Re: Access to non-RAM pages
From: Will Deacon
Date: Mon Sep 03 2018 - 06:36:01 EST
On Sun, Sep 02, 2018 at 07:10:46PM -0700, Linus Torvalds wrote:
> On Sun, Sep 2, 2018 at 7:01 PM Benjamin Herrenschmidt
> <benh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > Still, I can potentially see an issue with DEBUG_PAGEALLOC
>
> An unmapped page isn't a problem. That's what the whole
> load_unaligned_zeropad() is about: it's ok to take a fault on the part
> that crosses a page, and we'll just fill the value with zeroes (that's
> the "zeropad" part).
>
> So as long as it's rare (and it is), it's all fine.
>
> That said, I think we turn off for DEBUG_PAGEALLOC simply because it's
> not rare _enough_.
>
> And vmalloc() should actually be safe too, simply because I think we
> strive for a guard page between vmalloc areas.
>
> So only a *mapped* page after the page that matters, and only if it's
> something you can't read without side effects.
>
> Which basically doesn't happen on x86 in reality. BIOSes just don't
> put MMIO right after the last page of RAM. I think this is why it only
> triggered on Xen, due to some crazy "Xen reacts badly" case where we
> do the speculation into a balloon address.
>
> So _practically_ this is just a Xen bug, nothing more.
>
> But since in _theory_ you could have MMIO abut regular RAM directly,
> it's worth maybe making sure it's purely theory.
On arm64, ioremap() gives you a guard page because it allocates out of
the vmalloc area. The only way I think we could get MMIO in the middle
of the linear map would be if firmware has reserved something there. In
this case, the region should be treated as NOMAP, meaning we won't map
the area at all in the kernel and our pfn_valid() implementation will
return false for the corresponding memmap entries.
For userspace, we did consider putting out a guard page for non-fixed
mmap() calls, but it's not something we've really looked into.
Will