lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJF2gTQMAVUtC6_ftEwp=EeYR_O7yzfGYmxwrqcO6+hn2J32bA@mail.gmail.com>
Date:   Sat, 22 Jul 2023 00:08:36 +0800
From:   Guo Ren <guoren@...nel.org>
To:     Alexandre Ghiti <alex@...ti.fr>
Cc:     palmer@...osinc.com, paul.walmsley@...ive.com, falcon@...ylab.org,
        bjorn@...nel.org, conor.dooley@...rochip.com,
        linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-riscv@...ts.infradead.org, Guo Ren <guoren@...ux.alibaba.com>
Subject: Re: [PATCH] riscv: mm: Fixup spurious fault of kernel vaddr

On Fri, Jul 21, 2023 at 11:19 PM Alexandre Ghiti <alex@...ti.fr> wrote:
>
>
> On 21/07/2023 16:51, guoren@...nel.org wrote:
> > From: Guo Ren <guoren@...ux.alibaba.com>
> >
> > RISC-V specification permits the caching of PTEs whose V (Valid)
> > bit is clear. Operating systems must be written to cope with this
> > possibility, but implementers are reminded that eagerly caching
> > invalid PTEs will reduce performance by causing additional page
> > faults.
> >
> > So we must keep vmalloc_fault for the spurious page faults of kernel
> > virtual address from an OoO machine.
> >
> > Signed-off-by: Guo Ren <guoren@...ux.alibaba.com>
> > Signed-off-by: Guo Ren <guoren@...nel.org>
> > ---
> >   arch/riscv/mm/fault.c | 3 +--
> >   1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
> > index 85165fe438d8..f662c9eae7d4 100644
> > --- a/arch/riscv/mm/fault.c
> > +++ b/arch/riscv/mm/fault.c
> > @@ -258,8 +258,7 @@ void handle_page_fault(struct pt_regs *regs)
> >        * only copy the information from the master page table,
> >        * nothing more.
> >        */
> > -     if ((!IS_ENABLED(CONFIG_MMU) || !IS_ENABLED(CONFIG_64BIT)) &&
> > -         unlikely(addr >= VMALLOC_START && addr < VMALLOC_END)) {
> > +     if (unlikely(addr >= TASK_SIZE)) {
> >               vmalloc_fault(regs, code, addr);
> >               return;
> >       }
>
>
> Can you share what you are trying to fix here?
We met a spurious page fault panic on an OoO machine.

1. The processor speculative execution brings the V=0 entries into the
TLB in the kernel virtual address.
2. Linux kernel installs the kernel virtual address with the page, and V=1
3. When kernel code access the kernel virtual address, it would raise
a page fault as the V=0 entry in the tlb.
4. No vmalloc_fault, then panic.

>
> I have a fix (that's currently running our CI) for commit 7d3332be011e
> ("riscv: mm: Pre-allocate PGD entries for vmalloc/modules area") that
> implements flush_cache_vmap() since we lost the vmalloc_fault.
Could you share that patch?

>


-- 
Best Regards
 Guo Ren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ