* [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
[not found] <1402271372.18777802.1593153800272.JavaMail.zimbra@redhat.com>
@ 2020-06-26 6:59 ` Jan Stancek
2020-06-26 7:47 ` Aneesh Kumar K.V
0 siblings, 1 reply; 4+ messages in thread
From: Jan Stancek @ 2020-06-26 6:59 UTC (permalink / raw)
To: linuxppc-dev, aneesh.kumar, sandipan; +Cc: Rachel Sibley, Jan Stancek
Hi,
LTP mmap03 is getting stuck in page fault loop after commit
c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4.
Here's a minimized reproducer:
------------------------- 8< -----------------------------
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
int main(int ac, char **av)
{
int page_sz = getpagesize();
int fildes;
char *addr;
fildes = open("tempfile", O_WRONLY | O_CREAT, 0666);
write(fildes, &fildes, sizeof(fildes));
close(fildes);
fildes = open("tempfile", O_RDONLY);
unlink("tempfile");
addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0);
printf("%d\n", *addr);
return 0;
}
------------------------- >8 -----------------------------
This would previously end quickly with segmentation fault, after
commit c46241a370a6 test is stuck:
# perf stat timeout 5 ./a.out
Performance counter stats for 'timeout 5 ./a.out':
5,001.74 msec task-clock # 1.000 CPUs utilized
9 context-switches # 0.002 K/sec
0 cpu-migrations # 0.000 K/sec
3,094,893 page-faults # 0.619 M/sec
18,940,869,512 cycles # 3.787 GHz (33.39%)
1,377,005,087 stalled-cycles-frontend # 7.27% frontend cycles idle (50.19%)
10,949,936,056 stalled-cycles-backend # 57.81% backend cycles idle (16.62%)
21,133,828,748 instructions # 1.12 insn per cycle
# 0.52 stalled cycles per insn (33.22%)
4,395,016,137 branches # 878.698 M/sec (49.81%)
164,499,002 branch-misses # 3.74% of all branches (16.60%)
5.001237248 seconds time elapsed
0.321276000 seconds user
4.680772000 seconds sys
access_pkey_error() in page fault handler now always seem to return false:
__do_page_fault
access_pkey_error(is_pkey: 1, is_exec: 0, is_write: 0)
arch_vma_access_permitted
pkey_access_permitted
if (!is_pkey_enabled(pkey))
return true
return false
Regards,
Jan
[1]
Architecture: ppc64le
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 8
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 2
Model: 2.2 (pvr 004e 0202)
Model name: POWER9 (architected), altivec supported
Hypervisor vendor: pHyp
Virtualization type: para
L1d cache: 32 KiB
L1i cache: 32 KiB
NUMA node0 CPU(s):
NUMA node1 CPU(s): 0-7
Physical sockets: 2
Physical chips: 1
Physical cores/chip: 8
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Mitigation; RFI Flush, L1D private per thread
Vulnerability Mds: Not affected
Vulnerability Meltdown: Mitigation; RFI Flush, L1D private per thread
Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio)
Vulnerability Spectre v1: Mitigation; __user pointer sanitization, ori31 speculation barrier enabled
Vulnerability Spectre v2: Mitigation; Indirect branch cache disabled, Software link stack flush
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
2020-06-26 6:59 ` [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") Jan Stancek
@ 2020-06-26 7:47 ` Aneesh Kumar K.V
2020-06-26 9:09 ` Aneesh Kumar K.V
0 siblings, 1 reply; 4+ messages in thread
From: Aneesh Kumar K.V @ 2020-06-26 7:47 UTC (permalink / raw)
To: Jan Stancek, linuxppc-dev, sandipan; +Cc: Rachel Sibley
Hi Jan,
On 6/26/20 12:29 PM, Jan Stancek wrote:
> Hi,
>
> LTP mmap03 is getting stuck in page fault loop after commit
> c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
>
> System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4.
>
> Here's a minimized reproducer:
> ------------------------- 8< -----------------------------
> #include <fcntl.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <sys/mman.h>
>
> int main(int ac, char **av)
> {
> int page_sz = getpagesize();
> int fildes;
> char *addr;
>
> fildes = open("tempfile", O_WRONLY | O_CREAT, 0666);
> write(fildes, &fildes, sizeof(fildes));
> close(fildes);
>
> fildes = open("tempfile", O_RDONLY);
> unlink("tempfile");
>
> addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0);
>
> printf("%d\n", *addr);
> return 0;
> }
> ------------------------- >8 -----------------------------
Thanks for the report. This is execute only key where vma has the
implied read permission. So The patch do break this case. I will see how
best we can handle PROT_EXEC and the multi threaded test that required
the change in the patch.
-aneesh
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
2020-06-26 7:47 ` Aneesh Kumar K.V
@ 2020-06-26 9:09 ` Aneesh Kumar K.V
2020-06-26 9:49 ` Jan Stancek
0 siblings, 1 reply; 4+ messages in thread
From: Aneesh Kumar K.V @ 2020-06-26 9:09 UTC (permalink / raw)
To: Jan Stancek, linuxppc-dev, sandipan; +Cc: Rachel Sibley, linuxram
On 6/26/20 1:17 PM, Aneesh Kumar K.V wrote:
> Hi Jan,
>
> On 6/26/20 12:29 PM, Jan Stancek wrote:
>> Hi,
>>
>> LTP mmap03 is getting stuck in page fault loop after commit
>> c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault
>> error to the user")
>>
>> System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4.
>>
>> Here's a minimized reproducer:
>> ------------------------- 8< -----------------------------
>> #include <fcntl.h>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <unistd.h>
>> #include <sys/mman.h>
>>
>> int main(int ac, char **av)
>> {
>> int page_sz = getpagesize();
>> int fildes;
>> char *addr;
>>
>> fildes = open("tempfile", O_WRONLY | O_CREAT, 0666);
>> write(fildes, &fildes, sizeof(fildes));
>> close(fildes);
>>
>> fildes = open("tempfile", O_RDONLY);
>> unlink("tempfile");
>>
>> addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE,
>> fildes, 0);
>>
>> printf("%d\n", *addr);
>> return 0;
>> }
>> ------------------------- >8 -----------------------------
>
> Thanks for the report. This is execute only key where vma has the
> implied read permission. So The patch do break this case. I will see how
> best we can handle PROT_EXEC and the multi threaded test that required
> the change in the patch.
>
Can you check with this change? While checking for access permission we
are checking against UAMOR value which i think is wrong. We just need to
look at the AMR and IAMR values to check whether access is permitted or
not. Even if UAMOR deny the userspace management of the key, we should
do the correct access check.
modified arch/powerpc/mm/book3s64/pkeys.c
@@ -353,9 +353,6 @@ static bool pkey_access_permitted(int pkey, bool
write, bool execute)
int pkey_shift;
u64 amr;
- if (!is_pkey_enabled(pkey))
- return true;
-
pkey_shift = pkeyshift(pkey);
if (execute && !(read_iamr() & (IAMR_EX_BIT << pkey_shift)))
return true;
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
2020-06-26 9:09 ` Aneesh Kumar K.V
@ 2020-06-26 9:49 ` Jan Stancek
0 siblings, 0 replies; 4+ messages in thread
From: Jan Stancek @ 2020-06-26 9:49 UTC (permalink / raw)
To: Aneesh Kumar K.V; +Cc: Rachel Sibley, linuxppc-dev, sandipan, linuxram
----- Original Message -----
> Can you check with this change? While checking for access permission we
> are checking against UAMOR value which i think is wrong. We just need to
> look at the AMR and IAMR values to check whether access is permitted or
> not. Even if UAMOR deny the userspace management of the key, we should
> do the correct access check.
>
> modified arch/powerpc/mm/book3s64/pkeys.c
> @@ -353,9 +353,6 @@ static bool pkey_access_permitted(int pkey, bool
> write, bool execute)
> int pkey_shift;
> u64 amr;
>
> - if (!is_pkey_enabled(pkey))
> - return true;
> -
> pkey_shift = pkeyshift(pkey);
> if (execute && !(read_iamr() & (IAMR_EX_BIT << pkey_shift)))
> return true;
>
This change fixes it for me. mmap03 and reproducer from previous
email no longer get stuck.
Thanks,
Jan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-06-26 9:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1402271372.18777802.1593153800272.JavaMail.zimbra@redhat.com>
2020-06-26 6:59 ` [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") Jan Stancek
2020-06-26 7:47 ` Aneesh Kumar K.V
2020-06-26 9:09 ` Aneesh Kumar K.V
2020-06-26 9:49 ` Jan Stancek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).