From: Shan Hai <haishan.bai@gmail.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: tony.luck@intel.com, Peter Zijlstra <a.p.zijlstra@chello.nl>,
linux-kernel@vger.kernel.org, cmetcalf@tilera.com,
dhowells@redhat.com, paulus@samba.org, tglx@linutronix.de,
walken@google.com, linuxppc-dev@lists.ozlabs.org,
akpm@linux-foundation.org
Subject: Re: [PATCH 1/1] Fixup write permission of TLB on powerpc e500 core
Date: Sun, 17 Jul 2011 23:40:32 +0800 [thread overview]
Message-ID: <4E230270.20209@gmail.com> (raw)
In-Reply-To: <1310914117.25044.216.camel@pasglop>
On 07/17/2011 10:48 PM, Benjamin Herrenschmidt wrote:
> On Sun, 2011-07-17 at 21:33 +0800, Shan Hai wrote:
>> On ARM you could not protect pages from supervisor-mode writes,
>> isn't it? That means, all writable user pages are writable for
>> supervisor too, but its not hold for at least x86 and powerpc,
>> x86 and powerpc can be configured to protect pages from
>> supervisor-mode writes.
> That doesn't sound right... how would put_user() work properly then ? A
> cursory glance at the ARM code doesn't show it doing anything "special",
> just stores ... but I might have missing something.
>
That's real for ARM, for the reason put_user() work properly is that
the first time access to the write protected page triggers a page
fault, and the handle_mm_fault() will fix up the write permission
for the kernel, because at this time no one disabled the page fault
as done in the futex case.
>> Think about the following situation,
>> a page fault occurs on the kernel trying to write to a writable shared
>> user page which is read only to the kernel, the following conditions
>> hold,
>> - the page is *present*, because its a shared page
>> - the page is *writable*, because demand paging sets up the pte for
>> the current process to so
>>
>> The follow_page() called in the __get_user_page() returns non NULL
>> to its caller on the above mentioned *present* and *writable* page,
>> so the gup(.write=1) has no chance to set pte dirty by calling
>> handle_mm_fault,
>> the follow_page() has no knowledge of supervisor-mode write protected
>> pages,
>> that's the culprit in the bug discussed here.
> Right, the problem is with writable pages that have "lost" (or never had
> but usually it's lost, due to swapping for example) their dirty bit, or
> any page that has lost young.
>
> From what I can tell, we need to either fix those bits from the caller
> of gup (futex code), which sound nasty, or more easily fix those from
> gup itself, possibly under control of flags in the "write" argument to
> avoid breaking code relying on the existing behaviour, expecially vs.
> dirty.
>
So, for the reason the SW tracked dirty/young and supervisor protected
pages has potential effects on not only *futex* but also on other components
of the kernel which might access the non-dirty supervisor protected page,
in my opinion it might be more sensible to fix it from gup instead of fixing
it in the futex.
Thanks
Shan Hai
> Cheers,
> Ben.
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Shan Hai <haishan.bai@gmail.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>,
paulus@samba.org, tglx@linutronix.de, walken@google.com,
dhowells@redhat.com, cmetcalf@tilera.com, tony.luck@intel.com,
akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] Fixup write permission of TLB on powerpc e500 core
Date: Sun, 17 Jul 2011 23:40:32 +0800 [thread overview]
Message-ID: <4E230270.20209@gmail.com> (raw)
In-Reply-To: <1310914117.25044.216.camel@pasglop>
On 07/17/2011 10:48 PM, Benjamin Herrenschmidt wrote:
> On Sun, 2011-07-17 at 21:33 +0800, Shan Hai wrote:
>> On ARM you could not protect pages from supervisor-mode writes,
>> isn't it? That means, all writable user pages are writable for
>> supervisor too, but its not hold for at least x86 and powerpc,
>> x86 and powerpc can be configured to protect pages from
>> supervisor-mode writes.
> That doesn't sound right... how would put_user() work properly then ? A
> cursory glance at the ARM code doesn't show it doing anything "special",
> just stores ... but I might have missing something.
>
That's real for ARM, for the reason put_user() work properly is that
the first time access to the write protected page triggers a page
fault, and the handle_mm_fault() will fix up the write permission
for the kernel, because at this time no one disabled the page fault
as done in the futex case.
>> Think about the following situation,
>> a page fault occurs on the kernel trying to write to a writable shared
>> user page which is read only to the kernel, the following conditions
>> hold,
>> - the page is *present*, because its a shared page
>> - the page is *writable*, because demand paging sets up the pte for
>> the current process to so
>>
>> The follow_page() called in the __get_user_page() returns non NULL
>> to its caller on the above mentioned *present* and *writable* page,
>> so the gup(.write=1) has no chance to set pte dirty by calling
>> handle_mm_fault,
>> the follow_page() has no knowledge of supervisor-mode write protected
>> pages,
>> that's the culprit in the bug discussed here.
> Right, the problem is with writable pages that have "lost" (or never had
> but usually it's lost, due to swapping for example) their dirty bit, or
> any page that has lost young.
>
> From what I can tell, we need to either fix those bits from the caller
> of gup (futex code), which sound nasty, or more easily fix those from
> gup itself, possibly under control of flags in the "write" argument to
> avoid breaking code relying on the existing behaviour, expecially vs.
> dirty.
>
So, for the reason the SW tracked dirty/young and supervisor protected
pages has potential effects on not only *futex* but also on other components
of the kernel which might access the non-dirty supervisor protected page,
in my opinion it might be more sensible to fix it from gup instead of fixing
it in the futex.
Thanks
Shan Hai
> Cheers,
> Ben.
>
>
next prev parent reply other threads:[~2011-07-17 15:40 UTC|newest]
Thread overview: 138+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-15 8:07 [PATCH 0/1] Fixup write permission of TLB on powerpc e500 core Shan Hai
2011-07-15 8:07 ` Shan Hai
2011-07-15 8:07 ` [PATCH 1/1] " Shan Hai
2011-07-15 8:07 ` Shan Hai
2011-07-15 10:23 ` Peter Zijlstra
2011-07-15 10:23 ` Peter Zijlstra
2011-07-15 15:18 ` Shan Hai
2011-07-15 15:18 ` Shan Hai
2011-07-15 15:24 ` Peter Zijlstra
2011-07-15 15:24 ` Peter Zijlstra
2011-07-16 15:36 ` Shan Hai
2011-07-16 15:36 ` Shan Hai
2011-07-16 14:50 ` Shan Hai
2011-07-16 14:50 ` Shan Hai
2011-07-16 23:49 ` Benjamin Herrenschmidt
2011-07-16 23:49 ` Benjamin Herrenschmidt
2011-07-17 9:38 ` Peter Zijlstra
2011-07-17 9:38 ` Peter Zijlstra
2011-07-17 14:29 ` Benjamin Herrenschmidt
2011-07-17 14:29 ` Benjamin Herrenschmidt
2011-07-17 23:14 ` Benjamin Herrenschmidt
2011-07-17 23:14 ` Benjamin Herrenschmidt
2011-07-18 3:53 ` Benjamin Herrenschmidt
2011-07-18 3:53 ` Benjamin Herrenschmidt
2011-07-18 4:02 ` Benjamin Herrenschmidt
2011-07-18 4:02 ` Benjamin Herrenschmidt
2011-07-18 4:01 ` Benjamin Herrenschmidt
2011-07-18 4:01 ` Benjamin Herrenschmidt
2011-07-18 6:48 ` Shan Hai
2011-07-18 6:48 ` Shan Hai
2011-07-18 7:01 ` Benjamin Herrenschmidt
2011-07-18 7:01 ` Benjamin Herrenschmidt
2011-07-18 7:26 ` Shan Hai
2011-07-18 7:26 ` Shan Hai
2011-07-18 7:36 ` Benjamin Herrenschmidt
2011-07-18 7:36 ` Benjamin Herrenschmidt
2011-07-18 7:50 ` Shan Hai
2011-07-18 7:50 ` Shan Hai
2011-07-19 3:30 ` Shan Hai
2011-07-19 3:30 ` Shan Hai
2011-07-19 4:20 ` Benjamin Herrenschmidt
2011-07-19 4:20 ` Benjamin Herrenschmidt
2011-07-19 4:29 ` [RFC/PATCH] mm/futex: Fix futex writes on archs with SW tracking of dirty & young Benjamin Herrenschmidt
2011-07-19 4:29 ` Benjamin Herrenschmidt
2011-07-19 4:55 ` Shan Hai
2011-07-19 4:55 ` Shan Hai
2011-07-19 5:17 ` Shan Hai
2011-07-19 5:17 ` Shan Hai
2011-07-19 5:24 ` Benjamin Herrenschmidt
2011-07-19 5:24 ` Benjamin Herrenschmidt
2011-07-19 5:38 ` Shan Hai
2011-07-19 5:38 ` Shan Hai
2011-07-19 7:46 ` Benjamin Herrenschmidt
2011-07-19 7:46 ` Benjamin Herrenschmidt
2011-07-19 8:24 ` Shan Hai
2011-07-19 8:24 ` Shan Hai
2011-07-19 8:26 ` [RFC/PATCH] mm/futex: Fix futex writes on archs with SW trackingof " David Laight
2011-07-19 8:26 ` David Laight
2011-07-19 8:45 ` Benjamin Herrenschmidt
2011-07-19 8:45 ` Benjamin Herrenschmidt
2011-07-19 8:45 ` Shan Hai
2011-07-19 8:45 ` Shan Hai
2011-07-19 11:10 ` [RFC/PATCH] mm/futex: Fix futex writes on archs with SW tracking of " Peter Zijlstra
2011-07-19 11:10 ` Peter Zijlstra
2011-07-20 14:39 ` Darren Hart
2011-07-20 14:39 ` Darren Hart
2011-07-21 22:36 ` Andrew Morton
2011-07-21 22:36 ` Andrew Morton
2011-07-21 22:52 ` Benjamin Herrenschmidt
2011-07-21 22:52 ` Benjamin Herrenschmidt
2011-07-21 22:57 ` Benjamin Herrenschmidt
2011-07-21 22:57 ` Benjamin Herrenschmidt
2011-07-21 22:59 ` Andrew Morton
2011-07-21 22:59 ` Andrew Morton
2011-07-22 1:40 ` Benjamin Herrenschmidt
2011-07-22 1:40 ` Benjamin Herrenschmidt
2011-07-22 1:54 ` Shan Hai
2011-07-22 1:54 ` Shan Hai
2011-07-27 6:50 ` Mike Frysinger
2011-07-27 6:50 ` Mike Frysinger
2011-07-27 7:58 ` Benjamin Herrenschmidt
2011-07-27 7:58 ` Benjamin Herrenschmidt
2011-07-27 8:59 ` Peter Zijlstra
2011-07-27 8:59 ` Peter Zijlstra
2011-07-27 10:09 ` David Howells
2011-07-27 10:09 ` David Howells
2011-07-27 10:17 ` Peter Zijlstra
2011-07-27 10:17 ` Peter Zijlstra
2011-07-27 10:20 ` Benjamin Herrenschmidt
2011-07-27 10:20 ` Benjamin Herrenschmidt
2011-07-28 0:12 ` Mike Frysinger
2011-07-28 0:12 ` Mike Frysinger
2011-07-28 10:55 ` David Howells
2011-07-28 10:55 ` David Howells
2011-08-08 2:31 ` Mike Frysinger
2011-08-08 2:31 ` Mike Frysinger
2011-07-17 11:02 ` [PATCH 1/1] Fixup write permission of TLB on powerpc e500 core Peter Zijlstra
2011-07-17 11:02 ` Peter Zijlstra
2011-07-17 13:33 ` Shan Hai
2011-07-17 13:33 ` Shan Hai
2011-07-17 14:48 ` Benjamin Herrenschmidt
2011-07-17 14:48 ` Benjamin Herrenschmidt
2011-07-17 15:40 ` Shan Hai [this message]
2011-07-17 15:40 ` Shan Hai
2011-07-17 22:34 ` Benjamin Herrenschmidt
2011-07-17 22:34 ` Benjamin Herrenschmidt
2011-07-17 14:34 ` Benjamin Herrenschmidt
2011-07-17 14:34 ` Benjamin Herrenschmidt
2011-07-15 8:20 ` [PATCH 0/1] " Peter Zijlstra
2011-07-15 8:20 ` Peter Zijlstra
2011-07-15 8:38 ` MailingLists
2011-07-15 8:38 ` MailingLists
2011-07-15 8:44 ` Peter Zijlstra
2011-07-15 8:44 ` Peter Zijlstra
2011-07-15 9:08 ` Shan Hai
2011-07-15 9:08 ` Shan Hai
2011-07-15 9:12 ` Benjamin Herrenschmidt
2011-07-15 9:12 ` Benjamin Herrenschmidt
2011-07-15 9:50 ` Peter Zijlstra
2011-07-15 9:50 ` Peter Zijlstra
2011-07-15 10:06 ` Shan Hai
2011-07-15 10:06 ` Shan Hai
2011-07-15 10:32 ` David Laight
2011-07-15 10:32 ` David Laight
2011-07-15 10:39 ` Peter Zijlstra
2011-07-15 10:39 ` Peter Zijlstra
2011-07-15 15:32 ` Shan Hai
2011-07-15 15:32 ` Shan Hai
2011-07-16 0:20 ` Benjamin Herrenschmidt
2011-07-16 0:20 ` Benjamin Herrenschmidt
2011-07-16 15:03 ` Shan Hai
2011-07-16 15:03 ` Shan Hai
2011-07-15 23:47 ` Benjamin Herrenschmidt
2011-07-15 23:47 ` Benjamin Herrenschmidt
2011-07-15 9:07 ` Benjamin Herrenschmidt
2011-07-15 9:07 ` Benjamin Herrenschmidt
2011-07-15 9:05 ` Benjamin Herrenschmidt
2011-07-15 9:05 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E230270.20209@gmail.com \
--to=haishan.bai@gmail.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=cmetcalf@tilera.com \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.