From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1393A14C593; Fri, 12 Apr 2024 17:30:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712943034; cv=none; b=V7qHexrnaclAaYN3433gCIG2AxS/hV+2UhiVspm6e8+EgZCjtOG0n53pOu3ZyYUkt+SpV/6furg4tFRPP/dAaPA3ZngVrh8tGXTCZ8TdjdQmIqG+eEloncmBSUCmDiIDHAALDrLTxp6483DCaMmoDNSvGTPKdl6mDWEeqanC/PU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712943034; c=relaxed/simple; bh=Kq4lrOrNh1hYJL8fRJfQOOuOPnNOpM61pSMoxRf+tBk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=aZaXu34zOlRFQdhtxUI/d4f/WwWC4mSyWkt0k/wpbsYYbFI+HbXnUM+zZQRiCd/ssCo25cMLpDFaJuaA9FjviZPHYLAHMKdfue+ozY6gyhdQIVYXLelYGq/E7AyPi33tnG28DvHbKCizyE8U2imOUrHycJVmAXdUyP9JXJHQRmc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 642CAC113CC; Fri, 12 Apr 2024 17:30:30 +0000 (UTC) Date: Fri, 12 Apr 2024 18:30:27 +0100 From: Catalin Marinas To: Yaxiong Tian <13327272236@163.com> Cc: will@kernel.org, keescook@chromium.org, tianyaxiong@kylinos.cn, xiongxin@kylinos.cn, rppt@kernel.org, tony.luck@intel.com, gpiccoli@igalia.com, songshuaishuai@tinylab.org, wangkefeng.wang@huawei.com, akpm@linux-foundation.org, ardb@kernel.org, david@redhat.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2] arm64: hibernate: Fix level3 translation fault in swsusp_save() Message-ID: References: <20240301021924.33210-1-13327272236@163.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240301021924.33210-1-13327272236@163.com> For some reason I missed the updated patch. On Fri, Mar 01, 2024 at 10:19:24AM +0800, Yaxiong Tian wrote: > From: Yaxiong Tian > > On ARM64 machines using UEFI, if can_set_direct_map() return false by > setting some CONFIGS in kernel build or grub,such as > NO CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT、NO CONFIG_KFENCE > NO CONFIG_RODATA_FULL_DEFAULT_ENABLED.Also with setting rodata=off、 > debug_pagealloc=off in grub and NO CONFIG_KFENCE. > swsusp_save() will fail due to can't finding the map table under the > nomap memory.such as: [...] > [ 48.532162] Call trace: > [ 48.532162] swsusp_save+0x280/0x538 > [ 48.532162] swsusp_arch_suspend+0x148/0x190 > [ 48.532162] hibernation_snapshot+0x240/0x39c > [ 48.532162] hibernate+0xc4/0x378 > [ 48.532162] state_store+0xf0/0x10c > [ 48.532162] kobj_attr_store+0x14/0x24 > > This issue can be reproduced in QEMU using UEFI when booting with > rodata=off、debug_pagealloc=off in grub and NO CONFIG_KFENCE. > > This is because in swsusp_save()->copy_data_pages()->page_is_saveable(), > kernel_page_present() presumes that a page is present when can_set_direct_map() > returns false even for NOMAP ranges.So NOMAP pages will saved in after,and then > cause level3 translation fault in this pages. I can see how kernel_page_present() ended up returning true if !can_set_direct_map(), though based on the function naming only, it feels a bit unintuitive. Is arm64 the only architecture making use of MEMBLOCK_NOMAP? Or is it the only one where kernel_page_present() also returns true if !can_set_direct_map()? > diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c > index 02870beb271e..d90005de1d26 100644 > --- a/arch/arm64/kernel/hibernate.c > +++ b/arch/arm64/kernel/hibernate.c > @@ -94,7 +94,7 @@ int pfn_is_nosave(unsigned long pfn) > unsigned long nosave_end_pfn = sym_to_pfn(&__nosave_end - 1); > > return ((pfn >= nosave_begin_pfn) && (pfn <= nosave_end_pfn)) || > - crash_is_nosave(pfn); > + crash_is_nosave(pfn) || !pfn_is_map_memory(pfn); > } This indeed fixes the problem but it looks like an arm64-specific workaround. I can see at least arm, loongarch and riscv making use of memblock_is_map_memory() (which is what pfn_is_map_memory() calls). Do they not have the same problem? On riscv, for example, kernel_page_present() does not depend on any ARCH_HAS_SET_DIRECT_MAP related options/conditions (neither does x86 though not sure it cares about MEMBLOCK_NOMAP). Should we do the same for arm64 and drop the !can_set_direct_map() condition in kernel_page_present()? -- Catalin From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0847DC4345F for ; Fri, 12 Apr 2024 17:30:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kORECWf9FY9B1S3ROM9ccnHB1Wlse9UzRYjZv0jjKiU=; b=lYx1isvtr3Dhqs 17p0QkjzViR7FEZWMizDr5CrvP+ehE7+JzJdFsFxa2qH6NYfdWz0n5LNH8yrirSO3XhGmVytN1Yh2 caEY//B43oAITdobarM6veGztQ6c6yN2m8trcAUJMhyaQ5tvhfE2UZrUtEMD77oVNq1PMSsFvanfb MKN9u8+imBnFqkaMK0wBQDTIEROMuw4YVLBxfpL8v7GEbT2zdepMNtkSXpivCQXOPl5JmfWmBX9b7 Hj9fUxBl3tDLokf3fbv6HJfL/bGF8lil9P5jN7+OpOa5Sn86rKDtXei2/FJ18KK5Zb1TF6z/8wqJp C4uzrotOx3cVo5ylUIZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rvKjV-00000000fU5-1zOx; Fri, 12 Apr 2024 17:30:37 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rvKjS-00000000fSj-3cKQ for linux-arm-kernel@lists.infradead.org; Fri, 12 Apr 2024 17:30:36 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D18AB61173; Fri, 12 Apr 2024 17:30:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 642CAC113CC; Fri, 12 Apr 2024 17:30:30 +0000 (UTC) Date: Fri, 12 Apr 2024 18:30:27 +0100 From: Catalin Marinas To: Yaxiong Tian <13327272236@163.com> Cc: will@kernel.org, keescook@chromium.org, tianyaxiong@kylinos.cn, xiongxin@kylinos.cn, rppt@kernel.org, tony.luck@intel.com, gpiccoli@igalia.com, songshuaishuai@tinylab.org, wangkefeng.wang@huawei.com, akpm@linux-foundation.org, ardb@kernel.org, david@redhat.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2] arm64: hibernate: Fix level3 translation fault in swsusp_save() Message-ID: References: <20240301021924.33210-1-13327272236@163.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240301021924.33210-1-13327272236@163.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240412_103034_977428_569C1FCC X-CRM114-Status: GOOD ( 19.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Rm9yIHNvbWUgcmVhc29uIEkgbWlzc2VkIHRoZSB1cGRhdGVkIHBhdGNoLgoKT24gRnJpLCBNYXIg MDEsIDIwMjQgYXQgMTA6MTk6MjRBTSArMDgwMCwgWWF4aW9uZyBUaWFuIHdyb3RlOgo+IEZyb206 IFlheGlvbmcgVGlhbiA8dGlhbnlheGlvbmdAa3lsaW5vcy5jbj4KPiAKPiBPbiBBUk02NCBtYWNo aW5lcyB1c2luZyBVRUZJLCBpZiBjYW5fc2V0X2RpcmVjdF9tYXAoKSByZXR1cm4gZmFsc2UgYnkK PiBzZXR0aW5nIHNvbWUgQ09ORklHUyBpbiBrZXJuZWwgYnVpbGQgb3IgZ3J1YixzdWNoIGFzCj4g Tk8gQ09ORklHX0RFQlVHX1BBR0VBTExPQ19FTkFCTEVfREVGQVVMVOOAgU5PIENPTkZJR19LRkVO Q0UKPiBOTyBDT05GSUdfUk9EQVRBX0ZVTExfREVGQVVMVF9FTkFCTEVELkFsc28gd2l0aCBzZXR0 aW5nIHJvZGF0YT1vZmbjgIEKPiBkZWJ1Z19wYWdlYWxsb2M9b2ZmIGluIGdydWIgYW5kIE5PIENP TkZJR19LRkVOQ0UuCj4gc3dzdXNwX3NhdmUoKSB3aWxsIGZhaWwgZHVlIHRvIGNhbid0IGZpbmRp bmcgdGhlIG1hcCB0YWJsZSB1bmRlciB0aGUgCj4gbm9tYXAgbWVtb3J5LnN1Y2ggYXM6ClsuLi5d Cj4gWyAgIDQ4LjUzMjE2Ml0gQ2FsbCB0cmFjZToKPiBbICAgNDguNTMyMTYyXSAgc3dzdXNwX3Nh dmUrMHgyODAvMHg1MzgKPiBbICAgNDguNTMyMTYyXSAgc3dzdXNwX2FyY2hfc3VzcGVuZCsweDE0 OC8weDE5MAo+IFsgICA0OC41MzIxNjJdICBoaWJlcm5hdGlvbl9zbmFwc2hvdCsweDI0MC8weDM5 Ywo+IFsgICA0OC41MzIxNjJdICBoaWJlcm5hdGUrMHhjNC8weDM3OAo+IFsgICA0OC41MzIxNjJd ICBzdGF0ZV9zdG9yZSsweGYwLzB4MTBjCj4gWyAgIDQ4LjUzMjE2Ml0gIGtvYmpfYXR0cl9zdG9y ZSsweDE0LzB4MjQKPiAKPiBUaGlzIGlzc3VlIGNhbiBiZSByZXByb2R1Y2VkIGluIFFFTVUgdXNp bmcgVUVGSSB3aGVuIGJvb3Rpbmcgd2l0aCAKPiByb2RhdGE9b2Zm44CBZGVidWdfcGFnZWFsbG9j PW9mZiBpbiBncnViIGFuZCBOTyBDT05GSUdfS0ZFTkNFLgo+IAo+IFRoaXMgaXMgYmVjYXVzZSBp biBzd3N1c3Bfc2F2ZSgpLT5jb3B5X2RhdGFfcGFnZXMoKS0+cGFnZV9pc19zYXZlYWJsZSgpLAo+ IGtlcm5lbF9wYWdlX3ByZXNlbnQoKSBwcmVzdW1lcyB0aGF0IGEgcGFnZSBpcyBwcmVzZW50IHdo ZW4gY2FuX3NldF9kaXJlY3RfbWFwKCkKPiByZXR1cm5zIGZhbHNlIGV2ZW4gZm9yIE5PTUFQIHJh bmdlcy5TbyBOT01BUCBwYWdlcyB3aWxsIHNhdmVkIGluIGFmdGVyLGFuZCB0aGVuCj4gY2F1c2Ug bGV2ZWwzIHRyYW5zbGF0aW9uIGZhdWx0IGluIHRoaXMgcGFnZXMuCgpJIGNhbiBzZWUgaG93IGtl cm5lbF9wYWdlX3ByZXNlbnQoKSBlbmRlZCB1cCByZXR1cm5pbmcgdHJ1ZSBpZgohY2FuX3NldF9k aXJlY3RfbWFwKCksIHRob3VnaCBiYXNlZCBvbiB0aGUgZnVuY3Rpb24gbmFtaW5nIG9ubHksIGl0 CmZlZWxzIGEgYml0IHVuaW50dWl0aXZlLiBJcyBhcm02NCB0aGUgb25seSBhcmNoaXRlY3R1cmUg bWFraW5nIHVzZSBvZgpNRU1CTE9DS19OT01BUD8gT3IgaXMgaXQgdGhlIG9ubHkgb25lIHdoZXJl IGtlcm5lbF9wYWdlX3ByZXNlbnQoKSBhbHNvCnJldHVybnMgdHJ1ZSBpZiAhY2FuX3NldF9kaXJl Y3RfbWFwKCk/Cgo+IGRpZmYgLS1naXQgYS9hcmNoL2FybTY0L2tlcm5lbC9oaWJlcm5hdGUuYyBi L2FyY2gvYXJtNjQva2VybmVsL2hpYmVybmF0ZS5jCj4gaW5kZXggMDI4NzBiZWIyNzFlLi5kOTAw MDVkZTFkMjYgMTAwNjQ0Cj4gLS0tIGEvYXJjaC9hcm02NC9rZXJuZWwvaGliZXJuYXRlLmMKPiAr KysgYi9hcmNoL2FybTY0L2tlcm5lbC9oaWJlcm5hdGUuYwo+IEBAIC05NCw3ICs5NCw3IEBAIGlu dCBwZm5faXNfbm9zYXZlKHVuc2lnbmVkIGxvbmcgcGZuKQo+ICAJdW5zaWduZWQgbG9uZyBub3Nh dmVfZW5kX3BmbiA9IHN5bV90b19wZm4oJl9fbm9zYXZlX2VuZCAtIDEpOwo+ICAKPiAgCXJldHVy biAoKHBmbiA+PSBub3NhdmVfYmVnaW5fcGZuKSAmJiAocGZuIDw9IG5vc2F2ZV9lbmRfcGZuKSkg fHwKPiAtCQljcmFzaF9pc19ub3NhdmUocGZuKTsKPiArCQljcmFzaF9pc19ub3NhdmUocGZuKSB8 fCAhcGZuX2lzX21hcF9tZW1vcnkocGZuKTsKPiAgfQoKVGhpcyBpbmRlZWQgZml4ZXMgdGhlIHBy b2JsZW0gYnV0IGl0IGxvb2tzIGxpa2UgYW4gYXJtNjQtc3BlY2lmaWMKd29ya2Fyb3VuZC4gSSBj YW4gc2VlIGF0IGxlYXN0IGFybSwgbG9vbmdhcmNoIGFuZCByaXNjdiBtYWtpbmcgdXNlIG9mCm1l bWJsb2NrX2lzX21hcF9tZW1vcnkoKSAod2hpY2ggaXMgd2hhdCBwZm5faXNfbWFwX21lbW9yeSgp IGNhbGxzKS4gRG8KdGhleSBub3QgaGF2ZSB0aGUgc2FtZSBwcm9ibGVtPyBPbiByaXNjdiwgZm9y IGV4YW1wbGUsCmtlcm5lbF9wYWdlX3ByZXNlbnQoKSBkb2VzIG5vdCBkZXBlbmQgb24gYW55IEFS Q0hfSEFTX1NFVF9ESVJFQ1RfTUFQCnJlbGF0ZWQgb3B0aW9ucy9jb25kaXRpb25zIChuZWl0aGVy IGRvZXMgeDg2IHRob3VnaCBub3Qgc3VyZSBpdCBjYXJlcwphYm91dCBNRU1CTE9DS19OT01BUCku IFNob3VsZCB3ZSBkbyB0aGUgc2FtZSBmb3IgYXJtNjQgYW5kIGRyb3AgdGhlCiFjYW5fc2V0X2Rp cmVjdF9tYXAoKSBjb25kaXRpb24gaW4ga2VybmVsX3BhZ2VfcHJlc2VudCgpPwoKLS0gCkNhdGFs aW4KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4 LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFk Lm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFy bS1rZXJuZWwK