search for: vm_normal_pag

vm_normal_page() @ linux-2.6-xen-sparse/mm/memory.c ... if (!vma->vm_flags & VM_RESERVED) print_bad_pte(vma, pte, addr); note:VM_RESERVED=0x00080000 This if clause is always false. Should it be "if (!(vma->vm_flags & VM_RESERVED))" ? -- yamaha...

...e(DomainU or VMX) to Domain0 through xc_map_foreign_range, the pfn(in Domain0''s memory space)which points to the mapped mfn should not correlate with any page structure. Is it right? I suppose it to be true. The question is when the kernel calls unmap_page_range, it should try to call vm_normal_page on the related pte to get the page structure. Which flag will lead vm_normal_page to return the NULL pointer? 2)IMHO, I expect only the local mapped page, which belongs to the same domain could be passed to page_remove_rmap and kick out the bug I met! direct_rmap_pfn_range looks like a suscipious...

direct_remap_pfn_range() does not properly mark vma with VM_PFNMAP. This triggers improper reference counting on what rmap thought was a normal page, and a subsequent BUG() such as: Eeek! page_mapcount(page) went negative! (-1) page->flags = 414 page->count = 1 page->mapping = 00000000 ------------[ cut here ]------------ kernel BUG at

On 02/10/19 19:04, Jerome Glisse wrote: > On Wed, Oct 02, 2019 at 06:18:06PM +0200, Paolo Bonzini wrote: >>>> If the mapping of the source VMA changes, mirroring can update the >>>> target VMA via insert_pfn. But what ensures that KVM's MMU notifier >>>> dismantles its own existing page tables (so that they can be recreated >>>> with the new

On 02/10/19 19:04, Jerome Glisse wrote: > On Wed, Oct 02, 2019 at 06:18:06PM +0200, Paolo Bonzini wrote: >>>> If the mapping of the source VMA changes, mirroring can update the >>>> target VMA via insert_pfn. But what ensures that KVM's MMU notifier >>>> dismantles its own existing page tables (so that they can be recreated >>>> with the new

...f (is_write_device_private_entry(entry)) > - mpfn |= MIGRATE_PFN_WRITE; > + writable = true; > } else { > if (is_zero_pfn(pfn)) { > mpfn = MIGRATE_PFN_MIGRATE; > @@ -2250,7 +2251,8 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, > } > page = vm_normal_page(migrate->vma, addr, pte); > mpfn = migrate_pfn(pfn) | MIGRATE_PFN_MIGRATE; > - mpfn |= pte_write(pte) ? MIGRATE_PFN_WRITE : 0; > + if (pte_write(pte)) > + writable = true; > } > > /* FIXME support THP */ > @@ -2284,8 +2286,7 @@ static int migrate_v...

.../* * TODO: Handle HMM pages which may need coordination * with device-side memory. */ goto unlock; - default: - break; } /* diff --git a/mm/memory.c b/mm/memory.c index ddf20bd0c317..bd21e7063bf0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -585,29 +585,6 @@ struct page *_vm_normal_page(struct vm_area_struct *vma, unsigned long addr, return NULL; if (is_zero_pfn(pfn)) return NULL; - - /* - * Device public pages are special pages (they are ZONE_DEVICE - * pages but different from persistent memory). They behave - * allmost like normal pages. The difference is tha...

...pfn(page)) | MIGRATE_PFN_MIGRATE; if (is_write_device_private_entry(entry)) - mpfn |= MIGRATE_PFN_WRITE; + writable = true; } else { if (is_zero_pfn(pfn)) { mpfn = MIGRATE_PFN_MIGRATE; @@ -2250,7 +2251,8 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, } page = vm_normal_page(migrate->vma, addr, pte); mpfn = migrate_pfn(pfn) | MIGRATE_PFN_MIGRATE; - mpfn |= pte_write(pte) ? MIGRATE_PFN_WRITE : 0; + if (pte_write(pte)) + writable = true; } /* FIXME support THP */ @@ -2284,8 +2286,7 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, ptep_get_and...

...; target_foff = kvmms_convert_mirror_address(start); take_lock(kvmms->mirror_fault_exclusion_lock); unmap_mapping_range(kvmms->address_space, target_foff, size, 1); drop_lock(kvmms->mirror_fault_exclusion_lock); } All that is needed is to make sure that vm_normal_page() will see those pte (inside the process that is mirroring the other process) as special which is the case either because insert_pfn() mark the pte as special or the kvm device driver which control the vm_operation struct set a find_special_page() callback that always return NULL, or the vma has e...

On Thu, Oct 03, 2019 at 04:42:20PM +0000, Mircea CIRJALIU - MELIU wrote: > > On 03/10/19 17:42, Jerome Glisse wrote: > > > All that is needed is to make sure that vm_normal_page() will see > > > those pte (inside the process that is mirroring the other process) as > > > special which is the case either because insert_pfn() mark the pte as > > > special or the kvm device driver which control the vm_operation struct > > > set a > >...

....com> Index: sle10sp2-2007-12-10/mm/memory.c =================================================================== --- sle10sp2-2007-12-10.orig/mm/memory.c 2007-12-10 12:35:41.000000000 +0100 +++ sle10sp2-2007-12-10/mm/memory.c 2007-12-10 12:36:14.000000000 +0100 @@ -396,9 +396,11 @@ struct page *vm_normal_page(struct vm_ar return NULL; } +#ifdef CONFIG_XEN /* XEN: Covers user-space grant mappings (even of local pages). */ if (unlikely(vma->vm_flags & VM_FOREIGN)) return NULL; +#endif /* * Add some anal sanity checks for now. Eventually, __________________________________...

These mappings are in fact special and require special handling in privcmd, which already exists. Failure to mark the PTE as special on arm64 causes all sorts of bad PTE fun. x86 already gets this correct. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: xen-devel@lists.xenproject.org --- arch/arm/xen/enlighten.c |

I''m sure everyone has seen the drop of VMI patches for Linux at this point, but just in case, the link is included below. I''ve read this version of the VMI spec and have made my way through most of the patches. While I wasn''t really that impressed with the first spec wrt Xen, the second version seems to be much more palatable. Specifically, the code inlining and

...if (is_write_device_private_entry(entry)) > - mpfn |= MIGRATE_PFN_WRITE; > + writable = true; > } else { > if (is_zero_pfn(pfn)) { > mpfn = MIGRATE_PFN_MIGRATE; > @@ -2250,7 +2251,8 @@ static int migrate_vma_collect_pmd(pmd_t *pmdp, > } > page = vm_normal_page(migrate->vma, addr, pte); > mpfn = migrate_pfn(pfn) | MIGRATE_PFN_MIGRATE; > - mpfn |= pte_write(pte) ? MIGRATE_PFN_WRITE : 0; > + if (pte_write(pte)) > + writable = true; > } > > /* FIXME support THP */ > @@ -2284,8 +2286,7 @@ static int migrate_vma_c...

...geKsm(page); + + return false; +} + /* * Do a quick page-table lookup for a single page. */ @@ -1266,10 +1284,11 @@ split_fallthrough: migration_entry_wait(mm, pmd, address); goto split_fallthrough; } - if ((flags & FOLL_WRITE) && !pte_write(pte)) - goto unlock; - page = vm_normal_page(vma, address, pte); + if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, page, flags)) { + pte_unmap_unlock(ptep, ptl); + return NULL; + } if (unlikely(!page)) { if ((flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(pte))) @@ -1290,7 +1309,6 @@ split_fallthrough: */...

On Tue, 25 Oct 2016 10:06:12 +0200 Christian Anthon <anthon at rth.dk> wrote: > What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to > attacks using ptrace. I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix. Ask

...unsigned long pfn) > +{ > + return vmf_insert_pfn_prot(vma, addr, pfn, vma->vm_page_prot, true); > +} > +EXPORT_SYMBOL(vmf_insert_pfn_mkwrite); > + > static bool vm_mixed_ok(struct vm_area_struct *vma, pfn_t pfn) > { > /* these checks mirror the abort conditions in vm_normal_page */

..._insert_pfn_mkwrite); >> >>>>> + >> >>>>> static bool vm_mixed_ok(struct vm_area_struct *vma, pfn_t pfn) >> >>>>> { >> >>>>> /* these checks mirror the abort conditions in >> >>>>> vm_normal_page */

...sert_pfn_prot(vma, addr, pfn, vma->vm_page_prot, >> true); >>> +} EXPORT_SYMBOL(vmf_insert_pfn_mkwrite); >>> + >>> static bool vm_mixed_ok(struct vm_area_struct *vma, pfn_t pfn) >>> { >>> /* these checks mirror the abort conditions in vm_normal_page */

...>>>> true); >>>>> +} EXPORT_SYMBOL(vmf_insert_pfn_mkwrite); >>>>> + >>>>> static bool vm_mixed_ok(struct vm_area_struct *vma, pfn_t pfn) >>>>> { >>>>> /* these checks mirror the abort conditions in vm_normal_page >>>>> */