From patchwork Thu Sep 9 14:59:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Hildenbrand X-Patchwork-Id: 12483359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A87BC43217 for ; Thu, 9 Sep 2021 15:00:00 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4279C61131 for ; Thu, 9 Sep 2021 15:00:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4279C61131 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 1684B6B0072; Thu, 9 Sep 2021 10:59:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1150E6B0073; Thu, 9 Sep 2021 10:59:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EF6C1900002; Thu, 9 Sep 2021 10:59:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0178.hostedemail.com [216.40.44.178]) by kanga.kvack.org (Postfix) with ESMTP id DF2AD6B0072 for ; Thu, 9 Sep 2021 10:59:58 -0400 (EDT) Received: from smtpin35.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 7A14E2D38A for ; Thu, 9 Sep 2021 14:59:58 +0000 (UTC) X-FDA: 78568344876.35.D715D2C Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf03.hostedemail.com (Postfix) with ESMTP id 3E4363000096 for ; Thu, 9 Sep 2021 14:59:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631199597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Xs2SVTgBq7Vx1ySawCfwpzsExlEbPS/kiK1uV7V/sfI=; b=UeNNnLU6A2wVYOQ7wXcgcMqx+Q5bBcYrDAAis2CA9jqenKxomMJHmOIwd6O9LaeTb5C/bq eRk+RTLvZsyga0ej6d5GMG/GESmmcc+E9F1w8Y1CEAmYCfaSzHiQz4M+PiGzcaSWSbVyRk axGDW3yFb46F825+o1iIjHH95kQTDNE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-492-ItPiY0keN0C6pc0gHxBjsg-1; Thu, 09 Sep 2021 10:59:54 -0400 X-MC-Unique: ItPiY0keN0C6pc0gHxBjsg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E6CAD8145E7; Thu, 9 Sep 2021 14:59:52 +0000 (UTC) Received: from t480s.redhat.com (unknown [10.39.192.233]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9123869FAE; Thu, 9 Sep 2021 14:59:46 +0000 (UTC) From: David Hildenbrand To: linux-kernel@vger.kernel.org Cc: linux-s390@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, David Hildenbrand , Christian Borntraeger , Janosch Frank , Cornelia Huck , Claudio Imbrenda , Heiko Carstens , Vasily Gorbik , Niklas Schnelle , Gerald Schaefer , Ulrich Weigand Subject: [PATCH RFC 0/9] s390: fixes, cleanups and optimizations for page table walkers Date: Thu, 9 Sep 2021 16:59:36 +0200 Message-Id: <20210909145945.12192-1-david@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 3E4363000096 X-Stat-Signature: 8bx4rynbk9nn3ery1qeq1u3udixohfcm Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UeNNnLU6; spf=none (imf03.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 170.10.133.124) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com X-HE-Tag: 1631199598-422647 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: RFC because the patches are essentially untested and I did not actually try to trigger any of the things these patches are supposed to fix. It merely matches my current understanding (and what other code does :) ). I did compile-test as far as possible. After learning more about the wonderful world of page tables and their interaction with the mmap_sem and VMAs, I spotted some issues in our page table walkers that allow user space to trigger nasty behavior when playing dirty tricks with munmap() or mmap() of hugetlb. While some issues should be hard to trigger, others are fairly easy because we provide conventient interfaces (e.g., KVM_S390_GET_SKEYS and KVM_S390_SET_SKEYS). Future work: - Don't use get_locked_pte() when it's not required to actually allocate page tables -- similar to how storage keys are now handled. Examples are get_pgste() and __gmap_zap. - Don't use get_locked_pte() and instead let page fault logic allocate page tables when we actually do need page tables -- also, similar to how storage keys are now handled. Examples are set_pgste_bits() and pgste_perform_essa(). - Maybe switch to mm/pagewalk.c to avoid custom page table walkers. For __gmap_zap() that's very easy. Cc: Christian Borntraeger Cc: Janosch Frank Cc: Cornelia Huck Cc: Claudio Imbrenda Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Niklas Schnelle Cc: Gerald Schaefer Cc: Ulrich Weigand David Hildenbrand (9): s390/gmap: validate VMA in __gmap_zap() s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() s390/mm: validate VMA in PGSTE manipulation functions s390/mm: fix VMA and page table handling code in storage key handling functions s390/uv: fully validate the VMA before calling follow_page() s390/pci_mmio: fully validate the VMA before calling follow_pte() s390/mm: no need for pte_alloc_map_lock() if we know the pmd is present s390/mm: optimize set_guest_storage_key() s390/mm: optimize reset_guest_reference_bit() arch/s390/kernel/uv.c | 2 +- arch/s390/mm/gmap.c | 11 +++- arch/s390/mm/pgtable.c | 109 +++++++++++++++++++++++++++------------ arch/s390/pci/pci_mmio.c | 4 +- 4 files changed, 89 insertions(+), 37 deletions(-) base-commit: 7d2a07b769330c34b4deabeed939325c77a7ec2f