| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <10bd4fc0-4fc0-bd98-6926-7d721a3bb12e@redhat.com>
Date: Wed, 14 Dec 2022 12:22:49 +0100
From: David Hildenbrand <david@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Hugh Dickins <hughd@...gle.com>,
John Hubbard <jhubbard@...dia.com>,
Jason Gunthorpe <jgg@...dia.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Yang Shi <shy828301@...il.com>,
Vlastimil Babka <vbabka@...e.cz>,
Nadav Amit <namit@...are.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Peter Xu <peterx@...hat.com>, linux-mm@...ck.org,
x86@...nel.org, linux-alpha@...r.kernel.org,
linux-snps-arc@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org, linux-csky@...r.kernel.org,
linux-hexagon@...r.kernel.org, linux-ia64@...r.kernel.org,
loongarch@...ts.linux.dev, linux-m68k@...ts.linux-m68k.org,
linux-mips@...r.kernel.org, openrisc@...ts.librecores.org,
linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-riscv@...ts.infradead.org, linux-s390@...r.kernel.org,
linux-sh@...r.kernel.org, sparclinux@...r.kernel.org,
linux-um@...ts.infradead.org, linux-xtensa@...ux-xtensa.org,
Albert Ou <aou@...s.berkeley.edu>,
Anton Ivanov <anton.ivanov@...bridgegreys.com>,
Borislav Petkov <bp@...en8.de>, Brian Cain <bcain@...cinc.com>,
Christophe Leroy <christophe.leroy@...roup.eu>,
Chris Zankel <chris@...kel.net>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"David S. Miller" <davem@...emloft.net>,
Dinh Nguyen <dinguyen@...nel.org>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Greg Ungerer <gerg@...ux-m68k.org>,
Guo Ren <guoren@...nel.org>, Helge Deller <deller@....de>,
"H. Peter Anvin" <hpa@...or.com>,
Huacai Chen <chenhuacai@...nel.org>,
Ingo Molnar <mingo@...hat.com>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
"James E.J. Bottomley" <James.Bottomley@...senPartnership.com>,
Johannes Berg <johannes@...solutions.net>,
Matt Turner <mattst88@...il.com>,
Max Filippov <jcmvbkbc@...il.com>,
Michael Ellerman <mpe@...erman.id.au>,
Michal Simek <monstr@...str.eu>,
Nicholas Piggin <npiggin@...il.com>,
Palmer Dabbelt <palmer@...belt.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
Richard Henderson <richard.henderson@...aro.org>,
Richard Weinberger <richard@....at>,
Rich Felker <dalias@...c.org>,
Russell King <linux@...linux.org.uk>,
Stafford Horne <shorne@...il.com>,
Stefan Kristiansson <stefan.kristiansson@...nalahti.fi>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Thomas Gleixner <tglx@...utronix.de>,
Vineet Gupta <vgupta@...nel.org>,
WANG Xuerui <kernel@...0n.name>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>
Subject: Re: [PATCH mm-unstable RFC 00/26] mm: support
__HAVE_ARCH_PTE_SWP_EXCLUSIVE on all architectures with swap PTEs
On 06.12.22 15:47, David Hildenbrand wrote:
> This is the follow-up on [1]:
> [PATCH v2 0/8] mm: COW fixes part 3: reliable GUP R/W FOLL_GET of
> anonymous pages
>
> After we implemented __HAVE_ARCH_PTE_SWP_EXCLUSIVE on most prominent
> enterprise architectures, implement __HAVE_ARCH_PTE_SWP_EXCLUSIVE on all
> remaining architectures that support swap PTEs.
>
> This makes sure that exclusive anonymous pages will stay exclusive, even
> after they were swapped out -- for example, making GUP R/W FOLL_GET of
> anonymous pages reliable. Details can be found in [1].
>
> This primarily fixes remaining known O_DIRECT memory corruptions that can
> happen on concurrent swapout, whereby we can lose DMA reads to a page
> (modifying the user page by writing to it).
>
> To verify, there are two test cases (requiring swap space, obviously):
> (1) The O_DIRECT+swapout test case [2] from Andrea. This test case tries
> triggering a race condition.
> (2) My vmsplice() test case [3] that tries to detect if the exclusive
> marker was lost during swapout, not relying on a race condition.
>
>
> For example, on 32bit x86 (with and without PAE), my test case fails
> without these patches:
> $ ./test_swp_exclusive
> FAIL: page was replaced during COW
> But succeeds with these patches:
> $ ./test_swp_exclusive
> PASS: page was not replaced during COW
>
>
> Why implement __HAVE_ARCH_PTE_SWP_EXCLUSIVE for all architectures, even
> the ones where swap support might be in a questionable state? This is the
> first step towards removing "readable_exclusive" migration entries, and
> instead using pte_swp_exclusive() also with (readable) migration entries
> instead (as suggested by Peter). The only missing piece for that is
> supporting pmd_swp_exclusive() on relevant architectures with THP
> migration support.
>
> As all relevant architectures now implement __HAVE_ARCH_PTE_SWP_EXCLUSIVE,,
> we can drop __HAVE_ARCH_PTE_SWP_EXCLUSIVE in the last patch.
>
>
> RFC because some of the swap PTE layouts are really tricky and I really
> need some feedback related to deciphering these layouts and "using yet
> unused PTE bits in swap PTEs". I tried cross-compiling all relevant setups
> (phew, I might only miss some power/nohash variants), but only tested on
> x86 so far.
As I was messing with sparc64 either way and got debian to boot under
QEMU, I verified that the sparc64 change also seems to work as expected
(under sun4u).
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists