From patchwork Sun Jul 23 21:17:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hugh Dickins X-Patchwork-Id: 13323345 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 212E2C001DF for ; Sun, 23 Jul 2023 21:18:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 908CA6B0071; Sun, 23 Jul 2023 17:18:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B9F96B0074; Sun, 23 Jul 2023 17:18:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 781056B0075; Sun, 23 Jul 2023 17:18:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 6692C6B0071 for ; Sun, 23 Jul 2023 17:18:00 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2C44C807AB for ; Sun, 23 Jul 2023 21:18:00 +0000 (UTC) X-FDA: 81044139120.06.3EEC7FF Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) by imf17.hostedemail.com (Postfix) with ESMTP id 5AEC740009 for ; Sun, 23 Jul 2023 21:17:58 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=j4Iv6UMT; spf=pass (imf17.hostedemail.com: domain of hughd@google.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690147078; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=ClyfQRII0KmHt/9r+i0dJc4DTXIAKS+yHZIsBKwm8b0=; b=XC/4ZYUeW+HigHGHAdWWJHvp6br33QsJOr1uOCHf34/miGS8Fv1uvQeFToFA8IsPNZLI3U xF3Ehmi2f3C7ovv3krdjt9lbjhtNc1B3yGkdg6Bxw2+I7tAqJccAZsHkguByDb6VlrubyE y8zeTojAZlezpIDGGDWcOO4hNKhBoMs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690147078; a=rsa-sha256; cv=none; b=mtQRkffsMWAM+uFuC5UzuzNB7PQXnjnjX4nwvI0Y5I6t46IFLMwck9pYw4AU9vT8LCQm9n W+xQVMk2i+eDqCHNIwggmiMt59o43JHrRw/gZ9u+QTtaytOulZ0W2WQSySAj8ruekokMIf 7Kg8LUZnkpX38/N9b2vHHGOF0BBqnPI= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=j4Iv6UMT; spf=pass (imf17.hostedemail.com: domain of hughd@google.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-577497ec6c6so41196157b3.2 for ; Sun, 23 Jul 2023 14:17:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1690147077; x=1690751877; h=mime-version:message-id:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=ClyfQRII0KmHt/9r+i0dJc4DTXIAKS+yHZIsBKwm8b0=; b=j4Iv6UMTgCAZpk+GOIgvsm5SoPDEVKa3yHiChXovsJAjaTsKLJwsd6ihUoZgOjn+Ei Vz0OupFPWW5drRE02+02C4o/WHFDB0+U866ETV6R0Yczyow+OkhWAWipQTgPKGWtvXxf 1v4TkIjz34NedtuvYZz1EE6ltvXutCWxKUx30amy68jnkyL0qJceNKs0XL1SBjDispzB aPYZb7nWmTAmehxMKTA3ln7V6SO3HTCTyAuS3MQdS92h+Pvm4YL8FbFUfMH4KeXvxmMA hXJmpRFEU0oLsSpUWkNSVXWjtEh6IQwoKU7dfhEDFz169mbC82/XQVjKgiic5ZgNfG9l ab3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690147077; x=1690751877; h=mime-version:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ClyfQRII0KmHt/9r+i0dJc4DTXIAKS+yHZIsBKwm8b0=; b=Kcc8a4LsuCJCHI7pJpaZ0bHnVbblwS+fe5KJpZsJaR9hx6UCEL1prsyGQtXfmGp2wL 69RTMDK5DMSh1b+n2xXz8o574cvxeLJgK0NmPBkqCJCrJmaoa/beH8PJj5HacFlyACan csg/6Rwfi2mxA4BbxInJV6HQ98+avv03pMYrrmtAk7ibM6tssquC4xx5P3nCS78h8jWZ J7KRKv1Rh/2nxrChd+lNH1OzjmiwivwZh/snFqHnUwLlMf1Pr5k5CkhDiNtoF2FG+SiF Das96pYhwly2PeZPKclaG7rez9j+ZFVt+r+jjpFTcMESUk+yb8tnQ/NruQH/8I2NU9XA dZwA== X-Gm-Message-State: ABy/qLbpef7pLDsJfkLu+Qqi//uQRH3Ozl332cygGSt3XwmEY7Xv2X7x dKyVkuYu/R4VOjvHBZOiBK2lAGo7hEwjb2Jk1wfR5Q== X-Google-Smtp-Source: APBJJlHahDDGpI2cgHome4itZU+LQz7FHUyWtt38KqofgJTDGg3Tf49kES+F1V1vdSJSSh1GFcGSJw== X-Received: by 2002:a81:6a45:0:b0:577:3c17:5b2c with SMTP id f66-20020a816a45000000b005773c175b2cmr4330199ywc.27.1690147077357; Sun, 23 Jul 2023 14:17:57 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id b185-20020a0dd9c2000000b005707b90331dsm2411955ywe.10.2023.07.23.14.17.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Jul 2023 14:17:56 -0700 (PDT) Date: Sun, 23 Jul 2023 14:17:55 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: Andrew Morton cc: Mikhail Gavrilov , Bagas Sanjaya , Laura Abbott , x86@kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, regressions@lists.linux.dev Subject: [PATCH mm-hotfixes] mm/pagewalk: fix EFI_PGT_DUMP of espfix area Message-ID: <22bca736-4cab-9ee5-6a52-73a3b2bbe865@google.com> MIME-Version: 1.0 X-Stat-Signature: i3r84yo5zwzramipo8srciehja9r5cox X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 5AEC740009 X-Rspam-User: X-HE-Tag: 1690147078-878026 X-HE-Meta: U2FsdGVkX18sQzt/104qLJ7DPmlcBg9JVtsBk7KzgkglVvFhQbm1xQ6zTm4JsBkMyKyda2TNpRs6nKJifecpBxCgIqi1pMIq2NDx0sFUVgm8lQTYMh3C5cXPo8fPDCVqeMtdvPXKqQ5U9VLskxu1EJn7roLxyQlpmUw55QTwCgZR+RZhDe4DDFmVbqFWSruVLw+elsV2A0R93+Vwf5Rre8jMgFpWtddoib5Kj2Z1OrtbnbCND7wcMujEB8PG13vn3y4cr6dhVi3IYEQD2tNMw34RKFCNdA+op1aqU5bOt+kEiOzKoVkGAJw4+ZIVmYu5BDZu3t7aHuEo3FmokeBswK8dJbBGfcR/trASAwkeufwvMncIL39Qdkv98oBqh0Digi5D5nJ8D70jmBgiDtGyw5Xz+mgbhzmevasELDPRys6EZvF62AQymIVJIdUmQfm7Tq4ha/7fdjvUEb9kK+pcoGCyLyEZy8yFyqmXrQJip59y514QRNZStHAhUVcjn4vNwMd8OPDsRmggqfP5CLXWJyZH/PsVfZUVFkQ9aULBdeoTCmCw05PkgDlHmTtj1hZbImdmthlrBIvyTckZnXtSXHCK+iZRiFwV/EsBZ7LUI34tO06jQIMC+p8toOHe4vk7BR8w3BthW/y0vDPJMlbyVtC0XOs34Q6AtTiqDo02AcSC2lYIwrq43Yg+fZ33EkOl08DvcNOuG2Aluf18aZXKppAckwJrRSFrG3FAo3Tss8EhuTSKjseF74hYIKZqnf8ROe7XNeC8QFzRv7lry6mHjCFvmOqD38s1aeTlu5Wc9f4/cptfZoL41fAbIYUewqjDNkOaI2zMqNjKN4xipQko8u13qlgWK0tqadf6Iytar44AmfbPsmIr9qOktzlBCSUuZ/G8qf76Ye9Oe/fatTRiXFIVRSVP+dJcAKN+OdPzS/UxJAB3kvIdzqUUYS4JoPH+DEuDI9xR76dbJM0iQnf PoKK+XVB jf8+58c5mJ08HqY6R2qmdJrfKd+jJXG3Mcw+Mjfitskn6hNMcsABu5JsT0W8ofhDyxR6J0hxAfDfTxrn0JYMf8PJBKhR+YS5jcN0ftxmlUl+Na/n9H0YkTBLZVcPvtNahFsaFSS7jMzQObqbq6AML+WaUkkJbKKy3KNc725wnBf2oPIbU44y0q7H7EiqxlNwPkWUHD/UfXOCkXWWMbyUBm96v76lUzoLgBrYeXe0Vy64mc4zvxsPQZjS4HUHOtqbKGISZNkPvI1ne9DyPAo1BX37SMxUpYDRUfsAE2Gs4RfWw6FRGMwFqcKyNaQvfJ8O2gmSonrXjY+HC4+/QQRxkDooqXs/VOeqm4vdliqNAHdEGJUqk8wTPYQ7Ga2GtqFOnze6rkGvg1ffuesnwHtgGDqz6lSYp2EIzwGHmMdlmQA/mtQjFAbUm6di/IvcjMMyH51CU+HmOLplGmZYRxSlqHDfYM6P+AGSctzUUMbSq5M5v3e4GdTcNiyVxV+ZmacGD3w+4vwJ6okId5sr+YrvgsNDfPTc4tNhgyIOxULvkZYqhnwHzBrm129jBtA8SQxIla84chbvH/xjqeSc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Booting x86_64 with CONFIG_EFI_PGT_DUMP=y shows messages of the form "mm/pgtable-generic.c:53: bad pmd (____ptrval____)(8000000100077061)". EFI_PGT_DUMP dumps all of efi_mm, including the espfix area, which is set up with pmd entries which fit the pmd_bad() check: so 0d940a9b270b warns and clears those entries, which would ruin running Win16 binaries. The failing pte_offset_map() stopped such a kernel from even booting, until a few commits later be872f83bf57 changed the pagewalk to tolerate that: but it needs to be even more careful, to not spoil those entries. I might have preferred to change init_espfix_ap() not to use "bad" pmd entries; or to leave them out of the efi_mm dump. But there is great value in staying away from there, and a pagewalk check of address against TASK_SIZE may protect from other such aberrations too. Reported-by: Mikhail Gavrilov Closes: https://lore.kernel.org/linux-mm/CABXGCsN3JqXckWO=V7p=FhPU1tK03RE1w9UE6xL5Y86SMk209w@mail.gmail.com/ Fixes: 0d940a9b270b ("mm/pgtable: allow pte_offset_map[_lock]() to fail") Fixes: be872f83bf57 ("mm/pagewalk: walk_pte_range() allow for pte_offset_map()") Signed-off-by: Hugh Dickins Tested-by: Mikhail Gavrilov --- mm/pagewalk.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/pagewalk.c b/mm/pagewalk.c index 64437105fe0d..2022333805d3 100644 --- a/mm/pagewalk.c +++ b/mm/pagewalk.c @@ -48,8 +48,11 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, if (walk->no_vma) { /* * pte_offset_map() might apply user-specific validation. + * Indeed, on x86_64 the pmd entries set up by init_espfix_ap() + * fit its pmd_bad() check (_PAGE_NX set and _PAGE_RW clear), + * and CONFIG_EFI_PGT_DUMP efi_mm goes so far as to walk them. */ - if (walk->mm == &init_mm) + if (walk->mm == &init_mm || addr >= TASK_SIZE) pte = pte_offset_kernel(pmd, addr); else pte = pte_offset_map(pmd, addr);