From patchwork Fri May  5 15:32:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 759073
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3wKGBB6qXxz9s7r;
	Sat,  6 May 2017 01:33:06 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=canonical-com.20150623.gappssmtp.com
	header.i=@canonical-com.20150623.gappssmtp.com
	header.b="cNaDfgHc"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1d6fE8-0004jt-7s; Fri, 05 May 2017 15:33:04 +0000
Received: from mail-io0-f170.google.com ([209.85.223.170])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1d6fDr-0004ct-7A
	for kernel-team@lists.ubuntu.com; Fri, 05 May 2017 15:32:47 +0000
Received: by mail-io0-f170.google.com with SMTP id k91so12654614ioi.1
	for <kernel-team@lists.ubuntu.com>;
	Fri, 05 May 2017 08:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=EgMYLQdxzQCXP5ZsRLz/2rdFF+M/Zh4r67HmSrjpofY=;
	b=cNaDfgHcHrVM4zVQmCs3dxIlsPYfZdRcsl6dJCfjrr/ciSbCjn6SOyT20ScZQFjxBQ
	8VmZomvix6SHvIY0WhNZ9gLffXgs3tkB7HuG5GK7iz42DkLDGlLkzA+xAhVtaT2n5hoC
	AoDknhvE+KzbBBzu3XV81i4kw3if5jVXvxHlP71TEesJT3NeG5P/jv+d+C3C5jrFbGyP
	U32gYi22a5z5Xx1SBJ5qvQLN+VOiCjk36AQJQvbW/0eo4kJuHzi2KMXWEzQ45jxDRjwN
	bSt2fhUz+S/WSVONo+WPC8uLuIiuhJzHCKKJW8m0Gi5FdloaLKUrRV9UhiCEA+jteqyc
	yEqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=EgMYLQdxzQCXP5ZsRLz/2rdFF+M/Zh4r67HmSrjpofY=;
	b=QMag7ODB1PxZGVeRih4IKp/N3idrZEp/AukplmlxJjoRZmVVgjUmj5joWbbcKiRG6H
	Ja2rJEP4EmRPaDnt48Ba0oWPl1NfDvl4Q3AGkMJruhriD5TchW+C577+uj6oMXstJKUO
	eDfBPnmj0TeLlbKqTzw7BckatYMVTJd2L4TrRdEB6aAxgxvBdNL36d2Zmpco999d9i7h
	NEZRSKJIaHWQw548/aCM7A82/y2HrEdlcg3RHFPKeOPWbm+hhGw8ydLrOvJ8GSy5XvQg
	vaUIeemr5lHldzPIdFcEOBS1FgpgQ6KOdfJZiOaYmc8MWWOClDuOKNH1lk17lZEsIt9W
	WLhQ==
X-Gm-Message-State: AODbwcDCb5Zz5BdlXsuu+baVtCtBxQXrlBGJrT6ZQVaRAEnltnKPmhXB
	rtIlQS6rtn+2hM2ZDr0=
X-Received: by 10.107.195.66 with SMTP id t63mr3381979iof.20.1493998365781;
	Fri, 05 May 2017 08:32:45 -0700 (PDT)
Received: from localhost ([2605:a601:aa7:8220:d525:2d8c:d0b4:d509])
	by smtp.gmail.com with ESMTPSA id
	z1sm411787iod.36.2017.05.05.08.32.44
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 05 May 2017 08:32:45 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 4/4][Zesty SRU] mm/ksm: handle protnone saved writes when
	making page write protect
Date: Fri,  5 May 2017 10:32:39 -0500
Message-Id: <1493998359-5919-5-git-send-email-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1493998359-5919-1-git-send-email-seth.forshee@canonical.com>
References: <1493998359-5919-1-git-send-email-seth.forshee@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>

BugLink: http://bugs.launchpad.net/bugs/1674838

Without this KSM will consider the page write protected, but a numa
fault can later mark the page writable.  This can result in memory
corruption.

Link: http://lkml.kernel.org/r/1487498625-10891-3-git-send-email-aneesh.kumar@linux.vnet.ibm.com
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(backported from commit 595cd8f256d24face93b2722927ec9c980419c26)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 include/asm-generic/pgtable.h | 8 ++++++++
 mm/ksm.c                      | 9 +++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
index b6f3a8a4b738..8c8ba48bef0b 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
@@ -200,6 +200,10 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addres
 #define pte_mk_savedwrite pte_mkwrite
 #endif
 
+#ifndef pte_clear_savedwrite
+#define pte_clear_savedwrite pte_wrprotect
+#endif
+
 #ifndef pmd_savedwrite
 #define pmd_savedwrite pmd_write
 #endif
@@ -208,6 +212,10 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addres
 #define pmd_mk_savedwrite pmd_mkwrite
 #endif
 
+#ifndef pmd_clear_savedwrite
+#define pmd_clear_savedwrite pmd_wrprotect
+#endif
+
 #ifndef __HAVE_ARCH_PMDP_SET_WRPROTECT
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
 static inline void pmdp_set_wrprotect(struct mm_struct *mm,
diff --git a/mm/ksm.c b/mm/ksm.c
index fed4afd8293b..099dfa45d596 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -878,7 +878,8 @@ static int write_protect_page(struct vm_area_struct *vma, struct page *page,
 	if (!ptep)
 		goto out_mn;
 
-	if (pte_write(*ptep) || pte_dirty(*ptep)) {
+	if (pte_write(*ptep) || pte_dirty(*ptep) ||
+	    (pte_protnone(*ptep) && pte_savedwrite(*ptep))) {
 		pte_t entry;
 
 		swapped = PageSwapCache(page);
@@ -903,7 +904,11 @@ static int write_protect_page(struct vm_area_struct *vma, struct page *page,
 		}
 		if (pte_dirty(entry))
 			set_page_dirty(page);
-		entry = pte_mkclean(pte_wrprotect(entry));
+
+		if (pte_protnone(entry))
+			entry = pte_mkclean(pte_clear_savedwrite(entry));
+		else
+			entry = pte_mkclean(pte_wrprotect(entry));
 		set_pte_at_notify(mm, addr, ptep, entry);
 	}
 	*orig_pte = *ptep;