linux/Documentation
Peter Xu 8430557fc5 mm/page_table_check: support userfault wr-protect entries
Allow page_table_check hooks to check over userfaultfd wr-protect criteria
upon pgtable updates.  The rule is no co-existance allowed for any
writable flag against userfault wr-protect flag.

This should be better than c2da319c2e, where we used to only sanitize such
issues during a pgtable walk, but when hitting such issue we don't have a
good chance to know where does that writable bit came from [1], so that
even the pgtable walk exposes a kernel bug (which is still helpful on
triaging) but not easy to track and debug.

Now we switch to track the source.  It's much easier too with the recent
introduction of page table check.

There are some limitations with using the page table check here for
userfaultfd wr-protect purpose:

  - It is only enabled with explicit enablement of page table check configs
  and/or boot parameters, but should be good enough to track at least
  syzbot issues, as syzbot should enable PAGE_TABLE_CHECK[_ENFORCED] for
  x86 [1].  We used to have DEBUG_VM but it's now off for most distros,
  while distros also normally not enable PAGE_TABLE_CHECK[_ENFORCED], which
  is similar.

  - It conditionally works with the ptep_modify_prot API.  It will be
  bypassed when e.g. XEN PV is enabled, however still work for most of the
  rest scenarios, which should be the common cases so should be good
  enough.

  - Hugetlb check is a bit hairy, as the page table check cannot identify
  hugetlb pte or normal pte via trapping at set_pte_at(), because of the
  current design where hugetlb maps every layers to pte_t... For example,
  the default set_huge_pte_at() can invoke set_pte_at() directly and lose
  the hugetlb context, treating it the same as a normal pte_t. So far it's
  fine because we have huge_pte_uffd_wp() always equals to pte_uffd_wp() as
  long as supported (x86 only).  It'll be a bigger problem when we'll
  define _PAGE_UFFD_WP differently at various pgtable levels, because then
  one huge_pte_uffd_wp() per-arch will stop making sense first.. as of now
  we can leave this for later too.

This patch also removes commit c2da319c2e altogether, as we have something
better now.

[1] https://lore.kernel.org/all/000000000000dce0530615c89210@google.com/

Link: https://lkml.kernel.org/r/20240417212549.2766883-1-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-05-05 17:53:41 -07:00
..
ABI mm: add docs for per-order mTHP counters and transhuge_page ABI 2024-05-05 17:53:36 -07:00
accel
accounting
admin-guide mm: zswap: remove same_filled module params 2024-05-05 17:53:38 -07:00
arch Documentation/x86: Fix title underline length 2024-03-25 11:29:16 +01:00
block
bpf bpf, docs: Rename legacy conformance group to packet 2024-03-04 14:31:06 +01:00
cdrom
core-api workqueue: Changes for v6.9 2024-03-11 12:50:42 -07:00
cpu-freq
crypto
dev-tools Documentation: dev-tools: Add link to RV docs 2024-03-29 08:27:21 -06:00
devicetree Merge tag 'drm-msm-next-2024-04-11' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2024-04-12 11:01:45 +10:00
doc-guide docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
driver-api mm: zswap: remove same_filled module params 2024-05-05 17:53:38 -07:00
fault-injection Fixed case issue with 'fault-injection' in documentation 2024-02-21 13:44:21 -07:00
fb
features membarrier: riscv: Provide core serializing command 2024-02-15 08:04:14 -08:00
filesystems doc: split buffer.rst out of api-summary.rst 2024-05-05 17:53:40 -07:00
firmware_class
firmware-guide More ACPI updates for 6.9-rc1 2024-03-19 11:15:14 -07:00
fpga
gpu drm-misc-next for v6.9: 2024-02-26 09:51:49 +01:00
hid
hwmon hwmon: (aspeed-g6-pwm-tacho): Support for ASPEED g6 PWM/Fan tach 2024-03-07 10:50:16 -08:00
i2c Documentation: i2c: Document that client auto-detection is a legacy mechanism 2024-03-07 09:42:09 +01:00
iio docs: iio: add documentation for adis16475 driver 2024-02-28 19:26:36 +00:00
images
infiniband
input
isdn
kbuild Documentation/llvm: Note s390 LLVM=1 support with LLVM 18.1.0 and newer 2024-03-31 21:09:50 +09:00
kernel-hacking
leds
litmus-tests
livepatch
locking
maintainer
mhi
misc-devices
mm mm/page_table_check: support userfault wr-protect entries 2024-05-05 17:53:41 -07:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-03-11 20:38:36 -07:00
networking Documentation: Add documentation for eswitch attribute 2024-03-28 18:20:08 -07:00
nvdimm
nvme
PCI
pcmcia
peci
power Documentation: power: Fix typo in suspend and interrupts doc 2024-03-13 20:51:11 +01:00
process A handful of late-arriving documentation fixes and enhancements. 2024-03-20 09:36:46 -07:00
RCU A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
rust arm64 updates for 6.9: 2024-03-14 15:35:42 -07:00
scheduler A single update for the documentation of the base_slice_ns tunable to 2024-03-24 11:11:05 -07:00
scsi
security
sound
sphinx docs: drop the version constraints for sphinx and dependencies 2024-03-03 08:17:20 -07:00
sphinx-static
spi spi: docs: spidev: fix echo command format 2024-03-19 18:37:55 +00:00
staging
target
tee
timers
tools tools/rtla: Add -U/--user-load option to timerlat 2024-03-20 05:39:06 +01:00
trace tracing/user_events: Document multi-format flag 2024-03-18 10:13:16 -04:00
translations remove references to page->flags in documentation 2024-04-25 20:56:15 -07:00
usb Documentation: usb: Document FunctionFS DMABUF API 2024-02-17 17:00:09 +01:00
userspace-api media updates for v6.9-rc1 2024-03-15 11:36:54 -07:00
virt Documentation: kvm/sev: clarify usage of KVM_MEMORY_ENCRYPT_OP 2024-03-18 19:03:53 -04:00
w1
watchdog
wmi platform/x86: wmi: Update documentation regarding _WED 2024-02-27 14:44:31 +02:00
.gitignore
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: Restore "smart quotes" for quotes 2024-02-28 15:48:18 -07:00
docutils.conf
dontdiff
index.rst A moderatly busy cycle for development this time around. 2024-03-12 15:18:34 -07:00
Kconfig
Makefile docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than htmldocs 2024-03-05 11:06:43 -07:00
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst