From patchwork Mon Dec 23 09:40:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Qi Zheng X-Patchwork-Id: 13918676 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 079E0E7718D for ; Mon, 23 Dec 2024 09:45:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 92DCB6B00A5; Mon, 23 Dec 2024 04:45:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8DD406B00A6; Mon, 23 Dec 2024 04:45:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 730466B00A7; Mon, 23 Dec 2024 04:45:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 51E046B00A5 for ; Mon, 23 Dec 2024 04:45:27 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 1E76CA1072 for ; Mon, 23 Dec 2024 09:45:27 +0000 (UTC) X-FDA: 82925739876.23.82CB794 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by imf03.hostedemail.com (Postfix) with ESMTP id 0DE2F20008 for ; Mon, 23 Dec 2024 09:45:07 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=GFu7kHaj; spf=pass (imf03.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734947096; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=PKXmgk14q5iTVVS1mr3/Vjb82WJ7YhIS4Il9PFOabEQl4bAUzrZpNKIqgP3BPmhbR7fAki 8hn3D8a3mx3gHFTytij230nMH2sset+u6YoFlS7wQKwT+C3v6ccFoBR1odMKHqKzhkq5HY X1wGtPjGMSPiVY/bEAGDFaVkEtiDUnw= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=GFu7kHaj; spf=pass (imf03.hostedemail.com: domain of zhengqi.arch@bytedance.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=zhengqi.arch@bytedance.com; dmarc=pass (policy=quarantine) header.from=bytedance.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734947096; a=rsa-sha256; cv=none; b=3RduaYYs/f9WWj9Y5hMTC+gvMddMaqpG3WuzjJ+usdGniDYarDJI0SDD5wrV1q4GrhoRax o38BcgNBFA0D+LNC4ZOIwL/KmpXPIYPwypysH203xoaKpluB85x3IS2EitsC/yrUTWSE4P D6PgeYEnc/p1LbU7qg2gzacRlRg7x5I= Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-728ea1573c0so3238072b3a.0 for ; Mon, 23 Dec 2024 01:45:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1734947124; x=1735551924; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=GFu7kHajqALzYZmCPeeZofS7k7vAFvU3YWQlwA5tveCAJyya/z8uEvbg4/Z0JB/uO0 ipVnL9No+pIKbU5uwCQQ3lnBRY5G4pKxwTmYx6G4OHfoq7wPwiD5LAT6PspqMFnO0Ixx uJmvtRpDw3lSxTIVthub7y02in94CL2s2MqGPqP8fMT1FOWNpUW9CNOorBfTINn2v8kg JdZcrhKkZYDkdEnyyDotZs1YoZSgT0J6syBGHMSbQ0fkmk/BV1Eh0xFsSi1X3QTylW8a /31BfEzl8Bf7Wce5MhbPiI8WZTkzoJSMy+O9kUghMKQlWAR3fhWzAtjsGEcAoQmPAYQD TERw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734947124; x=1735551924; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rs6Lkouarv58ZoKb+WtHLVo9G63kikGgJGrD7ursbxc=; b=rfJvtKeArJuKO80gUS7GCKoqgXl5iiaqYtMAw8iip3yb6JInyk/9YQ3xk0yK4WQYXe 54U/gY74UnrfBuX7QvUWOElvOFquzrs9GvEiF/rqvkrh4WB+CW5RU6iM+OanO4TXf4qS NpIEvmJBggkybqneJPn4mTQ+j6LNhZg2g4dzb6PpJcZX22doVnosEuPprv1cMemmpg9E C0AwzCyzzTmRNZIPyPPiNKVjVrMyGvFyAyEmBsuxyGuxkhGYjdkpjONVUeEv7jq90t9d fG/LW+LhQL2JOST6+WXJduvylc+E94wYfu8myFaIJHG+yb3rPSdE5I74ohb2pz3MhOvb 3bdQ== X-Gm-Message-State: AOJu0YzDS8Wmd3Yd0zGNSJ4UlQLBNAVVe6uWyZMgKxISMvxo0gxOPcbt 5ACvC6dm0f0VOOTvOmOERwC4zD/hpl7hQKeqLjMblC2oEDdoD3Sgy0gcLD89T8Q= X-Gm-Gg: ASbGncuZD8HA7eVzaJz/yf6AI1C9QQEYYl+1CTIgsQkxddA7u0PcHxKrPAMWb7FTAQv idvEX31rp2W3nyBXf84CdMI6W6iNDbxnZ7L4uT3X6PIrtmOfF2OWiazuYzcypASgGtvLKkOWzbY BhILjSpsNED60NGylAJK5eceoeEm41Nngk4wwysS6iJHX2F8WVT2YZPLrZcu4B7BpjHkGz09rme zLqGNMgQ00pMFG+YV1mg/saEXzsjpU05uMRXDjQ+bfD3aUDi9mWpHyfJCCaaDxJ6WC4OTOtelyk BLNCAaV9sCrxI0TUA2simQ== X-Google-Smtp-Source: AGHT+IEsUkA9RBo0Vmvp6m94/gMVFQ4PHl6SoN42Z+rLx+q01B5oEKa1sTTPOWHs1mFCNObFPbuRxA== X-Received: by 2002:a05:6a20:6a25:b0:1d9:18af:d150 with SMTP id adf61e73a8af0-1e5e05a9e39mr19676430637.21.1734947123919; Mon, 23 Dec 2024 01:45:23 -0800 (PST) Received: from C02DW0BEMD6R.bytedance.net ([203.208.167.150]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8486c6sm7468309b3a.85.2024.12.23.01.45.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 01:45:23 -0800 (PST) From: Qi Zheng To: peterz@infradead.org, agordeev@linux.ibm.com, kevin.brodsky@arm.com, tglx@linutronix.de, david@redhat.com, jannh@google.com, hughd@google.com, yuzhao@google.com, willy@infradead.org, muchun.song@linux.dev, vbabka@kernel.org, lorenzo.stoakes@oracle.com, akpm@linux-foundation.org, rientjes@google.com, vishal.moola@gmail.com, arnd@arndb.de, will@kernel.org, aneesh.kumar@kernel.org, npiggin@gmail.com, dave.hansen@linux.intel.com, rppt@kernel.org, ryan.roberts@arm.com Cc: linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-arch@vger.kernel.org, linux-csky@vger.kernel.org, linux-hexagon@vger.kernel.org, loongarch@lists.linux.dev, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-openrisc@vger.kernel.org, linux-sh@vger.kernel.org, linux-um@lists.infradead.org, Qi Zheng Subject: [PATCH v3 11/17] x86: pgtable: move pagetable_dtor() to __tlb_remove_table() Date: Mon, 23 Dec 2024 17:40:57 +0800 Message-Id: <0dc5a3bf5a692e24379c1d3b879a6d4396f0dbbd.1734945104.git.zhengqi.arch@bytedance.com> X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 0DE2F20008 X-Rspamd-Server: rspam12 X-Stat-Signature: 1reohge6eff48fyyzodieuqfxwucc9i8 X-Rspam-User: X-HE-Tag: 1734947107-361413 X-HE-Meta: U2FsdGVkX19jsjEtu9GXvwqIt1/kXcfdxZjotbebG8MS9kToSKKKvdFmuV0j/wsFTeLNn4He+6eXmXCHDHSnSIQTp3FD6PdzP8yNxoiqcp5M1KNJOl+saUtts1WaHWG9Y/B5V9D0ftbkDtZRWeSOB4/C6aMweUhM7DCEk0xPW0qcj4DujSzdQuwPTNPzjfUJURWuMeCa/xz0Ww/LAo5PMiTRhv3o7HHDdgdeKyEbN5nmuZs5yZDqoyBUarzynlHAO4+OUIveRjVRq22vY83gqF9I8PsmkoNKlsPTV78ZIa2d195EOIY130f4VOJ4Nt8qJCx08a65FoT+GnWRg+13Zh6IKRKkOsUslcl6cOj9qub8Th4wxnBo+bhJORrHnd7+r9kMeL7bLsqA26gVdOp5dSRCPtBgHr06Ye+k1WQ5l9VuHYa1tY3fiGisckxC40ak7lAI5nNCUnT8t+y0odS4tcJTsVihD4gi1te+lBomJlGmpHfUqsbbM9xeiDzUB+xzSRyozhyLrCsjAaHO+zenD/Rd3v+lBE2xchI8eRCpGDx5rlQw4BqfLrz9I+uvFS/CMQJMn2lnJp9Mv6+uMzcyKbyTzy0wGmMWJhOpLPtTGvgfLoyFZEUzmAY4gws1kn8X62zU4PnFhGQz/ryPK4SZ2jJ1XPDqLGB+7BYw6oKYJli8k+UaiHI2iAWFuJYlSLdj4edS3jybqL3gavS/kF8C0aZINVZuq0ZV+VLblt2YF6nu1U25CyqhFwyIwmm9oLRl6ybjZMHWfwBoL3fHTel2nK3utUC1htH/cE5NH6sk9X0qqBl9rRENBHjP7Ga1VBrECdEwUT0dnwI1UdVtul+5y3wWhAHrqZGC82eDvYeKjJ/9vaj/JDZzYew1/3IXlc6Uq+I97Oa0L+GDjSqnFcRbbE3+Oagr4k+TAqDaWjDiUEZ2yzLZSvLXUnO2mGd4QVXppVn2ZAJn8AXBqxHc0SA DgP3Dd3w HuH6ybT/exdbIjWNF0oeyD+EbF3uiobiiaKkgjVIQPEODfmiUU6rSTewVjEDBtKqm0VM57F/bA8W9N7HCCbtUixonacaWdU6DU1tqbyqIyOcglm44lFL3SQ5yILOyndbdCWsPFWkRpTfxHFKY2GCe5tVqrMB5YT1gyF6AMlYI1pZu1Z8Sokoe1l9AgER4XRhTyCRsaP/akqZPbAM5J/9ODYbGYn9/Z5JOvVlgBnbvnhSTYVW+LYi1kUPcxlU/u8r52cHoGJdaZiPsI1w71rZLppBukXlWmFTcnD13FgiSC2voADLJhLDecHqu0ufiGxGg3622Zx/NJUm8L04qz/Jen7rOLB7zvssTuldXQe5Gq5WqOIMkmccPc6faF2DYOilaMWRArMyXxQL0nv8EImVYpDlz/JTiq+9mKZqY54Pre508LU5eeMVF8NioNcx4T7yBov6LAENgfncQht/HfE+iDh1CkVn08nn3Q45RBo2E7sQDtAOnJGJcxyo9bYFuxNbvpMxq X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Move pagetable_dtor() to __tlb_remove_table(), so that ptlock and page table pages can be freed together (regardless of whether RCU is used). This prevents the use-after-free problem where the ptlock is freed immediately but the page table pages is freed later via RCU. Page tables shouldn't have swap cache, so use pagetable_free() instead of free_page_and_swap_cache() to free page table pages. Signed-off-by: Qi Zheng Suggested-by: Peter Zijlstra (Intel) Cc: x86@kernel.org --- arch/x86/include/asm/tlb.h | 17 ++++++++++------- arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/pgtable.c | 12 ++---------- 3 files changed, 13 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/tlb.h b/arch/x86/include/asm/tlb.h index 73f0786181cc9..f64730be5ad67 100644 --- a/arch/x86/include/asm/tlb.h +++ b/arch/x86/include/asm/tlb.h @@ -31,24 +31,27 @@ static inline void tlb_flush(struct mmu_gather *tlb) */ static inline void __tlb_remove_table(void *table) { - free_page_and_swap_cache(table); + struct ptdesc *ptdesc = (struct ptdesc *)table; + + pagetable_dtor(ptdesc); + pagetable_free(ptdesc); } #ifdef CONFIG_PT_RECLAIM static inline void __tlb_remove_table_one_rcu(struct rcu_head *head) { - struct page *page; + struct ptdesc *ptdesc; - page = container_of(head, struct page, rcu_head); - put_page(page); + ptdesc = container_of(head, struct ptdesc, pt_rcu_head); + __tlb_remove_table(ptdesc); } static inline void __tlb_remove_table_one(void *table) { - struct page *page; + struct ptdesc *ptdesc; - page = table; - call_rcu(&page->rcu_head, __tlb_remove_table_one_rcu); + ptdesc = table; + call_rcu(&ptdesc->pt_rcu_head, __tlb_remove_table_one_rcu); } #define __tlb_remove_table_one __tlb_remove_table_one #endif /* CONFIG_PT_RECLAIM */ diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 7bdcf152778c0..46d5d325483b0 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -62,6 +62,7 @@ void __init native_pv_lock_init(void) #ifndef CONFIG_PT_RECLAIM static void native_tlb_remove_table(struct mmu_gather *tlb, void *table) { + pagetable_dtor(table); tlb_remove_page(tlb, table); } #else diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index a6cd9660e29ec..a0b0e501ba663 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -23,6 +23,7 @@ EXPORT_SYMBOL(physical_mask); static inline void paravirt_tlb_remove_table(struct mmu_gather *tlb, void *table) { + pagetable_dtor(table); tlb_remove_page(tlb, table); } #else @@ -60,7 +61,6 @@ early_param("userpte", setup_userpte); void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte) { - pagetable_dtor(page_ptdesc(pte)); paravirt_release_pte(page_to_pfn(pte)); paravirt_tlb_remove_table(tlb, pte); } @@ -68,7 +68,6 @@ void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte) #if CONFIG_PGTABLE_LEVELS > 2 void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd) { - struct ptdesc *ptdesc = virt_to_ptdesc(pmd); paravirt_release_pmd(__pa(pmd) >> PAGE_SHIFT); /* * NOTE! For PAE, any changes to the top page-directory-pointer-table @@ -77,16 +76,12 @@ void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd) #ifdef CONFIG_X86_PAE tlb->need_flush_all = 1; #endif - pagetable_dtor(ptdesc); - paravirt_tlb_remove_table(tlb, ptdesc_page(ptdesc)); + paravirt_tlb_remove_table(tlb, virt_to_page(pmd)); } #if CONFIG_PGTABLE_LEVELS > 3 void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) { - struct ptdesc *ptdesc = virt_to_ptdesc(pud); - - pagetable_dtor(ptdesc); paravirt_release_pud(__pa(pud) >> PAGE_SHIFT); paravirt_tlb_remove_table(tlb, virt_to_page(pud)); } @@ -94,9 +89,6 @@ void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud) #if CONFIG_PGTABLE_LEVELS > 4 void ___p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d) { - struct ptdesc *ptdesc = virt_to_ptdesc(p4d); - - pagetable_dtor(ptdesc); paravirt_release_p4d(__pa(p4d) >> PAGE_SHIFT); paravirt_tlb_remove_table(tlb, virt_to_page(p4d)); }