lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 Oct 2022 14:06:00 +0530
From:   Anshuman Khandual <anshuman.khandual@....com>
To:     Muchun Song <muchun.song@...ux.dev>
Cc:     Wupeng Ma <mawupeng1@...wei.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Muchun Song <songmuchun@...edance.com>,
        Michal Hocko <mhocko@...e.com>,
        Oscar Salvador <osalvador@...e.de>, catalin.marinas@....com,
        Linux Memory Management List <linux-mm@...ck.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH -next 1/1] mm: hugetlb_vmemmap: Fix WARN_ON in
 vmemmap_remap_pte



On 10/26/22 12:31, Muchun Song wrote:
> 
> 
>> On Oct 26, 2022, at 13:06, Anshuman Khandual <anshuman.khandual@....com> wrote:
>>
>>
>>
>> On 10/25/22 12:06, Muchun Song wrote:
>>>
>>>
>>>> On Oct 25, 2022, at 09:42, Wupeng Ma <mawupeng1@...wei.com> wrote:
>>>>
>>>> From: Ma Wupeng <mawupeng1@...wei.com>
>>>>
>>>> Commit f41f2ed43ca5 ("mm: hugetlb: free the vmemmap pages associated with
>>>> each HugeTLB page") add vmemmap_remap_pte to remap the tail pages as
>>>> read-only to catch illegal write operation to the tail page.
>>>>
>>>> However this will lead to WARN_ON in arm64 in __check_racy_pte_update()
>>>
>>> Thanks for your finding this issue.
>>>
>>>> since this may lead to dirty state cleaned. This check is introduced by
>>>> commit 2f4b829c625e ("arm64: Add support for hardware updates of the
>>>> access and dirty pte bits") and the initial check is as follow:
>>>>
>>>> BUG_ON(pte_write(*ptep) && !pte_dirty(pte));
>>>>
>>>> Since we do need to mark this pte as read-only to catch illegal write
>>>> operation to the tail pages, use set_pte  to replace set_pte_at to bypass
>>>> this check.
>>>
>>> In theory, the waring does not affect anything since the tail vmemmap
>>> pages are supposed to be read-only. So, skipping this check for vmemmap
>>
>> Tails vmemmap pages are supposed to be read-only, in practice but their
>> backing pages do have pte_write() enabled. Otherwise the VM_WARN_ONCE()
>> warning would not have triggered.
> 
> Right.
> 
>>
>>        VM_WARN_ONCE(pte_write(old_pte) && !pte_dirty(pte),
>>                     "%s: racy dirty state clearing: 0x%016llx -> 0x%016llx",
>>                     __func__, pte_val(old_pte), pte_val(pte));
>>
>> Also, is not it true that the pte being remapped into a different page
>> as read only, than what it had originally (which will be freed up) i.e 
>> the PFN in 'old_pte' and 'pte' will be different. Hence is there still
> 
> Right.
> 
>> a possibility for a race condition even when the PFN changes ?
> 
> Sorry, I didn't get this question. Did you mean the PTE is changed from
> new (pte) to the old one (old_pte) by the hardware because of the update
> of dirty bit when a concurrent write operation to the tail vmemmap page?

No, but is not vmemmap_remap_pte() reuses walk->reuse_page for all remaining
tails pages ? Is not there a PFN change, along with access permission change
involved in this remapping process ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ