From: Peter Xu <peterx@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: James Houghton <jthoughton@google.com>,
David Hildenbrand <david@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-mm@kvack.org,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Thomas Gleixner <tglx@linutronix.de>,
Dave Jiang <dave.jiang@intel.com>,
x86@kernel.org, Hugh Dickins <hughd@google.com>,
Matthew Wilcox <willy@infradead.org>,
Ingo Molnar <mingo@redhat.com>, Huang Ying <ying.huang@intel.com>,
Rik van Riel <riel@surriel.com>,
Nicholas Piggin <npiggin@gmail.com>,
Borislav Petkov <bp@alien8.de>,
"Kirill A . Shutemov" <kirill@shutemov.name>,
Dan Williams <dan.j.williams@intel.com>,
Vlastimil Babka <vbabka@suse.cz>,
Oscar Salvador <osalvador@suse.de>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
"Aneesh Kumar K . V" <aneesh.kumar@linux.ibm.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
Mel Gorman <mgorman@techsingularity.net>
Subject: Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds
Date: Wed, 7 Aug 2024 17:34:10 -0400 [thread overview]
Message-ID: <ZrPoUgISLqlF-iEQ@x1n> (raw)
In-Reply-To: <20240807141703.d641001ee14177ccf80a31d8@linux-foundation.org>
On Wed, Aug 07, 2024 at 02:17:03PM -0700, Andrew Morton wrote:
> On Wed, 7 Aug 2024 15:48:04 -0400 Peter Xu <peterx@redhat.com> wrote:
>
> >
> > Dax supports pud pages for a while, but mprotect on puds was missing since
> > the start. This series tries to fix that by providing pud handling in
> > mprotect(). The goal is to add more types of pud mappings like hugetlb or
> > pfnmaps. This series paves way for it by fixing known pud entries.
> >
> > Considering nobody reported this until when I looked at those other types
> > of pud mappings, I am thinking maybe it doesn't need to be a fix for stable
> > and this may not need to be backported. I would guess whoever cares about
> > mprotect() won't care 1G dax puds yet, vice versa. I hope fixing that in
> > new kernels would be fine, but I'm open to suggestions.
>
> Yes, I'm not sure this is a "fix" at all. We're implementing something
> which previously wasn't there. Perhaps the entire series should be
> called "mm: implement mprotect() for DAX PUDs"?
The problem is mprotect() will skip the dax 1G PUD while it shouldn't;
meanwhile it'll dump some bad PUD in dmesg. Both of them look like (corner
case) bugs to me.. where:
- skipping the 1G pud means mprotect() will succeed even if the pud won't
be updated with the correct permission specified. Logically that can
cause e.g. in mprotect(RO) then write the page can cause data corrupt,
as the pud page will still be writable.
- the bad pud will generate a pr_err() into dmesg, with no limit so far I
can see. So I think it means an userspace can DoS the kernel log if it
wants.. simply by creating the PUD and keep mprotect-ing it
But yeah this series fixes this "bug" by implementing that part..
Thanks,
--
Peter Xu
next prev parent reply other threads:[~2024-08-07 21:35 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-07 19:48 [PATCH v4 0/7] mm/mprotect: Fix dax puds Peter Xu
2024-08-07 19:48 ` [PATCH v4 1/7] mm/dax: Dump start address in fault handler Peter Xu
2024-08-07 19:48 ` [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs Peter Xu
2024-08-08 15:33 ` Sean Christopherson
2024-08-08 21:21 ` Peter Xu
2024-08-08 21:31 ` Sean Christopherson
2024-08-08 21:47 ` Peter Xu
2024-08-08 22:45 ` Sean Christopherson
2024-08-07 19:48 ` [PATCH v4 3/7] mm/powerpc: Add missing pud helpers Peter Xu
2024-08-07 19:48 ` [PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit Peter Xu
2024-08-07 22:22 ` Thomas Gleixner
2024-08-08 14:54 ` Peter Xu
2024-08-09 12:08 ` Thomas Gleixner
2024-08-09 13:53 ` Peter Xu
2024-08-07 19:48 ` [PATCH v4 5/7] mm/x86: arch_check_zapped_pud() Peter Xu
2024-08-07 22:28 ` Thomas Gleixner
2024-08-08 15:49 ` Peter Xu
2024-08-08 20:45 ` David Hildenbrand
2024-08-07 19:48 ` [PATCH v4 6/7] mm/x86: Add missing pud helpers Peter Xu
2024-08-07 22:37 ` Thomas Gleixner
2024-08-08 20:25 ` Peter Xu
2024-08-07 19:48 ` [PATCH v4 7/7] mm/mprotect: fix dax pud handlings Peter Xu
2024-08-07 21:17 ` [PATCH v4 0/7] mm/mprotect: Fix dax puds Andrew Morton
2024-08-07 21:34 ` Peter Xu [this message]
2024-08-07 21:44 ` Andrew Morton
2024-08-08 14:34 ` Peter Xu
2024-08-07 21:23 ` Andrew Morton
2024-08-07 21:47 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZrPoUgISLqlF-iEQ@x1n \
--to=peterx@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=bp@alien8.de \
--cc=christophe.leroy@csgroup.eu \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dave.jiang@intel.com \
--cc=david@redhat.com \
--cc=hughd@google.com \
--cc=jthoughton@google.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mgorman@techsingularity.net \
--cc=mingo@redhat.com \
--cc=npiggin@gmail.com \
--cc=osalvador@suse.de \
--cc=rick.p.edgecombe@intel.com \
--cc=riel@surriel.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).