| Message ID | 20221110203504.1985010-6-seanjc@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp366420wru;
Thu, 10 Nov 2022 12:44:16 -0800 (PST)
X-Google-Smtp-Source:
AMsMyM4nLOLiV5IXtcCPLgcg8CVOLWLcT4igmcfWJchkj+C2KCob9gnA7FuHPB3oZa8Byx1O3WMw
X-Received: by 2002:a05:6402:e0d:b0:463:9b53:cbf6 with SMTP id
h13-20020a0564020e0d00b004639b53cbf6mr3518633edh.173.1668113056373;
Thu, 10 Nov 2022 12:44:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668113056; cv=none;
d=google.com; s=arc-20160816;
b=FJKFHC6ZLNG1ijthUH6N1LK2Qi0oSk35RP1zp6paWdx24IaSjVQmLvbBaZNOPnNIXH
IS0rR3mZzqoUb2Ud+wr2TXhbGgLTfb1+C5gEnhNDlCa4fkrVg9IVP0y3HNRuuv/cPLmn
ohGyqidFe2DfVpx7Vhr3YktKHeCtodujicXeP0BzL7iCQ4DoFCsYld+hmyt8EgRsgrBL
InFLV8nCK/c5Ugl8i0VNjE/kf0y/na+rr6GSncJZMYmhCa3DVTjYPahdamlODhfFu82m
DtK6qdOFMtLhGDo7TwrqC22rDh7ReZ1lO9M5OsnSh2GsTA4STbocaK8TpJR5ULR1BO9m
n8Gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:references
:mime-version:in-reply-to:date:reply-to:dkim-signature;
bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=;
b=SXSOfFiVI10m/XeT83QQAGaMZGXZu6QBednGI+aNlXpCFOQiX/jNbe2uvEWA7coIqA
kf+uZV9y6XYIswAaXN59FYaq2jd46NSYMixFVtZdW4t9ArnG7cySgcyHfS5V8tQ3mAkm
KYZpuBLrunYb4hRu0SuQ3iQVJQcMnxfZ4tS8cSh2ZEU+IR68+yOWqOKigi6lFiMeVXTY
3q9I9y/YPlDb1sRILwCV9PRatg9uW96P2l/SsY7ZayZSnSJvyp3yUxEIW35KBT914EIC
TYx7qf3BgsJB7gOsjhmh79ZnQabs3g+1ebblXhmvtSuVegJRg3BgMGxmidInUvoJQzTy
qC3g==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b="F/+UCskf";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
n2-20020a170906700200b00781d82a6fc9si210705ejj.264.2022.11.10.12.43.51;
Thu, 10 Nov 2022 12:44:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b="F/+UCskf";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S232071AbiKJUfk (ORCPT <rfc822;winker.wchi@gmail.com>
+ 99 others); Thu, 10 Nov 2022 15:35:40 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43028 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231932AbiKJUfQ (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 10 Nov 2022 15:35:16 -0500
Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com
[IPv6:2607:f8b0:4864:20::104a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE0874E41E
for <linux-kernel@vger.kernel.org>;
Thu, 10 Nov 2022 12:35:15 -0800 (PST)
Received: by mail-pj1-x104a.google.com with SMTP id
ch8-20020a17090af40800b002140ba517b6so1629980pjb.4
for <linux-kernel@vger.kernel.org>;
Thu, 10 Nov 2022 12:35:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:from:to:cc:subject:date:message-id:reply-to;
bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=;
b=F/+UCskf44ADzGslt/IGpWoJh4u6oVd2pp653aShhnTg9HGbG3ZOsV/FfEAlnWOv5l
xsKVf7wW/egGgeqeM0wcau4N13Ku8o7LmHx1T3stlAJ8yJvPcQ1cBg+QcQV9iwsd2e8E
HeVgQc8NwGhGuWRTVRY/EwK8DiqhRfwl3cwXbOB+JFTihHxEBUJbpnksAnzIm8pRoFIO
9hsDruJByPgnUprVEPZoDYLLHYmVnWC+FpwJdKXALBXK8nN4FiMI/iw3lGWT8Q5JcCeg
E8HLRuikgjnjtYd/4ZOd0xFNDQJuJrgDYUSkmPio/aXmZjRLhsZGIDceELpbs7rsc7cf
P7PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=u6Cw0ZmfOshKtE4Fs73s8CsSsDU0YsFyudltt9Q+W64=;
b=LErW4KZWEDVZZ9Y/mLpinhOuYT5adKhTcDe+NO4mPd9aWlY/UJrCN3dJwkQ5XnO0Ic
x7F+3preOBYIjt7ouOMBMlszSUpbpfwdTBQWtb2WyeEueQ8/+tyzHomVvn+ZX2Zgqzz+
sFDukQWoSUy5CVp42+1vDd7thstpwBu5P0n9PI8mwAHe/QgCXTB8DM0+k2q3/r1c3YKu
whimpVhnnXXszJ5rd0d49jvsSjhl174H942howCjubQ4OoTdgXZuyyv1VzpVTgYDaWS2
94rdcktNAAivBNLtWxvtRZ4wF3S3UVE7WiURIwV6RrGxmox3zywkW67RhS9BHaHcuHJa
0O/g==
X-Gm-Message-State: ACrzQf0VlqAdGjkqpGVV9K713CoJ5nIJfOiLfbe1tNYAuIyGPssR34ks
aPDVva7LyzlHU2WAgFeM8Ec2Kh98krg=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a62:1595:0:b0:566:9f68:c0ad with SMTP id
143-20020a621595000000b005669f68c0admr3437397pfv.57.1668112515250; Thu, 10
Nov 2022 12:35:15 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 10 Nov 2022 20:35:04 +0000
In-Reply-To: <20221110203504.1985010-1-seanjc@google.com>
Mime-Version: 1.0
References: <20221110203504.1985010-1-seanjc@google.com>
X-Mailer: git-send-email 2.38.1.431.g37b22c650d-goog
Message-ID: <20221110203504.1985010-6-seanjc@google.com>
Subject: [PATCH v2 5/5] x86/kasan: Populate shadow for shared chunk of the CPU
entry area
From: Sean Christopherson <seanjc@google.com>
To: Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
Sean Christopherson <seanjc@google.com>,
syzbot+ffb4f000dc2872c93f62@syzkaller.appspotmail.com,
syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749143316306858415?=
X-GMAIL-MSGID: =?utf-8?q?1749143316306858415?=
|
| Series |
x86/kasan: Bug fixes for recent CEA changes
|
|
Commit Message
Sean Christopherson
Nov. 10, 2022, 8:35 p.m. UTC
Popuplate the shadow for the shared portion of the CPU entry area, i.e.
the read-only IDT mapping, during KASAN initialization. A recent change
modified KASAN to map the per-CPU areas on-demand, but forgot to keep a
shadow for the common area that is shared amongst all CPUs.
Map the common area in KASAN init instead of letting idt_map_in_cea() do
the dirty work so that it Just Works in the unlikely event more shared
data is shoved into the CPU entry area.
The bug manifests as a not-present #PF when software attempts to lookup
an IDT entry, e.g. when KVM is handling IRQs on Intel CPUs (KVM performs
direct CALL to the IRQ handler to avoid the overhead of INTn):
BUG: unable to handle page fault for address: fffffbc0000001d8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 16c03a067 P4D 16c03a067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 5 PID: 901 Comm: repro Tainted: G W 6.1.0-rc3+ #410
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:kasan_check_range+0xdf/0x190
vmx_handle_exit_irqoff+0x152/0x290 [kvm_intel]
vcpu_run+0x1d89/0x2bd0 [kvm]
kvm_arch_vcpu_ioctl_run+0x3ce/0xa70 [kvm]
kvm_vcpu_ioctl+0x349/0x900 [kvm]
__x64_sys_ioctl+0xb8/0xf0
do_syscall_64+0x2b/0x50
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Fixes: 9fd429c28073 ("x86/kasan: Map shadow for percpu pages on demand")
Reported-by: syzbot+8cdd16fd5a6c0565e227@syzkaller.appspotmail.com
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/mm/kasan_init_64.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
Comments
On 11/10/22 23:35, Sean Christopherson wrote: > > + /* > + * Populate the shadow for the shared portion of the CPU entry area. > + * Shadows for the per-CPU areas are mapped on-demand, as each CPU's > + * area is randomly placed somewhere in the 512GiB range and mapping > + * the entire 512GiB range is prohibitively expensive. > + */ > + kasan_populate_early_shadow((void *)shadow_cea_begin, > + (void *)shadow_cea_per_cpu_begin); > + I know I suggested to use "early" here, but I just realized that this might be a problem. This will actually map shadow page for the 8 pages (KASAN_SHADOW_SCALE_SHIFT) of the original memory. In case there is some per-cpu entry area starting right at CPU_ENTRY_AREA_PER_CPU the shadow for it will be covered with kasan_early_shadow_page instead of the usual one. So we need to go back to your v1 PATCH, or alternatively we can round up CPU_ENTRY_AREA_PER_CPU #define CPU_ENTRY_AREA_PER_CPU (CPU_ENTRY_AREA_RO_IDT + PAGE_SIZE << KASAN_SHADOW_SCALE_SHIFT) Such change will also require fixing up max_cea calculation in init_cea_offsets() Going back kasan_populate_shadow() seems like safer and easier choice. The only disadvantage of it that we might waste 1 page, which is not much compared to the KASAN memory overhead. > kasan_populate_early_shadow((void *)shadow_cea_end, > kasan_mem_to_shadow((void *)__START_KERNEL_map)); >
On Mon, Nov 14, 2022 at 05:44:00PM +0300, Andrey Ryabinin wrote: > Going back kasan_populate_shadow() seems like safer and easier choice. > The only disadvantage of it that we might waste 1 page, which is not > much compared to the KASAN memory overhead. So the below delta? --- --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -388,7 +388,7 @@ void __init kasan_init(void) shadow_cea_end = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_MAP_SIZE); - kasan_populate_early_shadow( + kasan_populate_shadow( kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), kasan_mem_to_shadow((void *)VMALLOC_START));
On Mon, Nov 14, 2022, Peter Zijlstra wrote: > On Mon, Nov 14, 2022 at 05:44:00PM +0300, Andrey Ryabinin wrote: > > Going back kasan_populate_shadow() seems like safer and easier choice. > > The only disadvantage of it that we might waste 1 page, which is not > > much compared to the KASAN memory overhead. > > So the below delta? > > --- > --- a/arch/x86/mm/kasan_init_64.c > +++ b/arch/x86/mm/kasan_init_64.c > @@ -388,7 +388,7 @@ void __init kasan_init(void) > shadow_cea_end = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_BASE + > CPU_ENTRY_AREA_MAP_SIZE); > > - kasan_populate_early_shadow( > + kasan_populate_shadow( > kasan_mem_to_shadow((void *)PAGE_OFFSET + MAXMEM), > kasan_mem_to_shadow((void *)VMALLOC_START)); Wrong one, that's the existing mapping. To get back to v1: diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index af82046348a0..0302491d799d 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -416,8 +416,8 @@ void __init kasan_init(void) * area is randomly placed somewhere in the 512GiB range and mapping * the entire 512GiB range is prohibitively expensive. */ - kasan_populate_early_shadow((void *)shadow_cea_begin, - (void *)shadow_cea_per_cpu_begin); + kasan_populate_shadow(shadow_cea_begin, + shadow_cea_per_cpu_begin, 0); kasan_populate_early_shadow((void *)shadow_cea_end, kasan_mem_to_shadow((void *)__START_KERNEL_map));
On Mon, Nov 14, 2022 at 05:53:43PM +0000, Sean Christopherson wrote: > Wrong one, that's the existing mapping. To get back to v1: > > diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c > index af82046348a0..0302491d799d 100644 > --- a/arch/x86/mm/kasan_init_64.c > +++ b/arch/x86/mm/kasan_init_64.c > @@ -416,8 +416,8 @@ void __init kasan_init(void) > * area is randomly placed somewhere in the 512GiB range and mapping > * the entire 512GiB range is prohibitively expensive. > */ > - kasan_populate_early_shadow((void *)shadow_cea_begin, > - (void *)shadow_cea_per_cpu_begin); > + kasan_populate_shadow(shadow_cea_begin, > + shadow_cea_per_cpu_begin, 0); > > kasan_populate_early_shadow((void *)shadow_cea_end, > kasan_mem_to_shadow((void *)__START_KERNEL_map)); OK. It now looks like so: https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?h=x86/mm&id=14ca169feec3cb442ef4d322f8f65ba360f42784 If the robots don't hate on it because I fat fingered it or seomthing stupid, I'll go push it out tomorrow.
diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index afc5e129ca7b..af82046348a0 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -341,7 +341,7 @@ void __init kasan_populate_shadow_for_vaddr(void *va, size_t size, int nid) void __init kasan_init(void) { - unsigned long shadow_cea_begin, shadow_cea_end; + unsigned long shadow_cea_begin, shadow_cea_per_cpu_begin, shadow_cea_end; int i; memcpy(early_top_pgt, init_top_pgt, sizeof(early_top_pgt)); @@ -384,6 +384,7 @@ void __init kasan_init(void) } shadow_cea_begin = kasan_mem_to_shadow_align_down(CPU_ENTRY_AREA_BASE); + shadow_cea_per_cpu_begin = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_PER_CPU); shadow_cea_end = kasan_mem_to_shadow_align_up(CPU_ENTRY_AREA_BASE + CPU_ENTRY_AREA_MAP_SIZE); @@ -409,6 +410,15 @@ void __init kasan_init(void) kasan_mem_to_shadow((void *)VMALLOC_END + 1), (void *)shadow_cea_begin); + /* + * Populate the shadow for the shared portion of the CPU entry area. + * Shadows for the per-CPU areas are mapped on-demand, as each CPU's + * area is randomly placed somewhere in the 512GiB range and mapping + * the entire 512GiB range is prohibitively expensive. + */ + kasan_populate_early_shadow((void *)shadow_cea_begin, + (void *)shadow_cea_per_cpu_begin); + kasan_populate_early_shadow((void *)shadow_cea_end, kasan_mem_to_shadow((void *)__START_KERNEL_map));