lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+zEjCuEeCRXeagYas8z6x=u+gfjMMAqKNM5+4EuM_7aaof+wQ@mail.gmail.com>
Date:   Sat, 28 May 2022 10:15:06 +0200
From:   Alexandre Ghiti <alexandre.ghiti@...onical.com>
To:     Heiko Stübner <heiko@...ech.de>
Cc:     palmer@...belt.com, paul.walmsley@...ive.com,
        aou@...s.berkeley.edu, linux-riscv@...ts.infradead.org,
        linux-kernel@...r.kernel.org, wefu@...hat.com,
        liush@...winnertech.com, guoren@...nel.org, atishp@...shpatra.org,
        anup@...infault.org, drew@...gleboard.org, hch@....de,
        arnd@...db.de, wens@...e.org, maxime@...no.tech,
        gfavor@...tanamicro.com, andrea.mondelli@...wei.com,
        behrensj@....edu, xinhaoqu@...wei.com, mick@....forth.gr,
        allen.baum@...erantotech.com, jscheid@...tanamicro.com,
        rtrauben@...il.com, samuel@...lland.org, cmuellner@...ux.com,
        philipp.tomsich@...ll.eu
Subject: Re: [PATCH 08/12] riscv: Fix accessing pfn bits in PTEs for non-32bit variants

On Wed, May 25, 2022 at 5:22 PM Heiko Stübner <heiko@...ech.de> wrote:
>
> Hi Alexandre,
>
> Am Montag, 23. Mai 2022, 16:03:10 CEST schrieb Alexandre Ghiti:
> > Hi Heiko,
> >
> > On Wed, May 11, 2022 at 9:31 PM Heiko Stuebner <heiko@...ech.de> wrote:
> > >
> > > On rv32 the PFN part of PTEs is defined to use bits [xlen-1:10]
> > > while on rv64 it is defined to use bits [53:10], leaving [63:54]
> > > as reserved.
> > >
> > > With upcoming optional extensions like svpbmt these previously
> > > reserved bits will get used so simply right-shifting the PTE
> > > to get the PFN won't be enough.
> > >
> > > So introduce a _PAGE_PFN_MASK constant to mask the correct bits
> > > for both rv32 and rv64 before shifting.
> > >
> > > Signed-off-by: Heiko Stuebner <heiko@...ech.de>
> > > Reviewed-by: Philipp Tomsich <philipp.tomsich@...ll.eu>
> > > ---
> > >  arch/riscv/include/asm/pgtable-32.h   |  8 ++++++++
> > >  arch/riscv/include/asm/pgtable-64.h   | 14 +++++++++++---
> > >  arch/riscv/include/asm/pgtable-bits.h |  6 ------
> > >  arch/riscv/include/asm/pgtable.h      |  8 +++++---
> > >  4 files changed, 24 insertions(+), 12 deletions(-)
> > >
> > > diff --git a/arch/riscv/include/asm/pgtable-32.h b/arch/riscv/include/asm/pgtable-32.h
> > > index 5b2e79e5bfa5..e266a4fe7f43 100644
> > > --- a/arch/riscv/include/asm/pgtable-32.h
> > > +++ b/arch/riscv/include/asm/pgtable-32.h
> > > @@ -7,6 +7,7 @@
> > >  #define _ASM_RISCV_PGTABLE_32_H
> > >
> > >  #include <asm-generic/pgtable-nopmd.h>
> > > +#include <linux/bits.h>
> > >  #include <linux/const.h>
> > >
> > >  /* Size of region mapped by a page global directory */
> > > @@ -16,4 +17,11 @@
> > >
> > >  #define MAX_POSSIBLE_PHYSMEM_BITS 34
> > >
> > > +/*
> > > + * rv32 PTE format:
> > > + * | XLEN-1  10 | 9             8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0
> > > + *       PFN      reserved for SW   D   A   G   U   X   W   R   V
> > > + */
> > > +#define _PAGE_PFN_MASK  GENMASK(31, 10)
> > > +
> > >  #endif /* _ASM_RISCV_PGTABLE_32_H */
> > > diff --git a/arch/riscv/include/asm/pgtable-64.h b/arch/riscv/include/asm/pgtable-64.h
> > > index 7e246e9f8d70..15f3ad5aee4f 100644
> > > --- a/arch/riscv/include/asm/pgtable-64.h
> > > +++ b/arch/riscv/include/asm/pgtable-64.h
> > > @@ -6,6 +6,7 @@
> > >  #ifndef _ASM_RISCV_PGTABLE_64_H
> > >  #define _ASM_RISCV_PGTABLE_64_H
> > >
> > > +#include <linux/bits.h>
> > >  #include <linux/const.h>
> > >
> > >  extern bool pgtable_l4_enabled;
> > > @@ -65,6 +66,13 @@ typedef struct {
> > >
> > >  #define PTRS_PER_PMD    (PAGE_SIZE / sizeof(pmd_t))
> > >
> > > +/*
> > > + * rv64 PTE format:
> > > + * | 63 | 62 61 | 60 54 | 53  10 | 9             8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0
> > > + *   N      MT     RSV    PFN      reserved for SW   D   A   G   U   X   W   R   V
> > > + */
> > > +#define _PAGE_PFN_MASK  GENMASK(53, 10)
> > > +
> > >  static inline int pud_present(pud_t pud)
> > >  {
> > >         return (pud_val(pud) & _PAGE_PRESENT);
> > > @@ -108,12 +116,12 @@ static inline unsigned long _pud_pfn(pud_t pud)
> > >
> > >  static inline pmd_t *pud_pgtable(pud_t pud)
> > >  {
> > > -       return (pmd_t *)pfn_to_virt(pud_val(pud) >> _PAGE_PFN_SHIFT);
> > > +       return (pmd_t *)pfn_to_virt(__page_val_to_pfn(pud_val(pud)));
> > >  }
> > >
> > >  static inline struct page *pud_page(pud_t pud)
> > >  {
> > > -       return pfn_to_page(pud_val(pud) >> _PAGE_PFN_SHIFT);
> > > +       return pfn_to_page(__page_val_to_pfn(pud_val(pud)));
> > >  }
> > >
> > >  #define mm_p4d_folded  mm_p4d_folded
> > > @@ -143,7 +151,7 @@ static inline pmd_t pfn_pmd(unsigned long pfn, pgprot_t prot)
> > >
> > >  static inline unsigned long _pmd_pfn(pmd_t pmd)
> > >  {
> > > -       return pmd_val(pmd) >> _PAGE_PFN_SHIFT;
> > > +       return __page_val_to_pfn(pmd_val(pmd));
> > >  }
> > >
> > >  #define mk_pmd(page, prot)    pfn_pmd(page_to_pfn(page), prot)
> > > diff --git a/arch/riscv/include/asm/pgtable-bits.h b/arch/riscv/include/asm/pgtable-bits.h
> > > index a6b0c89824c2..e571fa954afc 100644
> > > --- a/arch/riscv/include/asm/pgtable-bits.h
> > > +++ b/arch/riscv/include/asm/pgtable-bits.h
> > > @@ -6,12 +6,6 @@
> > >  #ifndef _ASM_RISCV_PGTABLE_BITS_H
> > >  #define _ASM_RISCV_PGTABLE_BITS_H
> > >
> > > -/*
> > > - * PTE format:
> > > - * | XLEN-1  10 | 9             8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0
> > > - *       PFN      reserved for SW   D   A   G   U   X   W   R   V
> > > - */
> > > -
> > >  #define _PAGE_ACCESSED_OFFSET 6
> > >
> > >  #define _PAGE_PRESENT   (1 << 0)
> > > diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
> > > index 046b44225623..faba543e2b08 100644
> > > --- a/arch/riscv/include/asm/pgtable.h
> > > +++ b/arch/riscv/include/asm/pgtable.h
> > > @@ -108,6 +108,8 @@
> > >  #include <asm/tlbflush.h>
> > >  #include <linux/mm_types.h>
> > >
> > > +#define __page_val_to_pfn(_val)  (((_val) & _PAGE_PFN_MASK) >> _PAGE_PFN_SHIFT)
> > > +
> > >  #ifdef CONFIG_64BIT
> > >  #include <asm/pgtable-64.h>
> > >  #else
> > > @@ -261,12 +263,12 @@ static inline unsigned long _pgd_pfn(pgd_t pgd)
> > >
> > >  static inline struct page *pmd_page(pmd_t pmd)
> > >  {
> > > -       return pfn_to_page(pmd_val(pmd) >> _PAGE_PFN_SHIFT);
> > > +       return pfn_to_page(__page_val_to_pfn(pmd_val(pmd)));
> > >  }
> > >
> > >  static inline unsigned long pmd_page_vaddr(pmd_t pmd)
> > >  {
> > > -       return (unsigned long)pfn_to_virt(pmd_val(pmd) >> _PAGE_PFN_SHIFT);
> > > +       return (unsigned long)pfn_to_virt(__page_val_to_pfn(pmd_val(pmd)));
> > >  }
> > >
> > >  static inline pte_t pmd_pte(pmd_t pmd)
> > > @@ -282,7 +284,7 @@ static inline pte_t pud_pte(pud_t pud)
> > >  /* Yields the page frame number (PFN) of a page table entry */
> > >  static inline unsigned long pte_pfn(pte_t pte)
> > >  {
> > > -       return (pte_val(pte) >> _PAGE_PFN_SHIFT);
> > > +       return __page_val_to_pfn(pte_val(pte));
> > >  }
> > >
> > >  #define pte_page(x)     pfn_to_page(pte_pfn(x))
> > > --
> > > 2.35.1
> > >
> > >
> > > _______________________________________________
> > > linux-riscv mailing list
> > > linux-riscv@...ts.infradead.org
> > > http://lists.infradead.org/mailman/listinfo/linux-riscv
> >
> > I had this weird bug and it took some time to figure out that _pgd_pfn
> > is missing the "& _PAGE_PFN_MASK" here.
> >
> > And then I grepped _PAGE_PFN_SHIFT and saw that _pud_pfn, p4d_pgtable,
> > __pmd_to_phys and stage2_pte_page_vaddr are also missing this mask. I
> > agree that we need something similar to your helper __page_val_to_pfn
> > (even if __page prefix is a bit weird to me) but I think we should go
> > further: forbid the use of _PAGE_PFN_SHIFT and contain this in a
> > single function that should be used to access the pfn minus the upper
> > bits, that would avoid future oversights.
> >
> > I can come up with something if needs be, up to you!
>
> as you seem to be stuck in the topic already, you might be faster
> than me with that I guess?

I'll propose the quick fix next week and will think about the proper
solution later.

Thanks

>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ