From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kvm-ppc@vger.kernel.org
Cc: npiggin@gmail.com, paulus@ozlabs.org, leonardo@linux.ibm.com,
kirill@shutemov.name,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Subject: [PATCH v3 06/22] powerpc/mce: Don't reload pte val in addr_to_pfn
Date: Mon, 20 Apr 2020 12:56:18 +0000 [thread overview]
Message-ID: <20200420124434.47330-7-aneesh.kumar@linux.ibm.com> (raw)
In-Reply-To: <20200420124434.47330-1-aneesh.kumar@linux.ibm.com>
A lockless page table walk should be safe against parallel THP collapse, THP
split and madvise(MADV_DONTNEED)/parallel fault. This patch makes sure kernel
won't reload the pteval when checking for different conditions. The patch also added
a check for pte_present to make sure the kernel is indeed operating
on a PTE and not a pointer to level 0 table page.
The pfn value we find here can be different from the actual pfn on which
machine check happened. This can happen if we raced with a parallel update
of the page table. In such a scenario we end up isolating a wrong pfn. But that
doesn't have any other side effect.
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
---
arch/powerpc/kernel/mce_power.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/kernel/mce_power.c b/arch/powerpc/kernel/mce_power.c
index 067b094bfeff..1d18991f3854 100644
--- a/arch/powerpc/kernel/mce_power.c
+++ b/arch/powerpc/kernel/mce_power.c
@@ -27,7 +27,7 @@
*/
unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
{
- pte_t *ptep;
+ pte_t *ptep, pte;
unsigned int shift;
unsigned long pfn, flags;
struct mm_struct *mm;
@@ -39,19 +39,23 @@ unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
local_irq_save(flags);
ptep = __find_linux_pte(mm->pgd, addr, NULL, &shift);
+ if (!ptep) {
+ pfn = ULONG_MAX;
+ goto out;
+ }
+ pte = READ_ONCE(*ptep);
- if (!ptep || pte_special(*ptep)) {
+ if (!pte_present(pte) || pte_special(pte)) {
pfn = ULONG_MAX;
goto out;
}
if (shift <= PAGE_SHIFT)
- pfn = pte_pfn(*ptep);
+ pfn = pte_pfn(pte);
else {
unsigned long rpnmask = (1ul << shift) - PAGE_SIZE;
- pfn = pte_pfn(__pte(pte_val(*ptep) | (addr & rpnmask)));
+ pfn = pte_pfn(__pte(pte_val(pte) | (addr & rpnmask)));
}
-
out:
local_irq_restore(flags);
return pfn;
--
2.25.3
WARNING: multiple messages have this Message-ID (diff)
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kvm-ppc@vger.kernel.org
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>,
kirill@shutemov.name, npiggin@gmail.com,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
leonardo@linux.ibm.com
Subject: [PATCH v3 06/22] powerpc/mce: Don't reload pte val in addr_to_pfn
Date: Mon, 20 Apr 2020 18:14:18 +0530 [thread overview]
Message-ID: <20200420124434.47330-7-aneesh.kumar@linux.ibm.com> (raw)
In-Reply-To: <20200420124434.47330-1-aneesh.kumar@linux.ibm.com>
A lockless page table walk should be safe against parallel THP collapse, THP
split and madvise(MADV_DONTNEED)/parallel fault. This patch makes sure kernel
won't reload the pteval when checking for different conditions. The patch also added
a check for pte_present to make sure the kernel is indeed operating
on a PTE and not a pointer to level 0 table page.
The pfn value we find here can be different from the actual pfn on which
machine check happened. This can happen if we raced with a parallel update
of the page table. In such a scenario we end up isolating a wrong pfn. But that
doesn't have any other side effect.
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
---
arch/powerpc/kernel/mce_power.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/kernel/mce_power.c b/arch/powerpc/kernel/mce_power.c
index 067b094bfeff..1d18991f3854 100644
--- a/arch/powerpc/kernel/mce_power.c
+++ b/arch/powerpc/kernel/mce_power.c
@@ -27,7 +27,7 @@
*/
unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
{
- pte_t *ptep;
+ pte_t *ptep, pte;
unsigned int shift;
unsigned long pfn, flags;
struct mm_struct *mm;
@@ -39,19 +39,23 @@ unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
local_irq_save(flags);
ptep = __find_linux_pte(mm->pgd, addr, NULL, &shift);
+ if (!ptep) {
+ pfn = ULONG_MAX;
+ goto out;
+ }
+ pte = READ_ONCE(*ptep);
- if (!ptep || pte_special(*ptep)) {
+ if (!pte_present(pte) || pte_special(pte)) {
pfn = ULONG_MAX;
goto out;
}
if (shift <= PAGE_SHIFT)
- pfn = pte_pfn(*ptep);
+ pfn = pte_pfn(pte);
else {
unsigned long rpnmask = (1ul << shift) - PAGE_SIZE;
- pfn = pte_pfn(__pte(pte_val(*ptep) | (addr & rpnmask)));
+ pfn = pte_pfn(__pte(pte_val(pte) | (addr & rpnmask)));
}
-
out:
local_irq_restore(flags);
return pfn;
--
2.25.3
WARNING: multiple messages have this Message-ID (diff)
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kvm-ppc@vger.kernel.org
Cc: npiggin@gmail.com, paulus@ozlabs.org, leonardo@linux.ibm.com,
kirill@shutemov.name,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Subject: [PATCH v3 06/22] powerpc/mce: Don't reload pte val in addr_to_pfn
Date: Mon, 20 Apr 2020 18:14:18 +0530 [thread overview]
Message-ID: <20200420124434.47330-7-aneesh.kumar@linux.ibm.com> (raw)
In-Reply-To: <20200420124434.47330-1-aneesh.kumar@linux.ibm.com>
A lockless page table walk should be safe against parallel THP collapse, THP
split and madvise(MADV_DONTNEED)/parallel fault. This patch makes sure kernel
won't reload the pteval when checking for different conditions. The patch also added
a check for pte_present to make sure the kernel is indeed operating
on a PTE and not a pointer to level 0 table page.
The pfn value we find here can be different from the actual pfn on which
machine check happened. This can happen if we raced with a parallel update
of the page table. In such a scenario we end up isolating a wrong pfn. But that
doesn't have any other side effect.
Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
---
arch/powerpc/kernel/mce_power.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/kernel/mce_power.c b/arch/powerpc/kernel/mce_power.c
index 067b094bfeff..1d18991f3854 100644
--- a/arch/powerpc/kernel/mce_power.c
+++ b/arch/powerpc/kernel/mce_power.c
@@ -27,7 +27,7 @@
*/
unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
{
- pte_t *ptep;
+ pte_t *ptep, pte;
unsigned int shift;
unsigned long pfn, flags;
struct mm_struct *mm;
@@ -39,19 +39,23 @@ unsigned long addr_to_pfn(struct pt_regs *regs, unsigned long addr)
local_irq_save(flags);
ptep = __find_linux_pte(mm->pgd, addr, NULL, &shift);
+ if (!ptep) {
+ pfn = ULONG_MAX;
+ goto out;
+ }
+ pte = READ_ONCE(*ptep);
- if (!ptep || pte_special(*ptep)) {
+ if (!pte_present(pte) || pte_special(pte)) {
pfn = ULONG_MAX;
goto out;
}
if (shift <= PAGE_SHIFT)
- pfn = pte_pfn(*ptep);
+ pfn = pte_pfn(pte);
else {
unsigned long rpnmask = (1ul << shift) - PAGE_SIZE;
- pfn = pte_pfn(__pte(pte_val(*ptep) | (addr & rpnmask)));
+ pfn = pte_pfn(__pte(pte_val(pte) | (addr & rpnmask)));
}
-
out:
local_irq_restore(flags);
return pfn;
--
2.25.3
next prev parent reply other threads:[~2020-04-20 12:56 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-20 12:44 [PATCH v3 00/22] Avoid IPI while updating page table entries Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 01/22] powerpc/pkeys: Avoid using lockless page table walk Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 02/22] powerpc/pkeys: Check vma before returning key fault error to the user Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 03/22] powerpc/mm/hash64: use _PAGE_PTE when checking for pte_present Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 04/22] powerpc/hash64: Restrict page table lookup using init_mm with __flush_hash_table_range Aneesh Kumar K.V
2020-04-20 12:56 ` [PATCH v3 04/22] powerpc/hash64: Restrict page table lookup using init_mm with __flush_hash_table_ra Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 04/22] powerpc/hash64: Restrict page table lookup using init_mm with __flush_hash_table_range Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 05/22] powerpc/book3s64/hash: Use the pte_t address from the caller Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V [this message]
2020-04-20 12:56 ` [PATCH v3 06/22] powerpc/mce: Don't reload pte val in addr_to_pfn Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 07/22] powerpc/perf/callchain: Use __get_user_pages_fast in read_user_stack_slow Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 08/22] powerpc/kvm/book3s: switch from raw_spin_*lock to arch_spin_lock Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 09/22] powerpc/kvm/book3s: Add helper to walk partition scoped linux page table Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 10/22] powerpc/kvm/nested: Add helper to walk nested shadow " Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 11/22] powerpc/kvm/book3s: Use kvm helpers to walk shadow or secondary table Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 12/22] powerpc/kvm/book3s: Add helper for host page table walk Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 13/22] powerpc/kvm/book3s: Use find_kvm_host_pte in page fault handler Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 14/22] powerpc/kvm/book3s: Use find_kvm_host_pte in h_enter Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 15/22] powerpc/kvm/book3s: use find_kvm_host_pte in pute_tce functions Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 16/22] powerpc/kvm/book3s: Avoid using rmap to protect parallel page table update Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 17/22] powerpc/kvm/book3s: use find_kvm_host_pte in kvmppc_book3s_instantiate_page Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 18/22] powerpc/kvm/book3s: Use find_kvm_host_pte in kvmppc_get_hpa Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 19/22] powerpc/kvm/book3s: Use pte_present instead of opencoding _PAGE_PRESENT check Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 20/22] powerpc/mm/book3s64: Avoid sending IPI on clearing PMD Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 21/22] mm: change pmdp_huge_get_and_clear_full take vm_area_struct as arg Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
2020-04-20 12:44 ` [PATCH v3 22/22] powerpc/mm/book3s64: Fix MADV_DONTNEED and parallel page fault race Aneesh Kumar K.V
2020-04-20 12:56 ` Aneesh Kumar K.V
2020-04-20 12:44 ` Aneesh Kumar K.V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200420124434.47330-7-aneesh.kumar@linux.ibm.com \
--to=aneesh.kumar@linux.ibm.com \
--cc=kirill@shutemov.name \
--cc=kvm-ppc@vger.kernel.org \
--cc=leonardo@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mahesh@linux.vnet.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=paulus@ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.