lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9a9f18e7-db69-48f2-916f-4565cdb59821@arm.com>
Date: Thu, 29 May 2025 10:13:26 +0100
From: Ryan Roberts <ryan.roberts@....com>
To: Anshuman Khandual <anshuman.khandual@....com>, Dev Jain
 <dev.jain@....com>, catalin.marinas@....com, will@...nel.org
Cc: david@...hat.com, mark.rutland@....com, yang@...amperecomputing.com,
 linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
 stable@...r.kernel.org
Subject: Re: [PATCH v3] arm64: Restrict pagetable teardown to avoid false
 warning

On 29/05/2025 10:02, Anshuman Khandual wrote:
> 
> 
> On 5/27/25 13:56, Dev Jain wrote:
>> Commit 9c006972c3fe removes the pxd_present() checks because the caller
>> checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only
>> checks pud_present(); pud_free_pmd_page() recurses on each pmd through
>> pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to
>> hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add
>> a pmd_present() check in pud_free_pmd_page().
>>
>> This problem was found by code inspection.
>>
>> Fixes: 9c006972c3fe (arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table())
>> Cc: <stable@...r.kernel.org>
>> Reported-by: Ryan Roberts <ryan.roberts@....com> 
>> Acked-by: David Hildenbrand <david@...hat.com>
>> Signed-off-by: Dev Jain <dev.jain@....com>

LGTM!

Reviewed-by: Ryan Roberts <ryan.roberts@....com>

>> ---
>> This patch is based on 6.15-rc6.
>>
>> v2->v3:
>>  - Use pmdp_get()
>>
>> v1->v2:
>>  - Enforce check in caller
>>
>>  arch/arm64/mm/mmu.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
>> index ea6695d53fb9..5a9bf291c649 100644
>> --- a/arch/arm64/mm/mmu.c
>> +++ b/arch/arm64/mm/mmu.c
>> @@ -1286,7 +1286,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr)
>>  	next = addr;
>>  	end = addr + PUD_SIZE;
>>  	do {
>> -		pmd_free_pte_page(pmdp, next);
>> +		if (pmd_present(pmdp_get(pmdp)))
> 
> This code path is only called for the kernel mapping. Hence should
> pmd_valid() be used instead of pmd_present() which also checks for
> present invalid scenarios as well ? 

I think a similar question came up in a previous round, where we concluded that
it's better to be consistent with what vmalloc is already doing. So personally
I'd leave it as pmd_present():

	if (pmd_present(*pmd) && !pmd_free_pte_page(pmd, addr))
		return 0;

> 
>> +			pmd_free_pte_page(pmdp, next);
>>  	} while (pmdp++, next += PMD_SIZE, next != end);
>>  
>>  	pud_clear(pudp);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ