lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6d8392e5-7f12-43e5-9631-d1fdc4bf1025@arm.com>
Date: Wed, 24 Apr 2024 13:51:01 +0100
From: Ryan Roberts <ryan.roberts@....com>
To: Peter Xu <peterx@...hat.com>
Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>,
 Joey Gouly <joey.gouly@....com>, Ard Biesheuvel <ardb@...nel.org>,
 Mark Rutland <mark.rutland@....com>,
 Anshuman Khandual <anshuman.khandual@....com>,
 David Hildenbrand <david@...hat.com>, Mike Rapoport <rppt@...ux.ibm.com>,
 Shivansh Vij <shivanshvij@...look.com>,
 linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1 2/2] arm64/mm: Add uffd write-protect support

On 24/04/2024 12:57, Peter Xu wrote:
> Hi, Ryan,
> 
> On Wed, Apr 24, 2024 at 12:10:17PM +0100, Ryan Roberts wrote:
>> Let's use the newly-free PTE SW bit (58) to add support for uffd-wp.
>>
>> The standard handlers are implemented for set/test/clear for both pte
>> and pmd. Additionally we must also track the uffd-wp state as a pte swp
>> bit, so use a free swap entry pte bit (3).
>>
>> Signed-off-by: Ryan Roberts <ryan.roberts@....com>
> 
> Looks all sane here from userfault perspective, just one comment below.
> 
>> ---
>>  arch/arm64/Kconfig                    |  1 +
>>  arch/arm64/include/asm/pgtable-prot.h |  8 ++++
>>  arch/arm64/include/asm/pgtable.h      | 55 +++++++++++++++++++++++++++
>>  3 files changed, 64 insertions(+)
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index 7b11c98b3e84..763e221f2169 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -255,6 +255,7 @@ config ARM64
>>  	select SYSCTL_EXCEPTION_TRACE
>>  	select THREAD_INFO_IN_TASK
>>  	select HAVE_ARCH_USERFAULTFD_MINOR if USERFAULTFD
>> +	select HAVE_ARCH_USERFAULTFD_WP if USERFAULTFD
>>  	select TRACE_IRQFLAGS_SUPPORT
>>  	select TRACE_IRQFLAGS_NMI_SUPPORT
>>  	select HAVE_SOFTIRQ_ON_OWN_STACK
>> diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
>> index ef952d69fd04..f1e1f6306e03 100644
>> --- a/arch/arm64/include/asm/pgtable-prot.h
>> +++ b/arch/arm64/include/asm/pgtable-prot.h
>> @@ -20,6 +20,14 @@
>>  #define PTE_DEVMAP		(_AT(pteval_t, 1) << 57)
>>  #define PTE_PROT_NONE		(PTE_UXN)		 /* Reuse PTE_UXN; only when !PTE_VALID */
>>  
>> +#ifdef CONFIG_HAVE_ARCH_USERFAULTFD_WP
>> +#define PTE_UFFD_WP		(_AT(pteval_t, 1) << 58) /* uffd-wp tracking */
>> +#define PTE_SWP_UFFD_WP		(_AT(pteval_t, 1) << 3)	 /* only for swp ptes */
>> +#else
>> +#define PTE_UFFD_WP		(_AT(pteval_t, 0))
>> +#define PTE_SWP_UFFD_WP		(_AT(pteval_t, 0))
>> +#endif /* CONFIG_HAVE_ARCH_USERFAULTFD_WP */
>> +
>>  /*
>>   * This bit indicates that the entry is present i.e. pmd_page()
>>   * still points to a valid huge page in memory even if the pmd
>> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
>> index 23aabff4fa6f..3f4748741fdb 100644
>> --- a/arch/arm64/include/asm/pgtable.h
>> +++ b/arch/arm64/include/asm/pgtable.h
>> @@ -271,6 +271,34 @@ static inline pte_t pte_mkdevmap(pte_t pte)
>>  	return set_pte_bit(pte, __pgprot(PTE_DEVMAP | PTE_SPECIAL));
>>  }
>>  
>> +#ifdef CONFIG_HAVE_ARCH_USERFAULTFD_WP
>> +static inline int pte_uffd_wp(pte_t pte)
>> +{
>> +	bool wp = !!(pte_val(pte) & PTE_UFFD_WP);
>> +
>> +#ifdef CONFIG_DEBUG_VM
>> +	/*
>> +	 * Having write bit for wr-protect-marked present ptes is fatal, because
>> +	 * it means the uffd-wp bit will be ignored and write will just go
>> +	 * through. See comment in x86 implementation.
>> +	 */
>> +	WARN_ON_ONCE(wp && pte_write(pte));
>> +#endif
> 
> Feel free to drop this line, see:
> 
> https://lore.kernel.org/r/20240417212549.2766883-1-peterx@redhat.com

Ahh nice! In that case, I'm going to convert this to a macro, which is the arm64
style for these getters (for some reason...):

#define pte_uffd_wp(pte_t pte) (!!(pte_val(pte) & PTE_UFFD_WP))

Will send out a v2 once others have had time to comment.


> 
> It's still in mm-unstable only.
> 
> AFAICT ARM64 also is supported by check_page_table, I also checked ARM's
> ptep_modify_prot_commit() which uses set_pte_at(), so it should cover
> everything in a superior way already.
> 
> With that dropped, feel free to add:
> 
> Acked-by: Peter Xu <peterx@...hat.com>

Thanks!

> 
> Thanks,
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ