| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jul 2016 14:54:47 +0100 From: Catalin Marinas <catalin.marinas@....com> To: "Leizhen (ThunderTown)" <thunder.leizhen@...wei.com> Cc: Steve Capper <Steve.Capper@....com>, David Woods <dwoods@...hip.com>, Tianhong Ding <dingtianhong@...wei.com>, Will Deacon <will.deacon@....com>, linux-kernel <linux-kernel@...r.kernel.org>, Xinwei Hu <huxinwei@...wei.com>, Zefan Li <lizefan@...wei.com>, Hanjun Guo <guohanjun@...wei.com>, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH 1/1] arm64/hugetlb: clear PG_dcache_clean if the page is dirty when munmap On Fri, Jul 08, 2016 at 11:36:57AM +0800, Leizhen (ThunderTown) wrote: > On 2016/7/7 23:37, Catalin Marinas wrote: > > On Thu, Jul 07, 2016 at 08:09:04PM +0800, Zhen Lei wrote: > >> At present, PG_dcache_clean is only cleared when the related huge page > >> is about to be freed. But sometimes, there maybe a process is in charge > >> to copy binary codes into a shared memory, and notifies other processes > >> to execute base on that. For the first time, there is no problem, because > >> the default value of page->flags is PG_dcache_clean cleared. So the cache > >> will be maintained at the time of set_pte_at for other processes. But if > >> the content of the shared memory have been updated again, there is no > >> cache operations, because the PG_dcache_clean is still set. > >> > >> For example: > >> Process A > >> open a hugetlbfs file > >> mmap it as a shared memory > >> copy some binary codes into it > >> munmap > >> > >> Process B > >> open the hugetlbfs file > >> mmap it as a shared memory, executable > >> invoke the functions in the shared memory > >> munmap > >> > >> repeat the above steps. > > > > Does this work as you would expect with small pages (and for example > > shared file mmap)? I don't want to have a different behaviour between > > small and huge pages. > > The small pages also have this problem, I will try to fix it too. Have you run the above tests on a standard file (with small pages)? It's strange that we haven't hit this so far with gcc or something else generating code (unless they don't use mmap but just sequential writes). If both cases need solving, we might better move the fix in the __sync_icache_dcache() function. Untested: ------------8<---------------- diff --git a/arch/arm64/mm/flush.c b/arch/arm64/mm/flush.c index dbd12ea8ce68..c753fa804165 100644 --- a/arch/arm64/mm/flush.c +++ b/arch/arm64/mm/flush.c @@ -75,7 +75,8 @@ void __sync_icache_dcache(pte_t pte, unsigned long addr) if (!page_mapping(page)) return; - if (!test_and_set_bit(PG_dcache_clean, &page->flags)) + if (!test_and_set_bit(PG_dcache_clean, &page->flags) || + PageDirty(page)) sync_icache_aliases(page_address(page), PAGE_SIZE << compound_order(page)); else if (icache_is_aivivt()) ----------------8<--------------------- BTW, can you make your tests (source) available somewhere? Thanks. -- Catalin
Powered by blists - more mailing lists