lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 25 Sep 2014 09:40:24 -0500
From:	James Custer <jcuster@....com>
To:	x86@...nel.org, linux-kernel@...r.kernel.org, tglx@...utronix.de,
	mingo@...hat.com, hpa@...or.com
Cc:	James Custer <jcuster@....com>
Subject: [PATCH] x86: Allow 1GB pages to be SPECIAL similar to 2MB

Superpages allocated by SGI's superpages module can be backed by 1GB pages,
but direct i/o cannot be used. The superpages module uses _PAGE_BIT_SPECIAL
to disable direct i/o because some code depends on the memory being backed
by page structures. But, because superpages have no backing page structures
this causes a panic.

This is the way direct i/o on 1GB pages fails:

               BUG: unable to handle kernel paging request at ffffea0038000000
[60463.203795] IP: [<ffffffff8103c93a>] gup_huge_pud+0x9a/0xe0
[60463.210058] PGD 83ffd3067 PUD 83ffd2067 PMD 0
[60463.215052] Oops: 0000 [#1] SMP

Stack traceback for pid 77136
0xffff8867a88ae300    77136    74825  1   56   R  0xffff8867a88ae970 *readdirectsp
 [<ffffffff8103c93a>] gup_huge_pud+0x9a/0xe0
 [<ffffffff8103cc33>] gup_pud_range+0x173/0x1b0
 [<ffffffff8103cd57>] get_user_pages_fast+0xe7/0x1b0
 [<ffffffff8118eac3>] dio_get_page+0x83/0x150
 [<ffffffff8118f641>] do_direct_IO+0x81/0x420
 [<ffffffff8118fb89>] direct_io_worker+0x1a9/0x340
 [<ffffffffa00c5de8>] ext3_direct_IO+0xe8/0x2c0 [ext3]
 [<ffffffff810fa527>] generic_file_aio_read+0x237/0x260
 [<ffffffff81159878>] do_sync_read+0xc8/0x110
 [<ffffffff8115a027>] vfs_read+0xc7/0x130
 [<ffffffff8115a193>] sys_read+0x53/0xa0
 [<ffffffff81466192>] system_call_fastpath+0x16/0x1b

gup_huge_pud() is trying to find the page structure, and with superpages there
is none.

With direct i/o on 2MB pages:

static int gup_pmd_range(pud_t pud, unsigned long addr, unsigned long end,
                int write, struct page **pages, int *nr)
{
 ...
                if (pmd_none(pmd) || pmd_trans_splitting(pmd))
                        return 0;

and pmd_trans_splitting() is testing _PAGE_SPLITTING, which is an alias
for _PAGE_SPECIAL which we set on the 2MB or 1GB pages mapped in by superpages.

But gup_pud_range() has no such check:

static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
                        int write, struct page **pages, int *nr)
{
  ...
                if (pud_none(pud))
                        return 0;

Therefore direct i/o on 1GB pages attempts to get a page structure and panics.

Signed-off-by: James Custer <jcuster@....com>
---
 arch/x86/mm/gup.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
index dd74e46..12ca9cf 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
@@ -121,7 +121,6 @@ static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
 		mask |= _PAGE_RW;
 	if ((pte_flags(pte) & mask) != mask)
 		return 0;
-	/* hugepages are never "special" */
 	VM_BUG_ON(pte_flags(pte) & _PAGE_SPECIAL);
 	VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
 
@@ -191,7 +190,6 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
 		mask |= _PAGE_RW;
 	if ((pte_flags(pte) & mask) != mask)
 		return 0;
-	/* hugepages are never "special" */
 	VM_BUG_ON(pte_flags(pte) & _PAGE_SPECIAL);
 	VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
 
@@ -223,7 +221,7 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
 		pud_t pud = *pudp;
 
 		next = pud_addr_end(addr, end);
-		if (pud_none(pud))
+		if (pud_none(pud) || (pud_val(pud) & _PAGE_SPECIAL))
 			return 0;
 		if (unlikely(pud_large(pud))) {
 			if (!gup_huge_pud(pud, addr, next, write, pages, nr))
-- 
1.7.12.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists