Re: [RFC/PATCH 19/22] s390/mm: Split huge pages if granular protection is needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07.12.2017 17:32, David Hildenbrand wrote:
> On 06.11.2017 23:29, Janosch Frank wrote:
>> A guest can put DAT tables for a lower level guest in the same huge
>> segment as one of its prefixes. This would make it necessary for the
>> segment to be unprotected (because of the prefix) and protected
>> (because of the shadowing) at the same time. This is not possible in
>> this universe.
>>
>> Hence we split the affected huge segment, so we can protect on a
>> per-page basis. Such gmap segments are special and get a new software
>> bit, that helps us handling this edge case.
> 
> I am thinking about another condition and am not sure yet if it is
> really a problem and already handled by this patch (if so, feel free to
> add it to the description :) ): G2 -> G3 page table and a contained G2
> -> G3 page lying on same G1 huge page

Valid objection, but we (hopefully :) ) got you covered.

We directly split on a pmd protection with the VSIE bit and then
re-drive protection on the pte:

if (((prot != PROT_WRITE) && (bits & GMAP_ENTRY_VSIE))) {
		ret = gmap_pmd_split(gmap, gaddr, pmdp);

The red-rive is a bit ugly because of the EFAULT, but I'm open to
suggestions.



> 
> G1 runs G2 with huge pages.
> G2 runs G3 without huge pages,
> G1 creates shadow page tables for G3.
> 
> G2 has no idea of huge pages, so it could happen that a
> page table from G2 -> G3 falls into the same G1 huge page as a G2->G3
> backing page.
> 
> Now, if we're unlucky, it can happen that this page table references
> that G3 page, lying on the same G1 huge page.
> 
> G1 will create a shadow page table, protecting access to this huge page
> (do maintain the shadow properly).
> 
> What will happen when G3 tries to write to this page:
> 
> 1. Shadow page table in G1 is built, huge page is protected in g2 gmap.
> 2. Part of that huge page is to be used in the shadow page table with
> write access. This huge page is protected but we need write access, we
> need to fixup.
> 3. Fixing up will invalidate the shadow page table.
> 
> IOW, G3 will never make progress.
> 
> 


Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux