From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C1F51C27C53 for ; Wed, 19 Jun 2024 14:54:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:In-Reply-To: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ee3iDL3vmwaDIx56wuZO1MpBHHQkzNcI6ID4JeKnOV0=; b=YCIjIQD1Byu/hLp4TSkcEDIrau +JK2trKKrZIz2I3iGqCPoR2xg+UR6PWTWq13vfq7ejQhiymjYwKa0tppTQMcQNy2ydZ3/+Q3/sljy fhTifZb9Q2q996TGHLIxCNkz0zOnJ1fVW91zAHX19t59m7JRg33X0my4LTDge29K4EXxkR2QMTlMa YJSri9YJmt9s0NPilBtiqUdqtWiq43ml5uCyiujI6AVX3c7X5Kf7LqNve7YYPW0H3OmUcrX29UawT Zw1xLsz9iQIQoYm/HYko4702SfNu/SuRKDrOSOp7McTrRVn2FodTRsCLTY2fTHFsEwu4+dEqdSKCh YgQVbsOQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJwha-00000001g3X-0QjE; Wed, 19 Jun 2024 14:54:22 +0000 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJwhW-00000001g1m-0kgG for linux-arm-kernel@lists.infradead.org; Wed, 19 Jun 2024 14:54:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1718808854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ee3iDL3vmwaDIx56wuZO1MpBHHQkzNcI6ID4JeKnOV0=; b=L2HhWY6yetnz4jd02h2cQCyt48sx8MxfmRwbPvIvkg1xLhomrJp42x5kPe5Nfb/Zhh0BqL s9K0OhjqFCbwE2YL5wjXOttUvXRhLpfqsQvNnKcJlv6ESIBwIg00WYouGj7FlzobtPqy+X Or6da+RC77HdvJxp/bw7Xy10fyCo0UI= Received: from mail-yb1-f197.google.com (mail-yb1-f197.google.com [209.85.219.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-528-qZwqVT8jON6xaypUJhJ7Cw-1; Wed, 19 Jun 2024 10:54:13 -0400 X-MC-Unique: qZwqVT8jON6xaypUJhJ7Cw-1 Received: by mail-yb1-f197.google.com with SMTP id 3f1490d57ef6-dfee89ede1fso848966276.3 for ; Wed, 19 Jun 2024 07:54:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718808852; x=1719413652; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ee3iDL3vmwaDIx56wuZO1MpBHHQkzNcI6ID4JeKnOV0=; b=Hqxi6G9AtouQA3mdTi3L/9uyODEsEWccJKiU18tIQh+z2z15nnTsugQ9JELXaZjjzd uxkShC1DHfreQ4t1mM7xa4iHpKkT3YTeE+2vBw4r1TmZvGQvZoLrqV58qqsjaejGq5rA yCn7VQauI88FamNZiB/1tXAO+Qr8D9Z7RZSc+YyN/E0b6zAak82sq1uPBXzxpWTY+5PF AkaXT5uqReigPVHy79mgOPoIwxyfFcIeFejywujSLF5vSUYQpvjyOtRP4QwfG4HPaEC+ Jydg3fKB5eUxDteBuYehZGD2fNwE/g2YAJ+UreRqpX8Y8ReuKAFUPhSUFRF0keAPoqdf tLfg== X-Forwarded-Encrypted: i=1; AJvYcCX667qPHwpUKjBaWSab28KP3xKbFR0kRgaETlYlQCRQOfGR7SbN/V7otiCi5L/gP9jdstPbgq9/5hgrrtK7LdZleUJPZbkGIRaQF4tqleczK71FD14= X-Gm-Message-State: AOJu0YyQWmpF4Mb90hNXMuq42/hkyfG4AvL65NZ1+zBaAwruMlXWgce8 oDAgjMiMgNUQ7UIZhfVaq/RRRjpfKE2ohkMMJZBUdyqHQMOJRLRJF9DPl6VAMOVPgXK+bERhT/G K/4mJ5HlmDN2sPyFcV2ZHSVy5NCOXGmSXqFfPgwzT+mAnULYkQhSM+zDQ6CbgizbXrKx5EOZV X-Received: by 2002:a05:690c:7301:b0:61b:a73f:b233 with SMTP id 00721157ae682-63a8d542eb8mr26346457b3.1.1718808850408; Wed, 19 Jun 2024 07:54:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEL06jc43/8sUa6ucTA2/WjSUcl4anD53Q+HnvqkLr94KP8FexSTPvqMjlPjot0YIp/ZJKWYQ== X-Received: by 2002:a05:690c:7301:b0:61b:a73f:b233 with SMTP id 00721157ae682-63a8d542eb8mr26345727b3.1.1718808848483; Wed, 19 Jun 2024 07:54:08 -0700 (PDT) Received: from x1n (pool-99-254-121-117.cpe.net.cable.rogers.com. [99.254.121.117]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6b2a5bf1d70sm78336636d6.11.2024.06.19.07.54.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Jun 2024 07:54:08 -0700 (PDT) Date: Wed, 19 Jun 2024 10:54:06 -0400 From: Peter Xu To: Ryan Roberts Cc: Catalin Marinas , Will Deacon , Mark Rutland , linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v1] arm64: mm: Permit PTE SW bits to change in live mappings Message-ID: References: <20240619121859.4153966-1-ryan.roberts@arm.com> MIME-Version: 1.0 In-Reply-To: <20240619121859.4153966-1-ryan.roberts@arm.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240619_075418_337592_B2E06416 X-CRM114-Status: GOOD ( 38.87 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi, Ryan, On Wed, Jun 19, 2024 at 01:18:56PM +0100, Ryan Roberts wrote: > Previously pgattr_change_is_safe() was overly-strict and complained > (e.g. "[ 116.262743] __check_safe_pte_update: unsafe attribute change: > 0x0560000043768fc3 -> 0x0160000043768fc3") if it saw any SW bits change > in a live PTE. There is no such restriction on SW bits in the Arm ARM. > > Until now, no SW bits have been updated in live mappings via the > set_ptes() route. PTE_DIRTY would be updated live, but this is handled > by ptep_set_access_flags() which does not call pgattr_change_is_safe(). > However, with the introduction of uffd-wp for arm64, there is core-mm > code that does ptep_get(); pte_clear_uffd_wp(); set_ptes(); which > triggers this false warning. > > Silence this warning by masking out the SW bits during checks. > > The bug isn't technically in the highlighted commit below, but that's > where bisecting would likely lead as its what made the bug user-visible. > > Signed-off-by: Ryan Roberts > Fixes: 5b32510af77b ("arm64/mm: Add uffd write-protect support") > --- > > Hi All, > > This applies on top of v6.10-rc4 and it would be good to land this as a hotfix > for v6.10 since its effectively fixing a bug in 5b32510af77b which was merged > for v6.10. > > I've only been able to trigger this occasionally by running the mm uffd > selftests, when swap is configured to use a small (64M) zRam disk. With this fix > applied I can no longer trigger it. Totally not familiar with the arm64 pgtable checker here, but I'm just wondering how the swap affected this, as I see there's: /* creating or taking down mappings is always safe */ if (!pte_valid(__pte(old)) || !pte_valid(__pte(new))) return true; Should pte_valid() always report false on swap entries? Does it mean that it'll always report PASS for anything switch from/to a swap entry for the checker? I assume that's also why you didn't cover bit 3 (uffd-wp swap bit on arm64, per my read in your previous series), but I don't think I'm confident on my understanding yet. It might be nice to mention how that was triggered in the commit message from that regard. > > Thanks, > Ryan > > arch/arm64/include/asm/pgtable-hwdef.h | 1 + > arch/arm64/mm/mmu.c | 3 ++- > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h > index 9943ff0af4c9..1f60aa1bc750 100644 > --- a/arch/arm64/include/asm/pgtable-hwdef.h > +++ b/arch/arm64/include/asm/pgtable-hwdef.h > @@ -170,6 +170,7 @@ > #define PTE_CONT (_AT(pteval_t, 1) << 52) /* Contiguous range */ > #define PTE_PXN (_AT(pteval_t, 1) << 53) /* Privileged XN */ > #define PTE_UXN (_AT(pteval_t, 1) << 54) /* User XN */ > +#define PTE_SWBITS_MASK _AT(pteval_t, (BIT(63) | GENMASK(58, 55))) > > #define PTE_ADDR_LOW (((_AT(pteval_t, 1) << (50 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) > #ifdef CONFIG_ARM64_PA_BITS_52 > diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c > index c927e9312f10..353ea5dc32b8 100644 > --- a/arch/arm64/mm/mmu.c > +++ b/arch/arm64/mm/mmu.c > @@ -124,7 +124,8 @@ bool pgattr_change_is_safe(u64 old, u64 new) > * The following mapping attributes may be updated in live > * kernel mappings without the need for break-before-make. > */ > - pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE | PTE_NG; > + pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE | PTE_NG | > + PTE_SWBITS_MASK; When applying the uffd-wp bit, normally we shouldn't need this as we'll need to do BBM-alike ops to avoid concurrent HW A/D updates. E.g. change_pte_range() uses the ptep_modify_prot_* APIs. But indeed at least unprotect / clear-uffd-bit doesn't logically need that, we already do that in e.g. do_wp_page(). From that POV it makes sense to me, as I also don't see why soft-bits are forbidden to be updated on ptes if HWs ignore them as a pretty generic concept. Just want to double check with you. > > /* creating or taking down mappings is always safe */ > if (!pte_valid(__pte(old)) || !pte_valid(__pte(new))) > -- > 2.43.0 > When looking at this function I found this and caught my attention too: /* live contiguous mappings may not be manipulated at all */ if ((old | new) & PTE_CONT) return false; I'm now wondering how cont-ptes work with uffd-wp now for arm64, from either hugetlb or mTHP pov. This check may be relevant here as a start. The other thing is since x86 doesn't have cont-ptes yet, uffd-wp didn't consider that, and there may be things overlooked at least from my side. E.g., consider wr-protect one cont-pte huge pages on hugetlb: static inline pte_t huge_pte_mkuffd_wp(pte_t pte) { return huge_pte_wrprotect(pte_mkuffd_wp(pte)); } I think it means so far it won't touch the rest cont-ptes but the 1st. Not sure whether it'll work if write happens on the rest. For mTHPs, they should still be done in change_pte_range() which doesn't understand mTHPs yet, so it should loop over all ptes and looks good so far, but I didn't further check other than that. Thanks, -- Peter Xu