[PATCH v1 2/2] arm64/mm: Add uffd write-protect support

Wed Apr 24 04:57:34 PDT 2024

Hi, Ryan,

On Wed, Apr 24, 2024 at 12:10:17PM +0100, Ryan Roberts wrote:
> Let's use the newly-free PTE SW bit (58) to add support for uffd-wp.
> 
> The standard handlers are implemented for set/test/clear for both pte
> and pmd. Additionally we must also track the uffd-wp state as a pte swp
> bit, so use a free swap entry pte bit (3).
> 
> Signed-off-by: Ryan Roberts <ryan.roberts at arm.com>

Looks all sane here from userfault perspective, just one comment below.

> ---
>  arch/arm64/Kconfig                    |  1 +
>  arch/arm64/include/asm/pgtable-prot.h |  8 ++++
>  arch/arm64/include/asm/pgtable.h      | 55 +++++++++++++++++++++++++++
>  3 files changed, 64 insertions(+)
> 
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 7b11c98b3e84..763e221f2169 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -255,6 +255,7 @@ config ARM64
>  	select SYSCTL_EXCEPTION_TRACE
>  	select THREAD_INFO_IN_TASK
>  	select HAVE_ARCH_USERFAULTFD_MINOR if USERFAULTFD
> +	select HAVE_ARCH_USERFAULTFD_WP if USERFAULTFD
>  	select TRACE_IRQFLAGS_SUPPORT
>  	select TRACE_IRQFLAGS_NMI_SUPPORT
>  	select HAVE_SOFTIRQ_ON_OWN_STACK
> diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
> index ef952d69fd04..f1e1f6306e03 100644
> --- a/arch/arm64/include/asm/pgtable-prot.h
> +++ b/arch/arm64/include/asm/pgtable-prot.h
> @@ -20,6 +20,14 @@
>  #define PTE_DEVMAP		(_AT(pteval_t, 1) << 57)
>  #define PTE_PROT_NONE		(PTE_UXN)		 /* Reuse PTE_UXN; only when !PTE_VALID */
>  
> +#ifdef CONFIG_HAVE_ARCH_USERFAULTFD_WP
> +#define PTE_UFFD_WP		(_AT(pteval_t, 1) << 58) /* uffd-wp tracking */
> +#define PTE_SWP_UFFD_WP		(_AT(pteval_t, 1) << 3)	 /* only for swp ptes */
> +#else
> +#define PTE_UFFD_WP		(_AT(pteval_t, 0))
> +#define PTE_SWP_UFFD_WP		(_AT(pteval_t, 0))
> +#endif /* CONFIG_HAVE_ARCH_USERFAULTFD_WP */
> +
>  /*
>   * This bit indicates that the entry is present i.e. pmd_page()
>   * still points to a valid huge page in memory even if the pmd
> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> index 23aabff4fa6f..3f4748741fdb 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -271,6 +271,34 @@ static inline pte_t pte_mkdevmap(pte_t pte)
>  	return set_pte_bit(pte, __pgprot(PTE_DEVMAP | PTE_SPECIAL));
>  }
>  
> +#ifdef CONFIG_HAVE_ARCH_USERFAULTFD_WP
> +static inline int pte_uffd_wp(pte_t pte)
> +{
> +	bool wp = !!(pte_val(pte) & PTE_UFFD_WP);
> +
> +#ifdef CONFIG_DEBUG_VM
> +	/*
> +	 * Having write bit for wr-protect-marked present ptes is fatal, because
> +	 * it means the uffd-wp bit will be ignored and write will just go
> +	 * through. See comment in x86 implementation.
> +	 */
> +	WARN_ON_ONCE(wp && pte_write(pte));
> +#endif

Feel free to drop this line, see:

https://lore.kernel.org/r/20240417212549.2766883-1-peterx@redhat.com

It's still in mm-unstable only.

AFAICT ARM64 also is supported by check_page_table, I also checked ARM's
ptep_modify_prot_commit() which uses set_pte_at(), so it should cover
everything in a superior way already.

With that dropped, feel free to add:

Acked-by: Peter Xu <peterx at redhat.com>

Thanks,

-- 
Peter Xu