lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAG48ez3dh0ackLThfwKBez5f+2TbftOda8r=+z-D5BM1XTMu0g@mail.gmail.com>
Date: Fri, 3 Jan 2025 19:40:39 +0100
From: Jann Horn <jannh@...gle.com>
To: Rik van Riel <riel@...riel.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kernel-team@...a.com, 
	dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org, 
	tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com, 
	akpm@...ux-foundation.org, nadav.amit@...il.com, zhengqi.arch@...edance.com, 
	linux-mm@...ck.org
Subject: Re: [PATCH 12/12] x86/mm: only invalidate final translations with INVLPGB

On Mon, Dec 30, 2024 at 6:53 PM Rik van Riel <riel@...riel.com> wrote:
> Use the INVLPGB_FINAL_ONLY flag when invalidating mappings with INVPLGB.
> This way only leaf mappings get removed from the TLB, leaving intermediate
> translations cached.
>
> On the (rare) occasions where we free page tables we do a full flush,
> ensuring intermediate translations get flushed from the TLB.
>
> Signed-off-by: Rik van Riel <riel@...riel.com>
> ---
>  arch/x86/include/asm/invlpgb.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/invlpgb.h b/arch/x86/include/asm/invlpgb.h
> index 862775897a54..2669ebfffe81 100644
> --- a/arch/x86/include/asm/invlpgb.h
> +++ b/arch/x86/include/asm/invlpgb.h
> @@ -51,7 +51,7 @@ static inline void invlpgb_flush_user(unsigned long pcid,
>  static inline void invlpgb_flush_user_nr(unsigned long pcid, unsigned long addr,
>                                          int nr, bool pmd_stride)
>  {
> -       __invlpgb(0, pcid, addr, nr - 1, pmd_stride, INVLPGB_PCID | INVLPGB_VA);
> +       __invlpgb(0, pcid, addr, nr - 1, pmd_stride, INVLPGB_PCID | INVLPGB_VA | INVLPGB_FINAL_ONLY);
>  }

Please note this final-only behavior in a comment above the function
and/or rename the function to make this clear.

I think this currently interacts badly with pmdp_collapse_flush(),
which is used by retract_page_tables(). pmdp_collapse_flush() removes
a PMD entry pointing to a page table with pmdp_huge_get_and_clear(),
then calls flush_tlb_range(), which on x86 calls flush_tlb_mm_range()
with the "freed_tables" parameter set to false. But that's really a
preexisting bug, not something introduced by your series. I've sent a
patch for that, see
<https://lore.kernel.org/r/20250103-x86-collapse-flush-fix-v1-1-3c521856cfa6@google.com>.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ