| Message ID | 1533637471-30953-3-git-send-email-joro@8bytes.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | PTI for x86-32 Fixes | expand |
On 08/07/2018 03:24 AM, Joerg Roedel wrote: > The function sets the global-bit on cloned PMD entries, > which only makes sense when the permissions are identical > between the user and the kernel page-table. > > Further, only write-permissions are cleared for entry-text > and kernel-text sections, which are not writeable anyway. I think this patch is correct, but I'd be curious if Andy remembers why we chose to clear _PAGE_RW on these things. It might have been that we were trying to say that the *entry* code shouldn't write to this stuff, regardless of whether the normal kernel can. But, either way, I agree with the logic here that Global pages must share permissions between both mappings, so feel free to add my Ack. I just want to make sure Andy doesn't remember some detail I'm forgetting.
On Tue, Aug 7, 2018 at 11:34 AM, Dave Hansen <dave.hansen@intel.com> wrote: > On 08/07/2018 03:24 AM, Joerg Roedel wrote: >> The function sets the global-bit on cloned PMD entries, >> which only makes sense when the permissions are identical >> between the user and the kernel page-table. >> >> Further, only write-permissions are cleared for entry-text >> and kernel-text sections, which are not writeable anyway. > > I think this patch is correct, but I'd be curious if Andy remembers why > we chose to clear _PAGE_RW on these things. It might have been that we > were trying to say that the *entry* code shouldn't write to this stuff, > regardless of whether the normal kernel can. > > But, either way, I agree with the logic here that Global pages must > share permissions between both mappings, so feel free to add my Ack. I > just want to make sure Andy doesn't remember some detail I'm forgetting. I suspect it's because we used to (and maybe still do) initialize the user tables before mark_read_only().
On Tue, 7 Aug 2018, Andy Lutomirski wrote: > On Tue, Aug 7, 2018 at 11:34 AM, Dave Hansen <dave.hansen@intel.com> wrote: > > On 08/07/2018 03:24 AM, Joerg Roedel wrote: > >> The function sets the global-bit on cloned PMD entries, > >> which only makes sense when the permissions are identical > >> between the user and the kernel page-table. > >> > >> Further, only write-permissions are cleared for entry-text > >> and kernel-text sections, which are not writeable anyway. > > > > I think this patch is correct, but I'd be curious if Andy remembers why > > we chose to clear _PAGE_RW on these things. It might have been that we > > were trying to say that the *entry* code shouldn't write to this stuff, > > regardless of whether the normal kernel can. > > > > But, either way, I agree with the logic here that Global pages must > > share permissions between both mappings, so feel free to add my Ack. I > > just want to make sure Andy doesn't remember some detail I'm forgetting. > > I suspect it's because we used to (and maybe still do) initialize the > user tables before mark_read_only(). We still do that because we need the entry stuff working for interrupts early on. We now repeat the clone after mark_ro so the mask RW is not longer required. Thanks, tglx
On Tue, Aug 7, 2018 at 1:21 PM, Thomas Gleixner <tglx@linutronix.de> wrote: > On Tue, 7 Aug 2018, Andy Lutomirski wrote: > >> On Tue, Aug 7, 2018 at 11:34 AM, Dave Hansen <dave.hansen@intel.com> wrote: >> > On 08/07/2018 03:24 AM, Joerg Roedel wrote: >> >> The function sets the global-bit on cloned PMD entries, >> >> which only makes sense when the permissions are identical >> >> between the user and the kernel page-table. >> >> >> >> Further, only write-permissions are cleared for entry-text >> >> and kernel-text sections, which are not writeable anyway. >> > >> > I think this patch is correct, but I'd be curious if Andy remembers why >> > we chose to clear _PAGE_RW on these things. It might have been that we >> > were trying to say that the *entry* code shouldn't write to this stuff, >> > regardless of whether the normal kernel can. >> > >> > But, either way, I agree with the logic here that Global pages must >> > share permissions between both mappings, so feel free to add my Ack. I >> > just want to make sure Andy doesn't remember some detail I'm forgetting. >> >> I suspect it's because we used to (and maybe still do) initialize the >> user tables before mark_read_only(). > > We still do that because we need the entry stuff working for interrupts > early on. We now repeat the clone after mark_ro so the mask RW is not > longer required. Agreed.
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 113ba14..5164c98 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -291,7 +291,7 @@ static void __init pti_setup_vsyscall(void) { } #endif static void -pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) +pti_clone_pmds(unsigned long start, unsigned long end) { unsigned long addr; @@ -352,7 +352,7 @@ pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) * tables will share the last-level page tables of this * address range */ - *target_pmd = pmd_clear_flags(*pmd, clear); + *target_pmd = *pmd; } } @@ -398,7 +398,7 @@ static void __init pti_clone_user_shared(void) start = CPU_ENTRY_AREA_BASE; end = start + (PAGE_SIZE * CPU_ENTRY_AREA_PAGES); - pti_clone_pmds(start, end, 0); + pti_clone_pmds(start, end); } #endif /* CONFIG_X86_64 */ @@ -418,8 +418,7 @@ static void __init pti_setup_espfix64(void) static void pti_clone_entry_text(void) { pti_clone_pmds((unsigned long) __entry_text_start, - (unsigned long) __irqentry_text_end, - _PAGE_RW); + (unsigned long) __irqentry_text_end); } /* @@ -501,7 +500,7 @@ static void pti_clone_kernel_text(void) * pti_set_kernel_image_nonglobal() did to clear the * global bit. */ - pti_clone_pmds(start, end_clone, _PAGE_RW); + pti_clone_pmds(start, end_clone); /* * pti_clone_pmds() will set the global bit in any PMDs