| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fqexozfjp3l6vj643lecky4nndmwblvee7u5f5ejcqkpsij3wp@3yb4y4lyd3dn> Date: Thu, 23 Oct 2025 13:41:52 +0100 From: Kiryl Shutsemau <kirill@...temov.name> To: David Hildenbrand <david@...hat.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Matthew Wilcox <willy@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Alexander Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, linux-mm@...ck.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] mm/filemap: Implement fast short reads On Thu, Oct 23, 2025 at 01:49:22PM +0200, David Hildenbrand wrote: > On 23.10.25 13:40, Kiryl Shutsemau wrote: > > On Thu, Oct 23, 2025 at 01:11:43PM +0200, David Hildenbrand wrote: > > > On 23.10.25 13:10, David Hildenbrand wrote: > > > > On 23.10.25 12:54, David Hildenbrand wrote: > > > > > On 23.10.25 12:31, Kiryl Shutsemau wrote: > > > > > > On Wed, Oct 22, 2025 at 07:28:27PM +0200, David Hildenbrand wrote: > > > > > > > "garbage" as in pointing at something without a direct map, something that's > > > > > > > protected differently (MTE? weird CoCo protection?) or even worse MMIO with > > > > > > > undesired read-effects. > > > > > > > > > > > > Pedro already points to the problem with missing direct mapping. > > > > > > _nofault() copy should help with this. > > > > > > > > > > Yeah, we do something similar when reading the kcore for that reason. > > > > > > > > > > > > > > > > > Can direct mapping ever be converted to MMIO? It can be converted to DMA > > > > > > buffer (which is fine), but MMIO? I have not seen it even in virtualized > > > > > > environments. > > > > > > > > > > I recall discussions in the context of PAT and the adjustment of caching > > > > > attributes of the direct map for MMIO purposes: so I suspect there are > > > > > ways that can happen, but I am not 100% sure. > > > > > > > > > > > > > > > Thinking about it, in VMs we have the direct map set on balloon inflated > > > > > pages that should not be touched, not even read, otherwise your > > > > > hypervisor might get very angry. That case we could likely handle by > > > > > checking whether the source page actually exists and doesn't have > > > > > PageOffline() set, before accessing it. A bit nasty. > > > > > > > > > > A more obscure cases would probably be reading a page that was poisoned > > > > > by hardware and is not expected to be used anymore. Could also be > > > > > checked by checking the page. > > > > > > > > > > Essentially all cases where we try to avoid reading ordinary memory > > > > > already when creating memory dumps that might have a direct map. > > > > > > > > > > > > > > > Regarding MTE and load_unaligned_zeropad(): I don't know unfortunately. > > > > > > > > Looking into this, I'd assume the exception handler will take care of it. > > > > > > > > load_unaligned_zeropad() is interesting if there is a direct map but the > > > > memory should not be touched (especially regarding PageOffline and > > > > memory errors). > > > > > > > > I read drivers/firmware/efi/unaccepted_memory.c where we there is a > > > > lengthy discussion about guard pages and how that works for unaccepted > > > > memory. > > > > > > > > While it works for unaccepted memory, it wouldn't work for other random > > > > > > Sorry I meant here "while that works for load_unaligned_zeropad()". > > > > Do we have other random reads? > > > > For unaccepted memory, we care about touching memory that was never > > allocated because accepting memory is one way road. > > Right, but I suspect if you get a random read (as the unaccepted memory doc > states) you'd be in trouble as well. Yes. Random read of unaccepted memory is unrecoverable exit to host for TDX guest. -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists