Re: [PATCH v2 01/22] powerpc/pkeys: Avoid using lockless page table walk

From: Aneesh Kumar K.V
Date: Sun Apr 05 2020 - 09:38:03 EST

Next message: Colin King: "[PATCH] brcm80211: remove redundant pointer 'address'"
Previous message: Colin Ian King: "Re: [PATCH] drivers/tty: emove redundant assignment to variable i and rename it to ret"
In reply to: Ram Pai: "Re: [PATCH v2 01/22] powerpc/pkeys: Avoid using lockless page table walk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ram Pai <linuxram@xxxxxxxxxx> writes:

> On Thu, Mar 19, 2020 at 09:25:48AM +0530, Aneesh Kumar K.V wrote:
>> Fetch pkey from vma instead of linux page table. Also document the fact that in
>> some cases the pkey returned in siginfo won't be the same as the one we took
>> keyfault on. Even with linux page table walk, we can end up in a similar scenario.
>
> There is no way to correctly ensure that the key returned through
> siginfo is actually the key that took the fault. Either get it
> from page table or get it from the corresponding vma.

That is correct.

>
> So we had to choose the lesser evil. Getting it from the page table was
> faster, and did not involve taking any locks.

That is because you are locks which need to be held on page table walk.

>Getting it from the vma
> was slower, since it needed locks. Also I faintly recall, there
> is a scenario where the address that gets a key fault, has no
> corresponding VMA associated with it yet.

I would be interested in this. For now IIUC even x86 fetch the key from
VMA.

>
> Hence the logic used was --
> if it is key-fault, than procure the key quickly
> from the page table. In the unlikely event that the fault is
> something else, but still has a non-permissive key associated
> with it, get the key from the vma.

I am fixing that logic further in the next patch. I do have a test case
attached for that. We always check for the key in the vma and if it
allows access, then we retry.

>
> A well written application should avoid changing the key of an address
> space without synchronizing the corresponding threads that operate in
> that address range. However, if the application ignores to do so, than
> it is vulnerable to a undefined behavior. There is no way to prove that
> the reported key is correct or incorrect, since there is no provable
> order between the two events; the key-fault event and the key-change
> event.
>
> Hence I think the change proposed in this patch may not be necessary.
> RP

The change is needed so that we can make the page table walk safer.

-aneesh

Next message: Colin King: "[PATCH] brcm80211: remove redundant pointer 'address'"
Previous message: Colin Ian King: "Re: [PATCH] drivers/tty: emove redundant assignment to variable i and rename it to ret"
In reply to: Ram Pai: "Re: [PATCH v2 01/22] powerpc/pkeys: Avoid using lockless page table walk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]