| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <833f6790-f1bf-d089-84cf-9f55e1c9866f@loongson.cn>
Date: Thu, 6 Nov 2025 09:55:17 +0800
From: Tianyang Zhang <zhangtianyang@...ngson.cn>
To: Bibo Mao <maobibo@...ngson.cn>, Huacai Chen <chenhuacai@...nel.org>
Cc: kernel@...0n.name, akpm@...ux-foundation.org, willy@...radead.org,
david@...hat.com, linmag7@...il.com, thuth@...hat.com, apopple@...dia.com,
loongarch@...ts.linux.dev, linux-kernel@...r.kernel.org,
Liupu Wang <wangliupu@...ngson.cn>
Subject: Re: [PATCH] Loongarch:Make pte/pmd_modify can set _PAGE_MODIFIED
Hi ,Bibao
在 2025/11/5 上午9:18, Bibo Mao 写道:
>
>
> On 2025/11/5 上午9:07, Huacai Chen wrote:
>> On Wed, Nov 5, 2025 at 8:57 AM Tianyang Zhang
>> <zhangtianyang@...ngson.cn> wrote:
>>>
>>> Hi, Huacai
>>>
>>> 在 2025/11/4 下午4:00, Huacai Chen 写道:
>>>> Hi, Tianyang,
>>>>
>>>> The subject line can be:
>>>> LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY (If
>>>> I'm right in the later comments).
>>> Ok. I got it
>>>>
>>>> On Tue, Nov 4, 2025 at 3:30 PM Tianyang Zhang
>>>> <zhangtianyang@...ngson.cn> wrote:
>>>>> In the current pte_modify operation, _PAGE_DIRTY might be cleared.
>>>>> Since
>>>>> the hardware-page-walk does not have a predefined _PAGE_MODIFIED
>>>>> flag,
>>>>> this could lead to loss of valid data in certain scenarios.
>>>>>
>>>>> The new modification involves checking whether the original PTE
>>>>> has the
>>>>> _PAGE_DIRTY flag. If it exists, the _PAGE_MODIFIED bit is set,
>>>>> ensuring
>>>>> that the pte_dirty interface can return accurate information.
>>>> The description may be wrong here. Because pte_dirty() returns
>>>> pte_val(pte) & (_PAGE_DIRTY | _PAGE_MODIFIED).
>>>> If _PAGE_DIRTY isn't lost, pte_dirty() is always right, no matter
>>>> whether there is or isn't _PAGE_MODIFIED.
>>>>
>>>> I think the real reason is we need to set _PAGE_MODIFIED in
>>>> pte/pmd_modify to record the status of _PAGE_DIRTY, so that we can
>>>> recover _PAGE_DIRTY afterwards, such as in pte/pmd_mkwrite().
>>> Ok, I will adjust the description
>> After some thinking, your original description may be right. Without
>> this patch the scenario maybe like this:
>> The pte is dirty _PAGE_DIRTY but without _PAGE_MODIFIED, after
>> pte_modify() we lose _PAGE_DIRTY, then pte_dirty() returns false. So
>> we need _PAGE_MODIFIED to record _PAGE_DIRTY here.
> In theory pte_modify() is to modify RWX attribute. I think that it is
> a tricky to remove _PAGE_DIRTY and add _PAGE_MODIFIED with HW PTW system.
>
> Also _PAGE_ACCESSED is lost with pte_modify() API, is there any
> influence with HW PTW system, or wait until possible problems coming out.
static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
{
return __pte((pte_val(pte) & _PAGE_CHG_MASK) |
(pgprot_val(newprot) & ~_PAGE_CHG_MASK));
}
In my understand, During the pte_modify process, it is essential to
ensure that specific bits are inherited from the original PTE rather
than simply replaced(as set_pte),
this guarantees the coherent operation of the memory management system.
Since _PAGE_CHG_MASK explicitly requires preserving pte_modified, and
there is an inherent correlation between pte_dirty and pte_modified,
these attributes must be evaluated and handled accordingly.
The pte_valid attribute, being a hardware property, is inherently the
target of modification in the pte_modify interface. Therefore, it is
reasonable not to preserve it.
Thanks
Tianyang
>
> Regards
> Bibo Mao
>>
>> But the description also needs to be updated.
>>
>>>>
>>>>> Co-developed-by: Liupu Wang <wangliupu@...ngson.cn>
>>>>> Signed-off-by: Liupu Wang <wangliupu@...ngson.cn>
>>>>> Signed-off-by: Tianyang Zhang <zhangtianyang@...ngson.cn>
>>>>> ---
>>>>> arch/loongarch/include/asm/pgtable.h | 17 +++++++++++++----
>>>>> 1 file changed, 13 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/arch/loongarch/include/asm/pgtable.h
>>>>> b/arch/loongarch/include/asm/pgtable.h
>>>>> index bd128696e96d..106abfa5183b 100644
>>>>> --- a/arch/loongarch/include/asm/pgtable.h
>>>>> +++ b/arch/loongarch/include/asm/pgtable.h
>>>>> @@ -424,8 +424,13 @@ static inline unsigned long
>>>>> pte_accessible(struct mm_struct *mm, pte_t a)
>>>>>
>>>>> static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
>>>>> {
>>>>> - return __pte((pte_val(pte) & _PAGE_CHG_MASK) |
>>>>> - (pgprot_val(newprot) & ~_PAGE_CHG_MASK));
>>>>> + unsigned long val = (pte_val(pte) & _PAGE_CHG_MASK) |
>>>>> + (pgprot_val(newprot) & ~_PAGE_CHG_MASK);
>>>>> +
>>>>> + if (pte_val(pte) & _PAGE_DIRTY)
>>>>> + val |= _PAGE_MODIFIED;
>>>>> +
>>>>> + return __pte(val);
>>>>> }
>>>>>
>>>>> extern void __update_tlb(struct vm_area_struct *vma,
>>>>> @@ -547,9 +552,13 @@ static inline struct page *pmd_page(pmd_t pmd)
>>>>>
>>>>> static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
>>>>> {
>>>>> - pmd_val(pmd) = (pmd_val(pmd) & _HPAGE_CHG_MASK) |
>>>>> + unsigned long val = (pmd_val(pmd) & _HPAGE_CHG_MASK) |
>>>>> (pgprot_val(newprot) &
>>>>> ~_HPAGE_CHG_MASK);
>>>>> - return pmd;
>>>>> +
>>>>> + if (pmd_val(pmd) & _PAGE_DIRTY)
>>>>> + val |= _PAGE_MODIFIED;
>>>>> +
>>>>> + return __pmd(val);
>>>>> }
>>>> A minimal modification can be:
>>>> diff --git a/arch/loongarch/include/asm/pgtable.h
>>>> b/arch/loongarch/include/asm/pgtable.h
>>>> index 1f20e9280062..907ece0199e0 100644
>>>> --- a/arch/loongarch/include/asm/pgtable.h
>>>> +++ b/arch/loongarch/include/asm/pgtable.h
>>>> @@ -448,8 +448,13 @@ static inline unsigned long pte_accessible(struct
>>>> mm_struct *mm, pte_t a)
>>>>
>>>> static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
>>>> {
>>>> - return __pte((pte_val(pte) & _PAGE_CHG_MASK) |
>>>> - (pgprot_val(newprot) & ~_PAGE_CHG_MASK));
>>>> + pte_val(pte) = (pte_val(pte) & _PAGE_CHG_MASK) |
>>>> + (pgprot_val(newprot) & ~_PAGE_CHG_MASK);
>>>> +
>>>> + if (pte_val(pte) & _PAGE_DIRTY)
>>>> + pte_val(pte) |= _PAGE_MODIFIED;
>>>> +
>>>> + return pte;
>>>> }
>>>
>>> + pte_val(pte) = (pte_val(pte) & _PAGE_CHG_MASK) |
>>> + (pgprot_val(newprot) & ~_PAGE_CHG_MASK);
>>>
>>> After this step, _PAGE_DIRTY may have already disappeared,
>>> If no new variables are added, they can be modified in follow way:
>>>
>>> static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
>>> {
>>> + if (pte_val(pte) & _PAGE_DIRTY)
>>> + pte_val(pte) |= _PAGE_MODIFIED;
>>> +
>>> return __pte((pte_val(pte) & _PAGE_CHG_MASK) |
>>> (pgprot_val(newprot) & ~_PAGE_CHG_MASK));
>>>
>>> }
>> OK, it makes sense.
>>
>> Huacai
>>>
>>>>
>>>> extern void __update_tlb(struct vm_area_struct *vma,
>>>> @@ -583,7 +588,11 @@ static inline struct page *pmd_page(pmd_t pmd)
>>>> static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
>>>> {
>>>> pmd_val(pmd) = (pmd_val(pmd) & _HPAGE_CHG_MASK) |
>>>> - (pgprot_val(newprot) &
>>>> ~_HPAGE_CHG_MASK);
>>>> + (pgprot_val(newprot) & ~_HPAGE_CHG_MASK);
>>>> +
>>>> + if (pmd_val(pmd) & _PAGE_DIRTY)
>>>> + pmd_val(pmd) |= _PAGE_MODIFIED;
>>>> +
>>>> return pmd;
>>>> }
>>>>
>>>> You needn't define a new variable.
>>>>
>>>>
>>>> Huacai
>>>>
>>>>> static inline pmd_t pmd_mkinvalid(pmd_t pmd)
>>>>> --
>>>>> 2.41.0
>>>>>
>>>>>
>>> Thanks
>>>
>>> Tianyang
>>>
Powered by blists - more mailing lists