From patchwork Mon Apr 7 15:11:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Gordeev X-Patchwork-Id: 14041045 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E1EEC36010 for ; Mon, 7 Apr 2025 15:11:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 18442280005; Mon, 7 Apr 2025 11:11:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 10CB6280004; Mon, 7 Apr 2025 11:11:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E7C4A280005; Mon, 7 Apr 2025 11:11:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id C5102280004 for ; Mon, 7 Apr 2025 11:11:39 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 9A1081A0F59 for ; Mon, 7 Apr 2025 15:11:40 +0000 (UTC) X-FDA: 83307587160.20.A7355A7 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by imf11.hostedemail.com (Postfix) with ESMTP id 4966740007 for ; Mon, 7 Apr 2025 15:11:38 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=ibm.com header.s=pp1 header.b=WCNS4jwc; dmarc=pass (policy=none) header.from=ibm.com; spf=pass (imf11.hostedemail.com: domain of agordeev@linux.ibm.com designates 148.163.158.5 as permitted sender) smtp.mailfrom=agordeev@linux.ibm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744038698; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ngcqzYVpe7xkxjw37TRZ0RrIQbWfDyVW1WAk2hgrGY8=; b=PgsIxvM94Bk8fMdVeHqI9R1F+WwLABfbnb2Fy9zL9kRvvbRqZETPoOVzRhMBJxB+fjTlCT 7Go78vIa+bFGSlHb96DzPVUAJYxG6TB6uoZHpEL43jl6db03pmhgv/gSoAXM6HfZMlHz4C ZGZmc9NjYghLq+BXhdzFWaOCvmKNXLI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744038698; a=rsa-sha256; cv=none; b=dusV8n/wTLUT1q6Y4RUK0Bqq2q4H4q3dkKHagQHTIzmS3GkVIFQB8tLTJYn/Wp8tRsvYSG hT1H0Rw6PK7y3HSviQoa/2+emYO+LYHBkLOhc0sgZ6tKqPV8cMmYzAx6wSidUqQ/4R8nY8 5wMlwZxJA1mqMyHeOCk0dmp0W5HGw+o= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=ibm.com header.s=pp1 header.b=WCNS4jwc; dmarc=pass (policy=none) header.from=ibm.com; spf=pass (imf11.hostedemail.com: domain of agordeev@linux.ibm.com designates 148.163.158.5 as permitted sender) smtp.mailfrom=agordeev@linux.ibm.com Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5378eCst023081; Mon, 7 Apr 2025 15:11:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ngcqzYVpe7xkxjw37 TRZ0RrIQbWfDyVW1WAk2hgrGY8=; b=WCNS4jwcRyfhgA/oGV/C7ufKUl5usySJY JBkrPpB0Kj0xSv0oPCKUqsc+vBFB8dZYewnwf47Zz4FOayaQxY3jaFKQUDjdWPJt ugxuydo8+0yZUmA+ohR403/w5zwKv2CqsgJbjNB2KabEV+JDdelbBoH8nco6FKOT R5XE4tzipG+fY4VoyLYwQ+3uN9XzGnan0j6xdebHv5sDZ2LfDdbtnEUN2Il+RJjB cmqGM+BCXcv4bJsoArQ7K3cEPEa9kiS4jW2g+IRmJx8IwWMG+l59zFFBzIXRlwbd 208F8LABLveUmxIFtMSBQJf8LY6ozCLBM9y7Hx9SlNJ6+MvGB6fBA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 45v0spm8qy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 07 Apr 2025 15:11:36 +0000 (GMT) Received: from m0356516.ppops.net (m0356516.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 537FBZII019687; Mon, 7 Apr 2025 15:11:35 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 45v0spm8qw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 07 Apr 2025 15:11:35 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 537Ehxeh017825; Mon, 7 Apr 2025 15:11:34 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 45uh2ke5uh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 07 Apr 2025 15:11:32 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 537FBVTb14156090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 7 Apr 2025 15:11:31 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B32320049; Mon, 7 Apr 2025 15:11:31 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E98012004D; Mon, 7 Apr 2025 15:11:30 +0000 (GMT) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTPS; Mon, 7 Apr 2025 15:11:30 +0000 (GMT) Received: by tuxmaker.boeblingen.de.ibm.com (Postfix, from userid 55669) id 85284E1613; Mon, 07 Apr 2025 17:11:30 +0200 (CEST) From: Alexander Gordeev To: Andrew Morton , Andrey Ryabinin Cc: Hugh Dickins , Nicholas Piggin , Guenter Roeck , Juergen Gross , Jeremy Fitzhardinge , linux-kernel@vger.kernel.org, linux-mm@kvack.org, kasan-dev@googlegroups.com, sparclinux@vger.kernel.org, xen-devel@lists.xenproject.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org Subject: [PATCH v1 3/4] mm: Protect kernel pgtables in apply_to_pte_range() Date: Mon, 7 Apr 2025 17:11:29 +0200 Message-ID: <11dbe3ac88130dbd2b8554f9369cd93fe138c655.1744037648.git.agordeev@linux.ibm.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Gsml-lqe4-oFygMCgc_o4kWGTfpeXFVg X-Proofpoint-ORIG-GUID: 9HS87Mcesg4PbHflITRoaij8qwSTG9RL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-07_04,2025-04-03_03,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1011 bulkscore=0 impostorscore=0 suspectscore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 phishscore=0 priorityscore=1501 spamscore=0 mlxlogscore=828 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2502280000 definitions=main-2504070104 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 4966740007 X-Stat-Signature: h93jsyxfd9yxzs8wjq3kgkxwuqf7b37n X-Rspam-User: X-HE-Tag: 1744038698-107289 X-HE-Meta: U2FsdGVkX1/d8c34JP5WX81YiKdFeQurLrl8f+gD4+jtBdrkDNGid6BOdM+mbBfobo9ce+AE/xicBl7v8WpRBJcMWKKCM6jgEoxM1+KiebGK8n9FcxDYpSUBoI3y60BYXnelkBldKCFbKXu6R8Yh/5OzXneQaJ/4T8aW+ng10myxfqFR8L4sbpGmqs8YQxASVGykwU5aySYEDxzcohY97DoyTvcmPK0UV28HHTsNhXxpJKqx+fukPqPVpfZrcGumZZ4DZJlXXxeJt/lJGG4MulZcbkKUIuJOztXBfC+O1Z+NKSRTpzrWMnK1sINtq2aSKkxbj7U8MEWzN6XpED9V5Dba7sjWjrF6PysBB4hlbm4ucV9REiK1mfdKZvoefdkxWqbIx7SuH+7zrbhBZw3EL8Lt6ay+VZce1vpY3HwgNDpzCK94g7vjZBIMFMw7HgK7GXcPbfVjigcz54gR1PaGcBqjPi1qwfZeVpxS/03hCk95Gerbeq221OAudC6JVlYFmtSPhlGx0Su/xzw3/lOKEE3Nz2wwNYQo8tYjV6jxMDnD0iqtbQdwUgcjhOkQQdDddxHUvqwNvZ6ZYHE5R2EcIuiBoX5stYcqKzQ6SUShkAdfkLKpDdtthwbHdeUwJM2bhNRBL3VxEIzt1PAYSSu6VUThKiqgyPrfRI5O7mSKu4P2Qm71dzddnXaDZwUQmr72f8YuYyMIEE8qv6bBwsyjzrXHkbTfUXSNBsaKDEQxCQk71nZrO0z92TWdw8yKvzslPBeyLATbtmKr7RR0KmdaV5IMUSeBMOeUxBmufbhjtjG+dhjS+hNuSMMcg5YBGBIzBr7MB0d9e2YEkVcFYPrLXgIMzbnJXXlR838oSBvPyk3qP+l9ncowEHIj/adZB2oZLmnvAt0mOMtY7i8ZJ6cTSnVk1RVfg3s7nypolaZL8Bfr8kneVhvmslUKn5+ZWeCovMzynMj7PpFGOYL4weQ vZgwUNDa VBYpdziJ/WuW4mxgt6WQ+rAP3LoF6GaxSEj4FTjazlrpqshBvBQ6UsPZX9iaH5qXIp0IunyK1iXkm6VAUHYWENxL8ybz+GybrW++Qi5ev0AZlVkh31cHqK5aDC7xBSh9guY7QW9ugih7KurC86ljE3xCbQ8MiJgYH3qoyIynnh65+s9MCWll3h5aofkmJtl08+4N3CwxCAh4NFwryL2poIzL0wQU7wzm6zRWg2EDvg12Pm6gKH1ZtjNZ5Y/ZgQz7dI/s8ovbFDpuzCj9lJABdNpsCC6dDWuQnEnR/konaycvis6ek4l9PeFEy03mE8a0NC5Pzj1FoioK5czGprV+JWbPru+A2Qsb5mYQllzVXcm/qnigRgk1sAwE3SbMSJ1HF/s6fFUBy4cLY0DPR0wEj3OTyPEuwxWnac0Kphun91MU5U2z7GBHFgSF8JDfClvkN/SGL X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The lazy MMU mode can only be entered and left under the protection of the page table locks for all page tables which may be modified. Yet, when it comes to kernel mappings apply_to_pte_range() does not take any locks. That does not conform arch_enter|leave_lazy_mmu_mode() semantics and could potentially lead to re-schedulling a process while in lazy MMU mode or racing on a kernel page table updates. Signed-off-by: Alexander Gordeev Reviewed-by: Nicholas Piggin --- mm/kasan/shadow.c | 7 ++----- mm/memory.c | 5 ++++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index edfa77959474..6531a7aa8562 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -308,14 +308,14 @@ static int kasan_populate_vmalloc_pte(pte_t *ptep, unsigned long addr, __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); - spin_lock(&init_mm.page_table_lock); if (likely(pte_none(ptep_get(ptep)))) { set_pte_at(&init_mm, addr, ptep, pte); page = 0; } - spin_unlock(&init_mm.page_table_lock); + if (page) free_page(page); + return 0; } @@ -401,13 +401,10 @@ static int kasan_depopulate_vmalloc_pte(pte_t *ptep, unsigned long addr, page = (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT); - spin_lock(&init_mm.page_table_lock); - if (likely(!pte_none(ptep_get(ptep)))) { pte_clear(&init_mm, addr, ptep); free_page(page); } - spin_unlock(&init_mm.page_table_lock); return 0; } diff --git a/mm/memory.c b/mm/memory.c index f0201c8ec1ce..1f3727104e99 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2926,6 +2926,7 @@ static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd, pte = pte_offset_kernel(pmd, addr); if (!pte) return err; + spin_lock(&init_mm.page_table_lock); } else { if (create) pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); @@ -2951,7 +2952,9 @@ static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd, arch_leave_lazy_mmu_mode(); - if (mm != &init_mm) + if (mm == &init_mm) + spin_unlock(&init_mm.page_table_lock); + else pte_unmap_unlock(mapped_pte, ptl); *mask |= PGTBL_PTE_MODIFIED;