[PATCH v2 2/4] mm: replace pud_write with pud_access_permitted in fault + gup paths

From: Dan Williams
Date: Sat Nov 11 2017 - 15:20:05 EST

Next message: Dan Williams: "[PATCH v2 3/4] mm: replace pmd_write with pmd_access_permitted in fault + gup paths"
Previous message: Dan Williams: "[PATCH v2 1/4] mm: fix device-dax pud write-faults triggered by get_user_pages()"
In reply to: Dan Williams: "[PATCH v2 1/4] mm: fix device-dax pud write-faults triggered by get_user_pages()"
Next in thread: Dan Williams: "[PATCH v2 3/4] mm: replace pmd_write with pmd_access_permitted in fault + gup paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The 'access_permitted' helper is used in the gup-fast path and goes
beyond the simple _PAGE_RW check to also:

* validate that the mapping is writable from a protection keys
standpoint

* validate that the pte has _PAGE_USER set since all fault paths where
pud_write is must be referencing user-memory.

Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Cc: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
---
arch/s390/include/asm/pgtable.h | 6 ++++++
arch/sparc/mm/gup.c | 2 +-
mm/huge_memory.c | 2 +-
mm/memory.c | 2 +-
4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
index d7fe9838084d..1f36a01e22f6 100644
--- a/arch/s390/include/asm/pgtable.h
+++ b/arch/s390/include/asm/pgtable.h
@@ -1264,6 +1264,12 @@ static inline pud_t pud_mkwrite(pud_t pud)
return pud;
}

+#define __HAVE_ARCH_PUD_WRITE
+static inline int pud_write(pud_t pud)
+{
+ return (pud_val(pud) & _REGION3_ENTRY_WRITE) != 0;
+}
+
static inline pud_t pud_mkclean(pud_t pud)
{
if (pud_large(pud)) {
diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
index 5335ba3c850e..5ae2d0a01a70 100644
--- a/arch/sparc/mm/gup.c
+++ b/arch/sparc/mm/gup.c
@@ -114,7 +114,7 @@ static int gup_huge_pud(pud_t *pudp, pud_t pud, unsigned long addr,
if (!(pud_val(pud) & _PAGE_VALID))
return 0;

- if (write && !pud_write(pud))
+ if (!pud_access_permitted(pud, write))
return 0;

refs = 0;
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 1981ed697dab..1e4e11275856 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1022,7 +1022,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr,

assert_spin_locked(pud_lockptr(mm, pud));

- if (flags & FOLL_WRITE && !pud_write(*pud))
+ if (!pud_access_permitted(*pud, flags & FOLL_WRITE))
return NULL;

if (pud_present(*pud) && pud_devmap(*pud))
diff --git a/mm/memory.c b/mm/memory.c
index a728bed16c20..64f86beadcca 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3987,7 +3987,7 @@ static int __handle_mm_fault(struct vm_area_struct *vma, unsigned long address,

/* NUMA case for anonymous PUDs would go here */

- if (dirty && !pud_write(orig_pud)) {
+ if (dirty && !pud_access_permitted(orig_pud, WRITE)) {
ret = wp_huge_pud(&vmf, orig_pud);
if (!(ret & VM_FAULT_FALLBACK))
return ret;

Next message: Dan Williams: "[PATCH v2 3/4] mm: replace pmd_write with pmd_access_permitted in fault + gup paths"
Previous message: Dan Williams: "[PATCH v2 1/4] mm: fix device-dax pud write-faults triggered by get_user_pages()"
In reply to: Dan Williams: "[PATCH v2 1/4] mm: fix device-dax pud write-faults triggered by get_user_pages()"
Next in thread: Dan Williams: "[PATCH v2 3/4] mm: replace pmd_write with pmd_access_permitted in fault + gup paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]