linux/Documentation
Peter Xu 5b485efcb6 mm/page_table_check: support userfault wr-protect entries
[ Upstream commit 8430557fc5 ]

Allow page_table_check hooks to check over userfaultfd wr-protect criteria
upon pgtable updates.  The rule is no co-existance allowed for any
writable flag against userfault wr-protect flag.

This should be better than c2da319c2e, where we used to only sanitize such
issues during a pgtable walk, but when hitting such issue we don't have a
good chance to know where does that writable bit came from [1], so that
even the pgtable walk exposes a kernel bug (which is still helpful on
triaging) but not easy to track and debug.

Now we switch to track the source.  It's much easier too with the recent
introduction of page table check.

There are some limitations with using the page table check here for
userfaultfd wr-protect purpose:

  - It is only enabled with explicit enablement of page table check configs
  and/or boot parameters, but should be good enough to track at least
  syzbot issues, as syzbot should enable PAGE_TABLE_CHECK[_ENFORCED] for
  x86 [1].  We used to have DEBUG_VM but it's now off for most distros,
  while distros also normally not enable PAGE_TABLE_CHECK[_ENFORCED], which
  is similar.

  - It conditionally works with the ptep_modify_prot API.  It will be
  bypassed when e.g. XEN PV is enabled, however still work for most of the
  rest scenarios, which should be the common cases so should be good
  enough.

  - Hugetlb check is a bit hairy, as the page table check cannot identify
  hugetlb pte or normal pte via trapping at set_pte_at(), because of the
  current design where hugetlb maps every layers to pte_t... For example,
  the default set_huge_pte_at() can invoke set_pte_at() directly and lose
  the hugetlb context, treating it the same as a normal pte_t. So far it's
  fine because we have huge_pte_uffd_wp() always equals to pte_uffd_wp() as
  long as supported (x86 only).  It'll be a bigger problem when we'll
  define _PAGE_UFFD_WP differently at various pgtable levels, because then
  one huge_pte_uffd_wp() per-arch will stop making sense first.. as of now
  we can leave this for later too.

This patch also removes commit c2da319c2e altogether, as we have something
better now.

[1] https://lore.kernel.org/all/000000000000dce0530615c89210@google.com/

Link: https://lkml.kernel.org/r/20240417212549.2766883-1-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-19 06:04:29 +02:00
..
ABI block: add a partscan sysfs attribute for disks 2024-05-25 16:22:55 +02:00
accel
accounting
admin-guide smb3: fix setting SecurityFlags when encryption is required 2024-08-14 13:58:59 +02:00
arch arm64: errata: Expand speculative SSBS workaround (again) 2024-08-14 13:58:49 +02:00
block Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
bpf bpf: Replace bpf_lpm_trie_key 0-length array with flexible array 2024-08-19 06:04:27 +02:00
cdrom scsi: sr: Fix unintentional arithmetic wraparound 2024-07-25 09:50:40 +02:00
core-api workqueue: doc: Fix function and sysfs path errors 2023-10-12 07:27:22 -10:00
cpu-freq
crypto
dev-tools LoongArch changes for v6.6 2023-09-08 12:16:52 -07:00
devicetree dt-bindings: thermal: correct thermal zone node name limit 2024-08-03 08:54:12 +02:00
doc-guide
driver-api pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
fault-injection Documentation: Fix typos 2023-08-18 11:29:03 -06:00
fb Documentation: Fix typos 2023-08-18 11:29:03 -06:00
features LoongArch changes for v6.6 2023-09-08 12:16:52 -07:00
filesystems f2fs: deprecate io_bits 2024-06-12 11:12:29 +02:00
firmware_class
firmware-guide Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
fpga
gpu drm: Allow drivers to indicate the damage helpers to ignore damage clips 2024-01-31 16:19:08 -08:00
hid HID: Add introduction about HID for non-kernel programmers 2023-08-07 13:24:36 +02:00
hwmon hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu 2024-08-14 13:58:41 +02:00
i2c i2c: i801: Add support for Intel Birch Stream SoC 2023-11-28 17:19:46 +00:00
iio
images
infiniband
input input: docs: pxrc: remove reference to phoenix-sim 2023-08-28 12:43:32 -06:00
isdn
kbuild kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates 2024-07-05 09:33:56 +02:00
kernel-hacking
leds
litmus-tests
livepatch Documentation: Fix typos 2023-08-18 11:29:03 -06:00
locking Documentation: Fix typos 2023-08-18 11:29:03 -06:00
maintainer Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
mhi
misc-devices
mm mm/page_table_check: support userfault wr-protect entries 2024-08-19 06:04:29 +02:00
netlabel
netlink netlink: specs: devlink: fix reply command values 2023-10-13 17:27:27 -07:00
networking net: ena: Move XDP code to its new files 2024-04-17 11:19:32 +02:00
nvdimm
nvme
PCI Merge branch 'pci/misc' 2023-08-29 11:03:57 -05:00
pcmcia
peci
power Documentation: Fix typos 2023-08-18 11:29:03 -06:00
powerpc docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
process rust: upgrade to Rust 1.73.0 2024-02-16 19:10:43 +01:00
RCU
riscv docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
rust docs: rust: update Rust docs output path 2023-10-19 16:39:03 +02:00
scheduler Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
scsi SCSI misc on 20230902 2023-09-02 12:02:41 -07:00
security Documentation: Fix typos 2023-08-18 11:29:03 -06:00
sound ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument 2024-02-05 20:14:26 +00:00
sphinx docs: kernel_include.py: Cope with docutils 0.21 2024-05-25 16:22:55 +02:00
sphinx-static
spi Documentation: Fix typos 2023-08-18 11:29:03 -06:00
staging
target
timers
tools rtla: fix a example in rtla-timerlat-hist.rst 2023-09-22 14:44:04 +02:00
trace Documentation: probes: Add a new ret_ip callback parameter 2023-10-17 10:21:45 +09:00
translations docs: kernel_feat.py: fix potential command injection 2024-01-31 16:18:46 -08:00
usb USB / Thunderbolt / PHY driver update for 6.6-rc1 2023-09-01 09:23:34 -07:00
userspace-api media: mc: Expand MUST_CONNECT flag to always require an enabled link 2024-04-03 15:28:17 +02:00
virt ARM: 2023-09-07 13:52:20 -07:00
w1 Documentation: Fix typos 2023-08-18 11:29:03 -06:00
watchdog Documentation: Fix typos 2023-08-18 11:29:03 -06:00
wmi Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
.gitignore
atomic_bitops.txt
atomic_t.txt
Changes
CodingStyle
conf.py docs: Restore "smart quotes" for quotes 2024-04-03 15:28:22 +02:00
docutils.conf
dontdiff
index.rst
Kconfig
Makefile
memory-barriers.txt
SubmittingPatches
subsystem-apis.rst