lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Jul 2023 09:25:22 +0800
From:   mawupeng <mawupeng1@...wei.com>
To:     <will@...nel.org>
CC:     <mawupeng1@...wei.com>, <catalin.marinas@....com>,
        <akpm@...ux-foundation.org>, <sudaraja@...eaurora.org>,
        <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
        <wangkefeng.wang@...wei.com>,
        <linux-arm-kernel@...ts.infradead.org>, <mark.rutland@....com>,
        <anshuman.khandual@....com>
Subject: Re: [RFC PATCH] arm64: mm: Fix kernel page tables incorrectly deleted
 during memory removal



On 2023/7/21 18:36, Will Deacon wrote:
> On Mon, Jul 17, 2023 at 07:51:50PM +0800, Wupeng Ma wrote:
>> From: Ma Wupeng <mawupeng1@...wei.com>
>>
>> During our test, we found that kernel page table may be unexpectedly
>> cleared with rodata off. The root cause is that the kernel page is
>> initialized with pud size(1G block mapping) while offline is memory
>> block size(MIN_MEMORY_BLOCK_SIZE 128M), eg, if 2G memory is hot-added,
>> when offline a memory block, the call trace is shown below,
>>
>>  offline_and_remove_memory
>>     try_remove_memory
>>       arch_remove_memory
>>        __remove_pgd_mapping
>>          unmap_hotplug_range
>>            unmap_hotplug_p4d_range
>>              unmap_hotplug_pud_range
>>                if (pud_sect(pud))
>>                  pud_clear(pudp);
> 
> Sorry, but I'm struggling to understand the problem here. If we're adding
> and removing a 2G memory region, why _wouldn't_ we want to use large 1GiB
> mappings?


> Or are you saying that only a subset of the memory is removed,
> but we then accidentally unmap the whole thing?

Yes, umap a subset but the whole thing page table entry is removed.

> 
>> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
>> index 95d360805f8a..44c724ce4f70 100644
>> --- a/arch/arm64/mm/mmu.c
>> +++ b/arch/arm64/mm/mmu.c
>> @@ -44,6 +44,7 @@
>>  #define NO_BLOCK_MAPPINGS	BIT(0)
>>  #define NO_CONT_MAPPINGS	BIT(1)
>>  #define NO_EXEC_MAPPINGS	BIT(2)	/* assumes FEAT_HPDS is not used */
>> +#define NO_PUD_MAPPINGS		BIT(3)
>>  
>>  int idmap_t0sz __ro_after_init;
>>  
>> @@ -344,7 +345,7 @@ static void alloc_init_pud(pgd_t *pgdp, unsigned long addr, unsigned long end,
>>  		 */
>>  		if (pud_sect_supported() &&
>>  		   ((addr | next | phys) & ~PUD_MASK) == 0 &&
>> -		    (flags & NO_BLOCK_MAPPINGS) == 0) {
>> +		    (flags & (NO_BLOCK_MAPPINGS | NO_PUD_MAPPINGS)) == 0) {
>>  			pud_set_huge(pudp, phys, prot);
>>  
>>  			/*
>> @@ -1305,7 +1306,7 @@ struct range arch_get_mappable_range(void)
>>  int arch_add_memory(int nid, u64 start, u64 size,
>>  		    struct mhp_params *params)
>>  {
>> -	int ret, flags = NO_EXEC_MAPPINGS;
>> +	int ret, flags = NO_EXEC_MAPPINGS | NO_PUD_MAPPINGS;
> 
> I think we should allow large mappings here and instead prevent partial
> removal of the block, if that's what is causing the issue.

This could solve this problem.
Or we can prevent  partial removal? Or rebulid page table entry which is not removed?

> 
> Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ