Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set... | linux-arch

[PATCH v5 00/32] virtually mapped stacks and thread_info cleanup · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Andy Lutomirski <luto@kernel.org> · 2016-07-11
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · <hidden> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Andy Lutomirski <luto@kernel.org> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Mike Krinkin <hidden> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Ingo Molnar <mingo@kernel.org> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Andy Lutomirski <luto@amacapital.net> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Andy Lutomirski <luto@amacapital.net> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · Ingo Molnar <mingo@kernel.org> · 2016-07-22
Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated · <hidden> · 2016-07-23
[PATCH v5 02/32] x86/mm/hotplug: Don't remove PGD entries in remove_pagetable() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 04/32] x86/mm: Remove kernel_unmap_pages_in_pgd() and efi_cleanup_page_tables() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 06/32] mm: Fix memcg stack accounting for sub-page stacks · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 07/32] fork: Add generic vmalloced stack support · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 09/32] x86/dumpstack: When OOPSing, rewind the stack before do_exit() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 10/32] x86/dumpstack: Honor supplied @regs arg · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 08/32] dma-api: Teach the "DMA-from-stack" check about vmapped stacks · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 13/32] x86/mm/64: In vmalloc_fault(), use CR3 instead of current->active_mm · Andy Lutomirski <luto@kernel.org> · 2016-07-11
Re: [kernel-hardening] [PATCH v5 13/32] x86/mm/64: In vmalloc_fault(), use CR3 instead of current->active_mm · Dave Hansen <hidden> · 2016-07-12
Re: [kernel-hardening] [PATCH v5 13/32] x86/mm/64: In vmalloc_fault(), use CR3 instead of current->active_mm · Andy Lutomirski <luto@amacapital.net> · 2016-07-12
[PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Andy Lutomirski <luto@kernel.org> · 2016-07-11
Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Ingo Molnar <mingo@kernel.org> · 2016-07-13
Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Andy Lutomirski <luto@amacapital.net> · 2016-07-13
Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Ingo Molnar <mingo@kernel.org> · 2016-07-14
Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Andy Lutomirski <luto@amacapital.net> · 2016-07-14
Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks · Ingo Molnar <mingo@kernel.org> · 2016-07-14
[PATCH v5 17/32] x86: Move addr_limit to thread_struct · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 23/32] printk: When dumping regs, show the stack, not thread_info · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 22/32] kdb: Use task_cpu() instead of task_thread_info()->cpu · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 29/32] kthread: to_live_kthread() needs try_get_task_stack() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 28/32] sched: Add try_get_task_stack() and put_task_stack() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 32/32] fork: Cache two thread stacks per cpu if CONFIG_VMAP_STACK is set · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 27/32] x86: Move thread_info into task_struct · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 31/32] sched: Free the stack early if CONFIG_THREAD_INFO_IN_TASK · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 30/32] x86/dumpstack: Pin the target stack in save_stack_trace_tsk() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 26/32] sched: Allow putting thread_info into task_struct · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 25/32] um: Stop conflating task_struct::stack with thread_info · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 24/32] x86/entry: Get rid of pt_regs_to_thread_info() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 21/32] x86/asm: Move 'status' from struct thread_info to struct thread_struct · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 20/32] x86/smp: Remove unnecessary initialization of thread_info::cpu · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code · Andy Lutomirski <luto@kernel.org> · 2016-07-11
Re: [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code · Brian Gerst <hidden> · 2016-07-12
Re: [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code · Andy Lutomirski <luto@amacapital.net> · 2016-07-12
[PATCH v5 19/32] x86/smp: Remove stack_smp_processor_id() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 16/32] x86: Move uaccess_err and sig_on_uaccess_err to thread_struct · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 15/32] x86/mm: Improve stack-overflow #PF handling · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 12/32] x86/dumpstack/64: Handle faults when printing the "Stack:" part of an OOPS · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 11/32] x86/dumpstack: Try harder to get a call trace on stack overflow · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 05/32] mm: Track NR_KERNEL_STACK in KiB instead of number of stacks · Andy Lutomirski <luto@kernel.org> · 2016-07-11
[PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() · Andy Lutomirski <luto@kernel.org> · 2016-07-11
Re: [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() · Andy Lutomirski <luto@amacapital.net> · 2016-07-14
Re: [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() · Marcel Holtmann <marcel@holtmann.org> · 2016-07-14
Re: [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() · David Miller <davem@davemloft.net> · 2016-07-14
Re: [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup · Herbert Xu <herbert@gondor.apana.org.au> · 2016-07-12
Re: [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup · Christian Borntraeger <hidden> · 2016-07-13
Re: [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup · Andy Lutomirski <luto@amacapital.net> · 2016-07-13
Re: [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup · Christian Borntraeger <hidden> · 2016-07-13

Re: [kernel-hardening] [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated

From: Andy Lutomirski <luto@amacapital.net>
Date: 2016-07-22 18:31:37
Also in: lkml

On Fri, Jul 22, 2016 at 11:21 AM, Andy Lutomirski [off-list ref] wrote:

On Fri, Jul 22, 2016 at 3:21 AM, Ingo Molnar [off-list ref] wrote:

quoted

* Andy Lutomirski [off-list ref] wrote:

quoted

On 07/21/2016 09:43 PM, Valdis.Kletnieks@vt.edu wrote:

quoted

On Mon, 11 Jul 2016 13:53:36 -0700, Andy Lutomirski said:

quoted

This avoids pointless races in which another CPU or task might see a
partially populated global pgd entry.  These races should normally
be harmless, but, if another CPU propagates the entry via
vmalloc_fault and then populate_pgd fails (due to memory allocation
failure, for example), this prevents a use-after-free of the pgd
entry.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
arch/x86/mm/pageattr.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

I just bisected a failure to boot down to this patch.  On my Dell Latitude
laptop, it results in the kernel being loaded and then just basically sitting
there dead in the water - as far as I can tell, it dies before the kernel
ever gets going far enough to do any console I/O (even with ignore_loglevel).
Nothing in /sys/fs/pstore either.  I admit not understanding the VM code
at all, so I don't have a clue *why* this causes indigestion...

CPU is an Intel Core i5-3340M in case that matters....

How much memory do you have and what's your config?  My code is obviously
buggy, but I'm wondering why neither I nor the 0day bot caught this.

The attached patch is compile-tested only.  (Even Thunderbird doesn't want
to send non-flowed text right now, sigh.)

--Andy

quoted

From 6589ddf69a1369e1ecb95f0af489d90b980e256e Mon Sep 17 00:00:00 2001
Message-Id: [off-list ref]
From: Andy Lutomirski <luto@kernel.org>
Date: Thu, 21 Jul 2016 22:22:02 -0700
Subject: [PATCH] x86/mm: Fix populate_pgd()

I make an obvious error in populate_pgd() -- it would fail to correctly
populate the page tables when it allocated a new pud page.

JFYI, on allnoconfig it gives:

  arch/x86/mm/pageattr.c:1016:20: error: implicit declaration of function ‘pud_index’ [-Werror=implicit-function-declaration]

As it happens, my fix interacts badly with the steaming pile of crap
that is Linux's support for <4 page table levels.  Can you just revert
the offending patch and I'll redo it differently?

No, don't revert it.  The result doesn't work.  I'll send something.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help