| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1310725418.2586.309.camel@twins>
Date: Fri, 15 Jul 2011 12:23:38 +0200
From: Peter Zijlstra <a.p.zijlstra@...llo.nl>
To: Shan Hai <haishan.bai@...il.com>
Cc: benh@...nel.crashing.org, paulus@...ba.org, tglx@...utronix.de,
walken@...gle.com, dhowells@...hat.com, cmetcalf@...era.com,
tony.luck@...el.com, akpm@...ux-foundation.org,
linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] Fixup write permission of TLB on powerpc e500 core
On Fri, 2011-07-15 at 16:07 +0800, Shan Hai wrote:
> The kernel has no write permission on COW pages by default on e500 core, this
> will cause endless loop in futex_lock_pi, because futex code assumes the kernel
> has write permission on COW pages. Grant write permission to the kernel on COW
> pages when access violation page fault occurs.
>
> Signed-off-by: Shan Hai <haishan.bai@...il.com>
> ---
> arch/powerpc/include/asm/futex.h | 11 ++++++++++-
> arch/powerpc/include/asm/tlb.h | 25 +++++++++++++++++++++++++
> 2 files changed, 35 insertions(+), 1 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h
> index c94e4a3..54c3e74 100644
> --- a/arch/powerpc/include/asm/futex.h
> +++ b/arch/powerpc/include/asm/futex.h
> @@ -8,6 +8,7 @@
> #include <asm/errno.h>
> #include <asm/synch.h>
> #include <asm/asm-compat.h>
> +#include <asm/tlb.h>
>
> #define __futex_atomic_op(insn, ret, oldval, uaddr, oparg) \
> __asm__ __volatile ( \
> @@ -113,7 +114,15 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
> : "cc", "memory");
>
> *uval = prev;
> - return ret;
> +
> + /* Futex assumes the kernel has permission to write to
> + * COW pages, grant the kernel write permission on COW
> + * pages because it has none by default.
> + */
> + if (ret == -EFAULT)
> + __tlb_fixup_write_permission(current->mm, (unsigned long)uaddr);
> +
> + return ret;
> }
>
> #endif /* __KERNEL__ */
> diff --git a/arch/powerpc/include/asm/tlb.h b/arch/powerpc/include/asm/tlb.h
> index e2b428b..3863c6a 100644
> --- a/arch/powerpc/include/asm/tlb.h
> +++ b/arch/powerpc/include/asm/tlb.h
> @@ -45,5 +45,30 @@ static inline void __tlb_remove_tlb_entry(struct mmu_gather *tlb, pte_t *ptep,
> #endif
> }
>
> +/* Grant write permission to the kernel on a page. */
> +static inline void __tlb_fixup_write_permission(struct mm_struct *mm,
> + unsigned long address)
> +{
> +#if defined(CONFIG_FSL_BOOKE)
> + /* Grant write permission to the kernel on a page by setting TLB.SW
> + * bit, the bit setting operation is tricky here, calling
> + * handle_mm_fault with FAULT_FLAG_WRITE causes _PAGE_DIRTY bit of
> + * the pte to be set, the _PAGE_DIRTY of the pte is translated into
> + * TLB.SW on Powerpc e500 core.
> + */
> +
> + struct vm_area_struct *vma;
> +
> + vma = find_vma(mm, address);
Uhm, find_vma() needs mmap_sem, and futex_atomic_cmpxchg_inatomic() is
most certainly not called with that lock held.
> + if (likely(vma)) {
> + /* only fixup present page */
> + if (follow_page(vma, address, FOLL_WRITE)) {
> + handle_mm_fault(mm, vma, address, FAULT_FLAG_WRITE);
So how can this toggle your sw dirty/young tracking, that's pretty much
what gup(.write=1) does too!
> + flush_tlb_page(vma, address);
> + }
> + }
> +#endif
> +}
> +
> #endif /* __KERNEL__ */
> #endif /* __ASM_POWERPC_TLB_H */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists