Re: [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
On 6/26/20 1:17 PM, Aneesh Kumar K.V wrote: Hi Jan, On 6/26/20 12:29 PM, Jan Stancek wrote: Hi, LTP mmap03 is getting stuck in page fault loop after commit c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4. Here's a minimized reproducer: - 8< - #include #include #include #include #include int main(int ac, char **av) { int page_sz = getpagesize(); int fildes; char *addr; fildes = open("tempfile", O_WRONLY | O_CREAT, 0666); write(fildes, , sizeof(fildes)); close(fildes); fildes = open("tempfile", O_RDONLY); unlink("tempfile"); addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0); printf("%d\n", *addr); return 0; } - >8 - Thanks for the report. This is execute only key where vma has the implied read permission. So The patch do break this case. I will see how best we can handle PROT_EXEC and the multi threaded test that required the change in the patch. Can you check with this change? While checking for access permission we are checking against UAMOR value which i think is wrong. We just need to look at the AMR and IAMR values to check whether access is permitted or not. Even if UAMOR deny the userspace management of the key, we should do the correct access check. modified arch/powerpc/mm/book3s64/pkeys.c @@ -353,9 +353,6 @@ static bool pkey_access_permitted(int pkey, bool write, bool execute) int pkey_shift; u64 amr; - if (!is_pkey_enabled(pkey)) - return true; - pkey_shift = pkeyshift(pkey); if (execute && !(read_iamr() & (IAMR_EX_BIT << pkey_shift))) return true;
Re: [bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
Hi Jan, On 6/26/20 12:29 PM, Jan Stancek wrote: Hi, LTP mmap03 is getting stuck in page fault loop after commit c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4. Here's a minimized reproducer: - 8< - #include #include #include #include #include int main(int ac, char **av) { int page_sz = getpagesize(); int fildes; char *addr; fildes = open("tempfile", O_WRONLY | O_CREAT, 0666); write(fildes, , sizeof(fildes)); close(fildes); fildes = open("tempfile", O_RDONLY); unlink("tempfile"); addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0); printf("%d\n", *addr); return 0; } - >8 - Thanks for the report. This is execute only key where vma has the implied read permission. So The patch do break this case. I will see how best we can handle PROT_EXEC and the multi threaded test that required the change in the patch. -aneesh
[bug] LTP mmap03 stuck in page fault loop after c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user")
Hi, LTP mmap03 is getting stuck in page fault loop after commit c46241a370a6 ("powerpc/pkeys: Check vma before returning key fault error to the user") System is ppc64le P9 lpar [1] running v5.8-rc2-34-g3e08a95294a4. Here's a minimized reproducer: - 8< - #include #include #include #include #include int main(int ac, char **av) { int page_sz = getpagesize(); int fildes; char *addr; fildes = open("tempfile", O_WRONLY | O_CREAT, 0666); write(fildes, , sizeof(fildes)); close(fildes); fildes = open("tempfile", O_RDONLY); unlink("tempfile"); addr = mmap(0, page_sz, PROT_EXEC, MAP_FILE | MAP_PRIVATE, fildes, 0); printf("%d\n", *addr); return 0; } - >8 - This would previously end quickly with segmentation fault, after commit c46241a370a6 test is stuck: # perf stat timeout 5 ./a.out Performance counter stats for 'timeout 5 ./a.out': 5,001.74 msec task-clock#1.000 CPUs utilized 9 context-switches #0.002 K/sec 0 cpu-migrations#0.000 K/sec 3,094,893 page-faults #0.619 M/sec 18,940,869,512 cycles#3.787 GHz (33.39%) 1,377,005,087 stalled-cycles-frontend #7.27% frontend cycles idle (50.19%) 10,949,936,056 stalled-cycles-backend# 57.81% backend cycles idle (16.62%) 21,133,828,748 instructions #1.12 insn per cycle #0.52 stalled cycles per insn (33.22%) 4,395,016,137 branches # 878.698 M/sec (49.81%) 164,499,002 branch-misses #3.74% of all branches (16.60%) 5.001237248 seconds time elapsed 0.321276000 seconds user 4.680772000 seconds sys access_pkey_error() in page fault handler now always seem to return false: __do_page_fault access_pkey_error(is_pkey: 1, is_exec: 0, is_write: 0) arch_vma_access_permitted pkey_access_permitted if (!is_pkey_enabled(pkey)) return true return false Regards, Jan [1] Architecture:ppc64le Byte Order: Little Endian CPU(s): 8 On-line CPU(s) list: 0-7 Thread(s) per core: 8 Core(s) per socket: 1 Socket(s): 1 NUMA node(s):2 Model: 2.2 (pvr 004e 0202) Model name: POWER9 (architected), altivec supported Hypervisor vendor: pHyp Virtualization type: para L1d cache: 32 KiB L1i cache: 32 KiB NUMA node0 CPU(s): NUMA node1 CPU(s): 0-7 Physical sockets:2 Physical chips: 1 Physical cores/chip: 8 Vulnerability Itlb multihit: Not affected Vulnerability L1tf: Mitigation; RFI Flush, L1D private per thread Vulnerability Mds: Not affected Vulnerability Meltdown: Mitigation; RFI Flush, L1D private per thread Vulnerability Spec store bypass: Mitigation; Kernel entry/exit barrier (eieio) Vulnerability Spectre v1:Mitigation; __user pointer sanitization, ori31 speculation barrier enabled Vulnerability Spectre v2:Mitigation; Indirect branch cache disabled, Software link stack flush Vulnerability Srbds: Not affected Vulnerability Tsx async abort: Not affected