| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56d9f1d9-fc20-4be8-b64a-07beac3c64d0@redhat.com> Date: Thu, 23 Oct 2025 13:10:53 +0200 From: David Hildenbrand <david@...hat.com> To: Kiryl Shutsemau <kirill@...temov.name> Cc: Andrew Morton <akpm@...ux-foundation.org>, Matthew Wilcox <willy@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-mm@...ck.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] mm/filemap: Implement fast short reads On 23.10.25 12:54, David Hildenbrand wrote: > On 23.10.25 12:31, Kiryl Shutsemau wrote: >> On Wed, Oct 22, 2025 at 07:28:27PM +0200, David Hildenbrand wrote: >>> "garbage" as in pointing at something without a direct map, something that's >>> protected differently (MTE? weird CoCo protection?) or even worse MMIO with >>> undesired read-effects. >> >> Pedro already points to the problem with missing direct mapping. >> _nofault() copy should help with this. > > Yeah, we do something similar when reading the kcore for that reason. > >> >> Can direct mapping ever be converted to MMIO? It can be converted to DMA >> buffer (which is fine), but MMIO? I have not seen it even in virtualized >> environments. > > I recall discussions in the context of PAT and the adjustment of caching > attributes of the direct map for MMIO purposes: so I suspect there are > ways that can happen, but I am not 100% sure. > > > Thinking about it, in VMs we have the direct map set on balloon inflated > pages that should not be touched, not even read, otherwise your > hypervisor might get very angry. That case we could likely handle by > checking whether the source page actually exists and doesn't have > PageOffline() set, before accessing it. A bit nasty. > > A more obscure cases would probably be reading a page that was poisoned > by hardware and is not expected to be used anymore. Could also be > checked by checking the page. > > Essentially all cases where we try to avoid reading ordinary memory > already when creating memory dumps that might have a direct map. > > > Regarding MTE and load_unaligned_zeropad(): I don't know unfortunately. Looking into this, I'd assume the exception handler will take care of it. load_unaligned_zeropad() is interesting if there is a direct map but the memory should not be touched (especially regarding PageOffline and memory errors). I read drivers/firmware/efi/unaccepted_memory.c where we there is a lengthy discussion about guard pages and how that works for unaccepted memory. While it works for unaccepted memory, it wouldn't work for other random accesses as I suspect we could produce in this patch. -- Cheers David / dhildenb
Powered by blists - more mailing lists