: 241+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 17:35 [kernel-hardening] [PATCH v6 00/11] Add support for eXclusive Page Frame Ownership Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` [kernel-hardening] [PATCH v6 01/11] mm: add MAP_HUGETLB support to vm_mmap Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-07 17:35 ` Tycho Andersen
2017-09-08 7:42 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:42 ` Christoph Hellwig
2017-09-08 7:42 ` Christoph Hellwig
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 02/11] x86: always set IF before oopsing from page fault Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 03/11] mm, x86: Add support for eXclusive Page Frame Ownership (XPFO) Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 18:33 ` [kernel-hardening] " Ralph Campbell
2017-09-07 18:33 ` Ralph Campbell
2017-09-07 18:33 ` Ralph Campbell
2017-09-07 18:50 ` [kernel-hardening] " Tycho Andersen
2017-09-07 18:50 ` Tycho Andersen
2017-09-07 18:50 ` Tycho Andersen
2017-09-08 7:51 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:51 ` Christoph Hellwig
2017-09-08 7:51 ` Christoph Hellwig
2017-09-08 14:58 ` [kernel-hardening] " Tycho Andersen
2017-09-08 14:58 ` Tycho Andersen
2017-09-08 14:58 ` Tycho Andersen
2017-09-09 15:35 ` [kernel-hardening] " Laura Abbott
2017-09-09 15:35 ` Laura Abbott
2017-09-09 15:35 ` Laura Abbott
2017-09-11 15:03 ` [kernel-hardening] " Tycho Andersen
2017-09-11 15:03 ` Tycho Andersen
2017-09-11 15:03 ` Tycho Andersen
2017-09-11 7:24 ` [kernel-hardening] " Yisheng Xie
2017-09-11 7:24 ` Yisheng Xie
2017-09-11 7:24 ` Yisheng Xie
2017-09-11 14:50 ` Tycho Andersen [this message]
2017-09-11 14:50 ` Tycho Andersen
2017-09-11 14:50 ` Tycho Andersen
2017-09-11 16:03 ` [kernel-hardening] " Juerg Haefliger
2017-09-11 16:03 ` Juerg Haefliger
2017-09-11 16:03 ` Juerg Haefliger
2017-09-11 16:59 ` [kernel-hardening] " Tycho Andersen
2017-09-11 16:59 ` Tycho Andersen
2017-09-11 16:59 ` Tycho Andersen
2017-09-12 8:05 ` [kernel-hardening] " Yisheng Xie
2017-09-12 8:05 ` Yisheng Xie
2017-09-12 8:05 ` Yisheng Xie
2017-09-12 14:36 ` [kernel-hardening] " Tycho Andersen
2017-09-12 14:36 ` Tycho Andersen
2017-09-12 14:36 ` Tycho Andersen
2017-09-12 18:13 ` [kernel-hardening] " Tycho Andersen
2017-09-12 18:13 ` Tycho Andersen
2017-09-12 18:13 ` Tycho Andersen
2017-09-14 6:15 ` [kernel-hardening] " Yisheng Xie
2017-09-14 6:15 ` Yisheng Xie
2017-09-14 6:15 ` Yisheng Xie
2017-09-20 23:46 ` [kernel-hardening] " Dave Hansen
2017-09-20 23:46 ` Dave Hansen
2017-09-20 23:46 ` Dave Hansen
2017-09-21 0:02 ` [kernel-hardening] " Tycho Andersen
2017-09-21 0:02 ` Tycho Andersen
2017-09-21 0:02 ` Tycho Andersen
2017-09-21 0:04 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:04 ` Dave Hansen
2017-09-21 0:04 ` Dave Hansen
2017-09-11 18:32 ` [kernel-hardening] " Tycho Andersen
2017-09-11 18:32 ` Tycho Andersen
2017-09-11 18:32 ` Tycho Andersen
2017-09-11 21:54 ` [kernel-hardening] " Marco Benatto
2017-09-11 21:54 ` Marco Benatto
2017-09-11 21:54 ` Marco Benatto
2017-09-20 15:48 ` [kernel-hardening] " Dave Hansen
2017-09-20 15:48 ` Dave Hansen
2017-09-20 15:48 ` Dave Hansen
2017-09-20 22:34 ` [kernel-hardening] " Tycho Andersen
2017-09-20 22:34 ` Tycho Andersen
2017-09-20 22:34 ` Tycho Andersen
2017-09-20 23:21 ` [kernel-hardening] " Dave Hansen
2017-09-20 23:21 ` Dave Hansen
2017-09-20 23:21 ` Dave Hansen
2017-09-21 0:09 ` [kernel-hardening] " Tycho Andersen
2017-09-21 0:09 ` Tycho Andersen
2017-09-21 0:09 ` Tycho Andersen
2017-09-21 0:27 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:27 ` Dave Hansen
2017-09-21 0:27 ` Dave Hansen
2017-09-21 1:37 ` [kernel-hardening] " Tycho Andersen
2017-09-21 1:37 ` Tycho Andersen
2017-09-21 1:37 ` Tycho Andersen
2017-11-10 1:09 ` [kernel-hardening] " Tycho Andersen
2017-11-10 1:09 ` Tycho Andersen
2017-11-10 1:09 ` Tycho Andersen
2017-11-13 22:20 ` [kernel-hardening] " Dave Hansen
2017-11-13 22:20 ` Dave Hansen
2017-11-13 22:20 ` Dave Hansen
2017-11-13 22:46 ` [kernel-hardening] " Dave Hansen
2017-11-13 22:46 ` Dave Hansen
2017-11-13 22:46 ` Dave Hansen
2017-11-15 0:33 ` [kernel-hardening] " Tycho Andersen
2017-11-15 0:33 ` Tycho Andersen
2017-11-15 0:37 ` Dave Hansen
2017-11-15 0:37 ` Dave Hansen
2017-11-15 0:42 ` Tycho Andersen
2017-11-15 0:42 ` Tycho Andersen
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 3:44 ` Matthew Wilcox
2017-11-15 7:00 ` [kernel-hardening] " Dave Hansen
2017-11-15 7:00 ` Dave Hansen
2017-11-15 7:00 ` Dave Hansen
2017-11-15 14:58 ` [kernel-hardening] " Matthew Wilcox
2017-11-15 14:58 ` Matthew Wilcox
2017-11-15 14:58 ` Matthew Wilcox
2017-11-15 16:20 ` [kernel-hardening] " Tycho Andersen
2017-11-15 16:20 ` Tycho Andersen
2017-11-15 21:34 ` Matthew Wilcox
2017-11-15 21:34 ` Matthew Wilcox
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:03 ` Dave Hansen
2017-09-21 0:28 ` [kernel-hardening] " Dave Hansen
2017-09-21 0:28 ` Dave Hansen
2017-09-21 0:28 ` Dave Hansen
2017-09-21 1:04 ` [kernel-hardening] " Tycho Andersen
2017-09-21 1:04 ` Tycho Andersen
2017-09-21 1:04 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 04/11] swiotlb: Map the buffer if it was unmapped by XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 18:10 ` [kernel-hardening] " Christoph Hellwig
2017-09-07 18:10 ` Christoph Hellwig
2017-09-07 18:10 ` Christoph Hellwig
2017-09-07 18:44 ` [kernel-hardening] " Tycho Andersen
2017-09-07 18:44 ` Tycho Andersen
2017-09-07 18:44 ` Tycho Andersen
2017-09-08 7:13 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:13 ` Christoph Hellwig
2017-09-08 7:13 ` Christoph Hellwig
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 05/11] arm64/mm: Add support for XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-08 7:53 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 7:53 ` Christoph Hellwig
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` [kernel-hardening] " Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-08 17:24 ` Tycho Andersen
2017-09-14 10:41 ` [kernel-hardening] " Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 10:41 ` Julien Grall
2017-09-14 11:29 ` [kernel-hardening] " Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 11:29 ` Juergen Gross
2017-09-14 10:41 ` Julien Grall
2017-09-14 18:22 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:22 ` Mark Rutland
2017-09-14 18:22 ` Mark Rutland
2017-09-18 21:27 ` Tycho Andersen
2017-09-18 21:27 ` Tycho Andersen
2017-09-18 21:27 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 06/11] xpfo: add primitives for mapping underlying memory Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 07/11] arm64/mm, xpfo: temporarily map dcache regions Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-14 18:25 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-14 18:25 ` Mark Rutland
2017-09-18 21:29 ` [kernel-hardening] " Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-18 21:29 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 08/11] arm64/mm: Add support for XPFO to swiotlb Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 09/11] arm64/mm: disable section/contiguous mappings if XPFO is enabled Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-09 15:38 ` [kernel-hardening] " Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-09 15:38 ` Laura Abbott
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 10/11] mm: add a user_virt_to_phys symbol Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-08 7:55 ` [kernel-hardening] " Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 7:55 ` Christoph Hellwig
2017-09-08 15:44 ` [kernel-hardening] " Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-08 15:44 ` Kees Cook
2017-09-11 7:36 ` [kernel-hardening] " Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-11 7:36 ` Christoph Hellwig
2017-09-14 18:34 ` [kernel-hardening] " Mark Rutland
2017-09-14 18:34 ` Mark Rutland
2017-09-14 18:34 ` Mark Rutland
2017-09-18 20:56 ` Tycho Andersen
2017-09-18 20:56 ` Tycho Andersen
2017-09-18 20:56 ` Tycho Andersen
2017-09-07 17:36 ` [kernel-hardening] [PATCH v6 11/11] lkdtm: Add test for XPFO Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 17:36 ` Tycho Andersen
2017-09-07 19:08 ` [kernel-hardening] " Kees Cook
2017-09-07 19:08 ` Kees Cook
2017-09-07 19:08 ` Kees Cook
2017-09-10 0:57 ` [kernel-hardening] " kbuild test robot
2017-09-10 0:57 ` kbuild test robot
2017-09-10 0:57 ` kbuild test robot
2017-09-11 10:34 ` [kernel-hardening] Re: [PATCH v6 00/11] Add support for eXclusive Page Frame Ownership Yisheng Xie
2017-09-11 10:34 ` Yisheng Xie
2017-09-11 10:34 ` Yisheng Xie
2017-09-11 15:02 ` [kernel-hardening] " Tycho Andersen
2017-09-11 15:02 ` Tycho Andersen
2017-09-11 15:02 ` Tycho Andersen
2017-09-12 7:07 ` [kernel-hardening] " Yisheng Xie
2017-09-12 7:07 ` Yisheng Xie
2017-09-12 7:07 ` Yisheng Xie
2017-09-12 7:40 ` [kernel-hardening] " Juerg Haefliger
2017-09-12 7:40 ` Juerg Haefliger
2017-09-12 7:40 ` Juerg Haefliger
2017-09-12 8:11 ` [kernel-hardening] " Yisheng Xie
2017-09-12 8:11 ` Yisheng Xie
2017-09-12 8:11 ` Yisheng Xie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170911145020.fat456njvyagcomu@docker \
--to=tycho@docker.com \
--cc=juerg.haefliger@canonical.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=marco.antonio.780@gmail.com \
--cc=x86@kernel.org \
--cc=xieyisheng1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.