Displaying 20 results from an estimated 58 matches for "vm_write".
2019 Aug 23
6
[PATCH 0/2] mm/hmm: two bug fixes for hmm_range_fault()
I have been working on converting Jerome's hmm_dummy driver and self
tests into a stand-alone set of tests to be included in
tools/testing/selftests/vm and came across these two bug fixes in the
process. The tests aren't quite ready to be posted as a patch.
I'm posting the fixes now since I thought they shouldn't wait.
They should probably have a fixes line but with all the HMM
2011 Mar 19
1
[patch 2/2] xen-gntdev: unlock on error path in gntdev_mmap()
...ew carefully.
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -662,7 +662,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
if (map->flags) {
if ((vma->vm_flags & VM_WRITE) &&
(map->flags & GNTMAP_readonly))
- return -EINVAL;
+ goto out_unlock_put;
} else {
map->flags = GNTMAP_host_map;
if (!(vma->vm_flags & VM_WRITE))
@@ -700,6 +700,8 @@ unlock_out:
spin_unlock(&priv->lock);
return err;
+out_unlock_put:
+ spin_u...
2011 Mar 19
1
[patch 2/2] xen-gntdev: unlock on error path in gntdev_mmap()
...ew carefully.
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -662,7 +662,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
if (map->flags) {
if ((vma->vm_flags & VM_WRITE) &&
(map->flags & GNTMAP_readonly))
- return -EINVAL;
+ goto out_unlock_put;
} else {
map->flags = GNTMAP_host_map;
if (!(vma->vm_flags & VM_WRITE))
@@ -700,6 +700,8 @@ unlock_out:
spin_unlock(&priv->lock);
return err;
+out_unlock_put:
+ spin_u...
2011 Mar 19
1
[patch 2/2] xen-gntdev: unlock on error path in gntdev_mmap()
...ew carefully.
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 017ce60..b0f9e8f 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -662,7 +662,7 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
if (map->flags) {
if ((vma->vm_flags & VM_WRITE) &&
(map->flags & GNTMAP_readonly))
- return -EINVAL;
+ goto out_unlock_put;
} else {
map->flags = GNTMAP_host_map;
if (!(vma->vm_flags & VM_WRITE))
@@ -700,6 +700,8 @@ unlock_out:
spin_unlock(&priv->lock);
return err;
+out_unlock_put:
+ spin_u...
2019 Aug 23
0
[PATCH 2/2] mm/hmm: hmm_range_fault() infinite loop
Normally, callers to handle_mm_fault() are supposed to check the
vma->vm_flags first. hmm_range_fault() checks for VM_READ but doesn't
check for VM_WRITE if the caller requests a page to be faulted in
with write permission (via the hmm_range.pfns[] value).
If the vma is write protected, this can result in an infinite loop:
hmm_range_fault()
walk_page_range()
...
hmm_vma_walk_hole()
hmm_vma_walk_hole_()
hmm_vma_do_...
2019 Aug 27
2
[PATCH 2/2] mm/hmm: hmm_range_fault() infinite loop
...+ b/mm/hmm.c
> @@ -292,6 +292,9 @@ static int hmm_vma_walk_hole_(unsigned long addr, unsigned long end,
> hmm_vma_walk->last = addr;
> i = (addr - range->start) >> PAGE_SHIFT;
>
> + if (write_fault && walk->vma && !(walk->vma->vm_flags & VM_WRITE))
> + return -EPERM;
Can walk->vma be NULL here? hmm_vma_do_fault() touches it
unconditionally.
Jason
2020 Nov 06
0
[PATCH v3 3/6] mm: support THP migration to device private memory
...migrate->src[migrate->npages] = MIGRATE_PFN_MIGRATE |
+ MIGRATE_PFN_COMPOUND;
+ migrate->dst[migrate->npages] = 0;
+ migrate->npages++;
+ migrate->cpages++;
+ return migrate_vma_collect_skip(start + PAGE_SIZE, end, walk);
}
+ mpfn = (migrate->vma->vm_flags & VM_WRITE) ?
+ (MIGRATE_PFN_MIGRATE | MIGRATE_PFN_WRITE) : MIGRATE_PFN_MIGRATE;
for (addr = start; addr < end; addr += PAGE_SIZE) {
- migrate->src[migrate->npages] = MIGRATE_PFN_MIGRATE;
+ migrate->src[migrate->npages] = mpfn;
migrate->dst[migrate->npages] = 0;
migrate->npa...
2020 Jun 19
0
[PATCH 13/16] mm: support THP migration to device private memory
...abort;
+
+ pgtable = pte_alloc_one(mm);
+ if (unlikely(!pgtable))
+ goto abort;
+
+ __SetPageUptodate(page);
+
+ if (is_zone_device_page(page)) {
+ if (!is_device_private_page(page))
+ goto pgtable_abort;
+ entry = swp_entry_to_pmd(make_device_private_entry(page,
+ vma->vm_flags & VM_WRITE));
+ } else {
+ entry = mk_huge_pmd(page, vma->vm_page_prot);
+ entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
+ }
+
+ ptl = pmd_lock(mm, pmdp);
+
+ if (check_stable_address_space(mm))
+ goto unlock_abort;
+
+ /*
+ * Check for userfaultfd but do not deliver the fault. Instead,
+ * just...
1998 Nov 21
2
simple perl script bypasses limits
Any user with shell access, or with access to upload a cgi
script can exploit this to make machine thrash badly.
Seems to circumvent any limits in the kernel
Here are my settings
dlai@whale.home.org:/home/dlai?limit
cputime unlimited
filesize 20000 kbytes
datasize 8192 kbytes
stacksize 8192 kbytes
coredumpsize 1000000 kbytes
memoryuse 8192 kbytes
descriptors
2010 Dec 08
2
[PATCH] xen: gntdev: move use of GNTMAP_contains_pte next to the map_op
...static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
vma->vm_private_data = map;
map->vma = vma;
- map->flags = GNTMAP_host_map | GNTMAP_application_map | GNTMAP_contains_pte;
+ map->flags = GNTMAP_host_map | GNTMAP_application_map;
if (!(vma->vm_flags & VM_WRITE))
map->flags |= GNTMAP_readonly;
diff --git a/drivers/xen/hypercall.c b/drivers/xen/hypercall.c
index 4eb6b34..054826b 100644
--- a/drivers/xen/hypercall.c
+++ b/drivers/xen/hypercall.c
@@ -11,6 +11,7 @@
#include <asm/xen/hypercall.h>
struct mmap_hypercall {
+ spinlock_t lock;
s...
2019 Jun 26
0
[PATCH 04/25] mm: remove MEMORY_DEVICE_PUBLIC support
...if (!is_device_public_page(page))
- return false;
- extra++;
+ return is_device_private_page(page);
}
/* For file back page */
@@ -2665,11 +2650,6 @@ static void migrate_vma_insert_page(struct migrate_vma *migrate,
swp_entry = make_device_private_entry(page, vma->vm_flags & VM_WRITE);
entry = swp_entry_to_pte(swp_entry);
- } else if (is_device_public_page(page)) {
- entry = pte_mkold(mk_pte(page, READ_ONCE(vma->vm_page_prot)));
- if (vma->vm_flags & VM_WRITE)
- entry = pte_mkwrite(pte_mkdirty(entry));
- entry = pte_mkdevmap(entry);
}
} else {
en...
2019 Aug 27
0
[PATCH 2/2] mm/hmm: hmm_range_fault() infinite loop
...@ -292,6 +292,9 @@ static int hmm_vma_walk_hole_(unsigned long addr, unsigned long end,
>> hmm_vma_walk->last = addr;
>> i = (addr - range->start) >> PAGE_SHIFT;
>>
>> + if (write_fault && walk->vma && !(walk->vma->vm_flags & VM_WRITE))
>> + return -EPERM;
>
> Can walk->vma be NULL here? hmm_vma_do_fault() touches it
> unconditionally.
>
> Jason
>
walk->vma can be NULL. hmm_vma_do_fault() no longer touches it
unconditionally, that is what the preceding patch fixes.
I suppose I could change hmm_v...
2020 Jun 21
2
[PATCH 13/16] mm: support THP migration to device private memory
...(unlikely(!pgtable))
> + goto abort;
> +
> + __SetPageUptodate(page);
> +
> + if (is_zone_device_page(page)) {
> + if (!is_device_private_page(page))
> + goto pgtable_abort;
> + entry = swp_entry_to_pmd(make_device_private_entry(page,
> + vma->vm_flags & VM_WRITE));
> + } else {
> + entry = mk_huge_pmd(page, vma->vm_page_prot);
> + entry = maybe_pmd_mkwrite(pmd_mkdirty(entry), vma);
> + }
> +
> + ptl = pmd_lock(mm, pmdp);
> +
> + if (check_stable_address_space(mm))
> + goto unlock_abort;
> +
> + /*
> + * Check for...
2020 Nov 06
12
[PATCH v3 0/6] mm/hmm/nouveau: add THP migration to migrate_vma_*
This series adds support for transparent huge page migration to
migrate_vma_*() and adds nouveau SVM and HMM selftests as consumers.
Earlier versions were posted previously [1] and [2].
The patches apply cleanly to the linux-mm 5.10.0-rc2 tree. There are a
lot of other THP patches being posted. I don't think there are any
semantic conflicts but there may be some merge conflicts depending on
2016 Oct 26
2
CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
...- * page might get reCOWed by userspace write).
+ * pte_write. We cannot simply drop FOLL_WRITE
+ * here because the COWed page might be gone by
+ * the time we do the subsequent page lookups.
*/
if ((ret & VM_FAULT_WRITE) &&
!(vma->vm_flags & VM_WRITE))
- foll_flags &= ~FOLL_WRITE;
+ foll_flags |= FOLL_COW;
cond_resched();
}
2016 Oct 25
5
CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 10:06:12 +0200
Christian Anthon <anthon at rth.dk> wrote:
> What is the best approach on centos 6 to mitigate the problem is
> officially patched? As far as I can tell Centos 6 is vulnerable to
> attacks using ptrace.
I can confirm that c6 is vulnerable, we're running a patched kernel
(local build) using a rhel6 adaptation of the upstream fix.
Ask
2020 Sep 02
10
[PATCH v2 0/7] mm/hmm/nouveau: add THP migration to migrate_vma_*
This series adds support for transparent huge page migration to
migrate_vma_*() and adds nouveau SVM and HMM selftests as consumers.
An earlier version was posted previously [1]. This version now
supports splitting a THP midway in the migration process which
led to a number of changes.
The patches apply cleanly to the current linux-mm tree. Since there
are a couple of patches in linux-mm from Dan
2019 Oct 30
0
[PATCH v2 09/15] xen/gntdev: use mmu_range_notifier_insert
...1,10 +1008,6 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> vma->vm_flags |= VM_DONTCOPY;
>
> vma->vm_private_data = map;
> -
> - if (use_ptemod)
> - map->vma = vma;
> -
> if (map->flags) {
> if ((vma->vm_flags & VM_WRITE) &&
> (map->flags & GNTMAP_readonly))
> @@ -1125,8 +1018,28 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> map->flags |= GNTMAP_readonly;
> }
>
> + if (use_ptemod) {
> + map->vma = vma;
> + err = mmu_range_notif...
2020 Jun 19
22
[PATCH 00/16] mm/hmm/nouveau: THP mapping and migration
These patches apply to linux-5.8.0-rc1. Patches 1-3 should probably go
into 5.8, the others can be queued for 5.9. Patches 4-6 improve the HMM
self tests. Patch 7-8 prepare nouveau for the meat of this series which
adds support and testing for compound page mapping of system memory
(patches 9-11) and compound page migration to device private memory
(patches 12-16). Since these changes are split
2024 Jan 24
1
[PATCH] mm: Remove double faults once write a device pfn
...not mention that this problem only exists on arm64 platform.
>> >> Ok, that makes at least a little bit more sense.
>> >>
>> >>> Because on arm64 platform the PTE_RDONLY is automatically attached
>> >>> to the userspace pte entries even through VM_WRITE + VM_SHARE.
>> >>> The PTE_RDONLY needs to be cleared in vmf_insert_pfn_prot. However
>> >>> vmf_insert_pfn_prot do not make the pte writable passing false
>> >>> @mkwrite to insert_pfn.
>> >> Question is why is arm64 doing this? As far as I...