Thread (16 messages) 16 messages, 5 authors, 2025-11-28

Re: [PATCH 1/2] arm64/pageattr: Propagate return value from __change_memory_common

From: Will Deacon <will@kernel.org>
Date: 2025-11-24 19:10:28
Also in: lkml

On Mon, Nov 24, 2025 at 06:09:31PM +0000, Ryan Roberts wrote:
On 24/11/2025 15:11, Will Deacon wrote:
quoted
On Thu, Nov 13, 2025 at 11:55:48AM +0000, Ryan Roberts wrote:
quoted
On 12/11/2025 06:27, Dev Jain wrote:
quoted
The rodata=on security measure requires that any code path which does
vmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias
too. Therefore, if such a call fails, we must abort set_memory_* and caller
must take appropriate action; currently we are suppressing the error, and
there is a real chance of such an error arising post commit a166563e7ec3
("arm64: mm: support large block mapping when rodata=full"). Therefore,
propagate any error to the caller.

Fixes: a166563e7ec3 ("arm64: mm: support large block mapping when rodata=full")
Signed-off-by: Dev Jain <dev.jain@arm.com>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>

It would be good to get this into v6.18 I guess?
I'm not sure I see the urgency. When the commit message says:

  "there is a real chance of such an error arising post commit a166563e7ec3"

afaict that's either due to -ENOMEM 
Yes this is the main risk; failing to allocate an intermediate page table during
split_kernel_leaf_mapping(). I have no idea how likely that is in production.
The only data point I have is that for the theoretical memory hotplug -ENOMEM
that Chaitanya and Linu fixed recently, we tried to provoke it by hotplugging a
lot of memory on a system under high memory pressure; no matter what we did, we
couldn't get that 4K pgtable allocation to fail. So on that basis, I think we
are unlikely to see it.
quoted
or some hideous issue with the
page-tables (e.g. the -EINVALs in pageattr_pXd_entry() seem completely
unnecessary to me).
I thought the -EINVALs were trying to catch the case where someone tries to set
permissions on a sub-portion of a vmalloc_huge() area on a system that doesn't
support BBML2_NOABORT. But looking again, we already refuse vmalloc_huge in
change_memory_common.
quoted
Do you think failure is actually likely and recoverable?
As above, I think failure is unlikely, but not impossible. I guess the result
would be memory that remains RW when it should have been set RO or RX. But I
think it will all work itself out at vfree. I think.

We can defer this to next cycle if you prefer.
Yeah, I think we have bigger problems if we can't find memory to allocate
page tables tbh.

Will
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help