From patchwork Mon Oct 19 15:00:50 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Capper X-Patchwork-Id: 55232 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lf0-f69.google.com (mail-lf0-f69.google.com [209.85.215.69]) by patches.linaro.org (Postfix) with ESMTPS id 9252222F11 for ; Mon, 19 Oct 2015 15:01:07 +0000 (UTC) Received: by lffz202 with SMTP id z202sf14225034lff.3 for ; Mon, 19 Oct 2015 08:01:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:sender:precedence:list-id:x-original-sender :x-original-authentication-results:mailing-list:list-post:list-help :list-archive:list-unsubscribe; bh=Mw8YrCdxMtRjrYTIpK2qYXu2Ge1ztqd8HHa9DuQPuY0=; b=AdvSoQSHsgvJT05wAOivlKEzZbq558l90drCldhcYFYwpgKqCD3alzDbAoYiom6JSe 9ABVvZalqhADYw52E0IJMD0EWcJep/tbH8yG4TLpnG0Qr68c+B6LJ9lz9j/cg/W3mcw8 KMVWRNnKRW0yIUYpdHLUAugGQ7ewpogh4yAKZwcYP5GsckDIpZ8OLiztmoo+4byhcIIg ZJ3YA8v+i7pkrQMZwooUEeWPe5IDXWfMGWXW4vmi/xpkXxyfofU8jPmIORwZHSaNZfXa UHDlITfBEq319OXszeIb4zeJvjEuOkOc4ENUGNoWlK6K3GE5Mcb8NYWmU97psDu6k8Yc P11A== X-Gm-Message-State: ALoCoQm0/d/ll6pxos8lB2fnPedwBEqNHF4OiMcrYo5RigsKfAHZUl69aP4q6z9kWjJdkHX+kIeq X-Received: by 10.112.209.73 with SMTP id mk9mr6679349lbc.14.1445266866457; Mon, 19 Oct 2015 08:01:06 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.25.18.90 with SMTP id h87ls621210lfi.9.gmail; Mon, 19 Oct 2015 08:01:06 -0700 (PDT) X-Received: by 10.112.32.72 with SMTP id g8mr14859824lbi.22.1445266866174; Mon, 19 Oct 2015 08:01:06 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com. [209.85.217.172]) by mx.google.com with ESMTPS id c70si23189971lfe.21.2015.10.19.08.01.06 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Oct 2015 08:01:06 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) client-ip=209.85.217.172; Received: by lbbwb3 with SMTP id wb3so84895749lbb.1 for ; Mon, 19 Oct 2015 08:01:06 -0700 (PDT) X-Received: by 10.112.146.104 with SMTP id tb8mr15143100lbb.35.1445266864716; Mon, 19 Oct 2015 08:01:04 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.59.35 with SMTP id w3csp1523423lbq; Mon, 19 Oct 2015 08:00:59 -0700 (PDT) X-Received: by 10.60.95.193 with SMTP id dm1mr3799765oeb.16.1445266859361; Mon, 19 Oct 2015 08:00:59 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f68si17535205oih.59.2015.10.19.08.00.58; Mon, 19 Oct 2015 08:00:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751194AbbJSPA6 (ORCPT + 2 others); Mon, 19 Oct 2015 11:00:58 -0400 Received: from mail-wi0-f170.google.com ([209.85.212.170]:38750 "EHLO mail-wi0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751209AbbJSPA5 (ORCPT ); Mon, 19 Oct 2015 11:00:57 -0400 Received: by wicll6 with SMTP id ll6so10025801wic.1 for ; Mon, 19 Oct 2015 08:00:56 -0700 (PDT) X-Received: by 10.195.12.164 with SMTP id er4mr34249585wjd.9.1445266855813; Mon, 19 Oct 2015 08:00:55 -0700 (PDT) Received: from marmot.wormnet.eu (marmot.wormnet.eu. [188.246.204.87]) by smtp.gmail.com with ESMTPSA id m6sm15361910wif.11.2015.10.19.08.00.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Oct 2015 08:00:55 -0700 (PDT) From: Steve Capper To: stable@vger.kernel.org Cc: catalin.marinas@arm.com, gkulkarni@caviumnetworks.com Subject: [PATCH] arm64: Fix THP protection change logic Date: Mon, 19 Oct 2015 16:00:50 +0100 Message-Id: <1445266850-30140-1-git-send-email-steve.capper@linaro.org> X-Mailer: git-send-email 2.1.4 Sender: stable-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: stable@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: steve.capper@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , commit 1a541b4e3cd6f5795022514114854b3e1345f24e upstream. 6910fa1 ("arm64: enable PTE type bit in the mask for pte_modify") fixes a problem whereby a large block of PROT_NONE mapped memory is incorrectly mapped as block descriptors when mprotect is called. Unfortunately, a subtle bug was introduced by this fix to the THP logic. If one mmaps a large block of memory, then faults it such that it is collapsed into THPs; resulting calls to mprotect on this area of memory will lead to incorrect table descriptors being written instead of block descriptors. This is because pmd_modify calls pte_modify which is now allowed to modify the type of the page table entry. This patch reverts commit 6910fa16dbe142f6a0fd0fd7c249f9883ff7fc8a, and fixes the problem it was trying to address by adjusting PAGE_NONE to represent a table entry. Thus no change in pte type is required when moving from PROT_NONE to a different protection. Fixes: 6910fa16dbe1 ("arm64: enable PTE type bit in the mask for pte_modify") Cc: # 4.0+ Cc: Feng Kan Reported-by: Ganapatrao Kulkarni Tested-by: Ganapatrao Kulkarni Reviewed-by: Catalin Marinas Signed-off-by: Steve Capper Signed-off-by: Catalin Marinas [SteveC: backported 1a541b4e3cd6f5795022514114854b3e1345f24e to 4.1 and 4.2 stable. Just one minor fix to second part to allow patch to apply cleanly, no logic changed.] Signed-off-by: Steve Capper --- Hi, I'm sending this backport to be applied to both 4.1 and 4.2 stable trees, as the upstream commit did not cherry-pick cleanly. No logic was changed from the upstream commit (essentially just the context surrounding the second part of the patch changed a bit). This is the first manual fix I've sent to stable@vger.kernel.org, so please do let me know if I need to do anything a little differently in future. Cheers, diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 56283f8..cf73194 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -80,7 +80,7 @@ extern void __pgd_error(const char *file, int line, unsigned long val); #define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY) #define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN) -#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_TYPE_MASK) | PTE_PROT_NONE | PTE_PXN | PTE_UXN) +#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_PXN | PTE_UXN) #define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) #define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_COPY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN) @@ -460,7 +460,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long addr) static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { const pteval_t mask = PTE_USER | PTE_PXN | PTE_UXN | PTE_RDONLY | - PTE_PROT_NONE | PTE_WRITE | PTE_TYPE_MASK; + PTE_PROT_NONE | PTE_VALID | PTE_WRITE; pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask); return pte; }