forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
789,409 commits 5 branches 3 tags 4.3 GiB
  • C 97.1%
  • Assembly 1.8%
  • Shell 0.4%
  • Makefile 0.3%
  • Python 0.2%
Find a file
Michael Ellerman cd3e49394c powerpc/mm/64s/hash: Reallocate context ids on fork 
commit ca72d88378 upstream.

When using the Hash Page Table (HPT) MMU, userspace memory mappings
are managed at two levels. Firstly in the Linux page tables, much like
other architectures, and secondly in the SLB (Segment Lookaside
Buffer) and HPT. It's the SLB and HPT that are actually used by the
hardware to do translations.

As part of the series adding support for 4PB user virtual address
space using the hash MMU, we added support for allocating multiple
"context ids" per process, one for each 512TB chunk of address space.
These are tracked in an array called extended_id in the mm_context_t
of a process that has done a mapping above 512TB.

If such a process forks (ie. clone(2) without CLONE_VM set) it's mm is
copied, including the mm_context_t, and then init_new_context() is
called to reinitialise parts of the mm_context_t as appropriate to
separate the address spaces of the two processes.

The key step in ensuring the two processes have separate address
spaces is to allocate a new context id for the process, this is done
at the beginning of hash__init_new_context(). If we didn't allocate a
new context id then the two processes would share mappings as far as
the SLB and HPT are concerned, even though their Linux page tables
would be separate.

For mappings above 512TB, which use the extended_id array, we
neglected to allocate new context ids on fork, meaning the parent and
child use the same ids and therefore share those mappings even though
they're supposed to be separate. This can lead to the parent seeing
writes done by the child, which is essentially memory corruption.

There is an additional exposure which is that if the child process
exits, all its context ids are freed, including the context ids that
are still in use by the parent for mappings above 512TB. One or more
of those ids can then be reallocated to a third process, that process
can then read/write to the parent's mappings above 512TB. Additionally
if the freed id is used for the third process's primary context id,
then the parent is able to read/write to the third process's mappings
*below* 512TB.

All of these are fundamental failures to enforce separation between
processes. The only mitigating factor is that the bug only occurs if a
process creates mappings above 512TB, and most applications still do
not create such mappings.

Only machines using the hash page table MMU are affected, eg. PowerPC
970 (G5), PA6T, Power5/6/7/8/9. By default Power9 bare metal machines
(powernv) use the Radix MMU and are not affected, unless the machine
has been explicitly booted in HPT mode (using disable_radix on the
kernel command line). KVM guests on Power9 may be affected if the host
or guest is configured to use the HPT MMU. LPARs under PowerVM on
Power9 are affected as they always use the HPT MMU. Kernels built with
PAGE_SIZE=4K are not affected.

The fix is relatively simple, we need to reallocate context ids for
all extended mappings on fork.

Fixes: f384796c40 ("powerpc/mm: Add support for handling > 512TB address in SLB miss")
Cc: stable@vger.kernel.org # v4.17+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-25 11:36:02 +08:00
arch powerpc/mm/64s/hash: Reallocate context ids on fork 2019-06-25 11:36:02 +08:00
block block, bfq: increase idling for weight-raised queues 2019-06-15 11:54:10 +02:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: ccm - fix incompatibility between "ccm" and "ccm_base" 2019-05-22 07:37:43 +02:00
Documentation tcp: add tcp_min_snd_mss sysctl 2019-06-17 19:51:56 +02:00
drivers staging: erofs: add requirements field in superblock 2019-06-25 11:36:01 +08:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write 2019-06-25 11:36:01 +08:00
include {nl,mac}80211: allow 4addr AP operation on crypto controlled devices 2019-06-25 11:36:01 +08:00
init initramfs: free initrd memory if opening /initrd.image fails 2019-06-15 11:54:01 +02:00
ipc ipc: prevent lockup on alloc_msg and free_msg 2019-06-15 11:54:00 +02:00
kernel tracing: Silence GCC 9 array bounds warning 2019-06-25 11:35:52 +08:00
lib test_firmware: Use correct snprintf() limit 2019-06-11 12:20:54 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm coredump: fix race condition between collapse_huge_page() and core dumping 2019-06-22 08:15:21 +02:00
net mac80211: Do not use stack memory with scatterlist for GMAC 2019-06-25 11:36:02 +08:00
samples samples: mei: use /dev/mei0 instead of /dev/mei 2019-02-15 08:10:11 +01:00
scripts scripts/checkstack.pl: Fix arm64 wrong or unknown architecture 2019-06-25 11:35:58 +08:00
security apparmor: enforce nullbyte at end of tag string 2019-06-25 11:35:54 +08:00
sound ALSA: hda - Force polling mode on CNL for fixing codec communication 2019-06-22 08:15:17 +02:00
tools selftests: vm: install test_vmalloc.sh for run_vmtests 2019-06-25 11:35:56 +08:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: arm/arm64: Move cc/it checks under hyp's Makefile to avoid instrumentation 2019-06-19 08:18:04 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS platform/x86: Add Intel AtomISP2 dummy / power-management driver 2019-04-20 09:16:02 +02:00
Makefile gcc-9: silence 'address-of-packed-member' warning 2019-06-25 11:35:52 +08:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.