From patchwork Thu Oct 21 12:21:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nadav Amit X-Patchwork-Id: 12576365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A6CCC433F5 for ; Thu, 21 Oct 2021 19:52:55 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C0B45611C7 for ; Thu, 21 Oct 2021 19:52:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C0B45611C7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 72D27940009; Thu, 21 Oct 2021 15:52:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7036E940007; Thu, 21 Oct 2021 15:52:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5CC6B940009; Thu, 21 Oct 2021 15:52:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0121.hostedemail.com [216.40.44.121]) by kanga.kvack.org (Postfix) with ESMTP id 5085F940007 for ; Thu, 21 Oct 2021 15:52:53 -0400 (EDT) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 0DA0A2D233 for ; Thu, 21 Oct 2021 19:52:53 +0000 (UTC) X-FDA: 78721492626.05.9F379A3 Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by imf20.hostedemail.com (Postfix) with ESMTP id D0FD5D0000BE for ; Thu, 21 Oct 2021 19:52:48 +0000 (UTC) Received: by mail-pg1-f181.google.com with SMTP id 75so1273883pga.3 for ; Thu, 21 Oct 2021 12:52:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZkXKIl0cvonpSMPGbZtkMfANAFTOohR0bKnvqthvOXw=; b=JutQJLFxA+3lL90mZzR5yi7o5P/8Etyk+Xr3rSPjfgVQe85aUnXiu7bYYc2kWNmws2 VsWMouTl3YB6Pq7NcS6pip1fYYxtcsG3Ez9la13QpAVxXaucpYDuWh6Kd7AFNOUJ8617 TkPo8H2jC7nB16PUtjcOBdfU1sOT5kEiNQWcN+dfy7bDzVNNqOib0MHgbWgRYIYe8SXP devpb+kyUVY+LYsB5JUab9lEr7+nSM+QGrY0gspIVN3HpCeXSaurHAn38A9kRy0rWbdW Mi2kYLEgwZAQlKct4VpEm4YyuoppuvNr2dzsguH/Jv6uMMDPf4En3Ar4tOL1U5Ovph9W adeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkXKIl0cvonpSMPGbZtkMfANAFTOohR0bKnvqthvOXw=; b=mE0leBzUr3qf/8kt/U0jI+f2EyMw+FYFR7BMMLCeNbekwaRJbw4uUTdV1c43ugKX7T Cd22IVwsGnhbEYGrr/AmCtymahWqlOeRdzqWC9wZyO7FFiT2ZcbNPbeGp+4ttHleUFm9 s5RyFF5gkhANh/fCplk3F6sE9h3qkmDCIrPi307ZE/mHF0YdqP3un2GI/SE/mCuH4IOk x6fVRJU43K/jFZAlzvUOWmf6qOPbIPG7y1M4tYT5Of0T9nYJ/9SV6Nv2sCC0sxTYGItf n3ElJRbCBbtC4W+BdKFGwa2QVSXOmiEBIVAuPdkxOfF4ARKr630rOVsdhjfzr8OVKgXW EVpA== X-Gm-Message-State: AOAM532e7EYm/sa+KOPN1ryxpU3d/WOy59OAJ13+m12iAI4WDuTUhi6A mLoIHwHzTuQTZKFoLykcY/foBgAW4J4= X-Google-Smtp-Source: ABdhPJyepvA4cFmUlSoj8gy3U9v1K7jLnLDxZ2aoIQifXbNjNp7IFgZ3P3NY1KDGqfb7CERd7Vbxug== X-Received: by 2002:a05:6a00:1255:b0:44c:dd49:b39a with SMTP id u21-20020a056a00125500b0044cdd49b39amr8050182pfi.66.1634845971227; Thu, 21 Oct 2021 12:52:51 -0700 (PDT) Received: from sc2-haas01-esx0118.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id n202sm7098078pfd.160.2021.10.21.12.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 12:52:50 -0700 (PDT) From: Nadav Amit X-Google-Original-From: Nadav Amit To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Nadav Amit , Andrea Arcangeli , Andrew Cooper , Andrew Morton , Andy Lutomirski , Dave Hansen , Peter Xu , Peter Zijlstra , Thomas Gleixner , Will Deacon , Yu Zhao , Nick Piggin , x86@kernel.org Subject: [PATCH v2 3/5] x86/mm: check exec permissions on fault Date: Thu, 21 Oct 2021 05:21:10 -0700 Message-Id: <20211021122112.592634-4-namit@vmware.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211021122112.592634-1-namit@vmware.com> References: <20211021122112.592634-1-namit@vmware.com> MIME-Version: 1.0 X-Stat-Signature: nykukrki3hjgore1kbpb5yr8w7omqw39 X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: D0FD5D0000BE Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=JutQJLFx; dmarc=pass (policy=none) header.from=gmail.com; spf=none (imf20.hostedemail.com: domain of mail-pg1-f181.google.com has no SPF policy when checking 209.85.215.181) smtp.helo=mail-pg1-f181.google.com X-HE-Tag: 1634845968-755294 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Nadav Amit access_error() currently does not check for execution permission violation. As a result, spurious page-faults due to execution permission violation cause SIGSEGV. It appears not to be an issue so far, but the next patches avoid TLB flushes on permission promotion, which can lead to this scenario. nodejs for instance crashes when TLB flush is avoided on permission promotion. Add a check to prevent access_error() from returning mistakenly that page-faults due to instruction fetch are not allowed. Intel SDM does not indicate whether "instruction fetch" and "write" in the hardware error code are mutual exclusive, so check both before returning whether the access is allowed. Cc: Andrea Arcangeli Cc: Andrew Cooper Cc: Andrew Morton Cc: Andy Lutomirski Cc: Dave Hansen Cc: Peter Xu Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Will Deacon Cc: Yu Zhao Cc: Nick Piggin Cc: x86@kernel.org Signed-off-by: Nadav Amit --- arch/x86/mm/fault.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index b2eefdefc108..e776130473ce 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -1100,10 +1100,17 @@ access_error(unsigned long error_code, struct vm_area_struct *vma) (error_code & X86_PF_INSTR), foreign)) return 1; - if (error_code & X86_PF_WRITE) { + if (error_code & (X86_PF_WRITE | X86_PF_INSTR)) { /* write, present and write, not present: */ - if (unlikely(!(vma->vm_flags & VM_WRITE))) + if ((error_code & X86_PF_WRITE) && + unlikely(!(vma->vm_flags & VM_WRITE))) return 1; + + /* exec, present and exec, not present: */ + if ((error_code & X86_PF_INSTR) && + unlikely(!(vma->vm_flags & VM_EXEC))) + return 1; + return 0; }