From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E42B34DCD6 for ; Thu, 2 Jul 2026 08:31:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782981088; cv=none; b=hRyA8dUaAzMgrqsX1fayt3M0QGZA351ICJywdtTbGI/LGiBBrBx8MZcvsYfytMZl0XsJkTs0JWXHF2XlnRq2EY/Mp9jcXiIgqrY7dmG4JHFpUneprAoNXGae8dl7j3U2nCC6vjTtEln1Jfb+Mtl1FtzQLtwlduj57OvWtbWmEBw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782981088; c=relaxed/simple; bh=B/aVqZJf/C6PYZntLhN+QEiyL4o0Yeerfxoh48+jmzU=; h=Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc: Message-Id:References:To; b=bPkUCE8LZqW5vLlAbfFryGV6NUYFq+PcERRG2bPxozyxCqVT2aWPxzyZE6y6SjILKnSKKn/o1qEV5or6jv0W5pCwIevxKqxbqGTu9r0k/XMBWk+FkRuH4lw90EkhFtgsFMPmI4FdoKIbFQOHR6LlScD01HKcEYjYDYAY8k5dxnw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=daAJ1xZf; arc=none smtp.client-ip=95.215.58.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="daAJ1xZf" Content-Type: text/plain; charset=us-ascii DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1782981083; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B/aVqZJf/C6PYZntLhN+QEiyL4o0Yeerfxoh48+jmzU=; b=daAJ1xZfVM5So6P+S4D3GZ0fQbQQOQF+ts06Q8GMhDvpA25OfUGdTWy1E37X7s+VBBq3ka bX4f6z/dYmiOXQyt7Qk9rIbeWlpuAlt0D/4ccU/NxorPu+9jlQMoIwHxbTO6AUEdTZbVza 9hVa4sjDDW+fNVa+28uJBHMXnRr4ryY= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\)) Subject: Re: [PATCH v2 6/6] mm/mprotect: use huge_ptep_get() for hugetlb X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Muchun Song In-Reply-To: <20260702051341.126509-7-dev.jain@arm.com> Date: Thu, 2 Jul 2026 16:30:44 +0800 Cc: osalvador@suse.de, akpm@linux-foundation.org, ljs@kernel.org, david@kernel.org, liam@infradead.org, riel@surriel.com, vbabka@kernel.org, harry@kernel.org, jannh@google.com, lance.yang@linux.dev, kas@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, rcampbell@nvidia.com, apopple@nvidia.com, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, j-nomura@ce.jp.nec.com, nao.horiguchi@gmail.com, ak@linux.intel.com, mel@csn.ul.ie, pfalcato@suse.de, jpoimboe@kernel.org, dave.hansen@intel.com, tglx@kernel.org, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, ryan.roberts@arm.com, anshuman.khandual@arm.com Content-Transfer-Encoding: quoted-printable Message-Id: <05E75034-5478-42C2-A4E2-BAA6C32A485B@linux.dev> References: <20260702051341.126509-1-dev.jain@arm.com> <20260702051341.126509-7-dev.jain@arm.com> To: Dev Jain X-Migadu-Flow: FLOW_OUT > On Jul 2, 2026, at 13:13, Dev Jain wrote: >=20 > prot_none_hugetlb_entry() is the hugetlb callback for the early > mprotect(PROT_NONE) PFN permission walk on x86. >=20 > The callback passes the decoded PFN to pfn_modify_allowed(). For a > hugetlb callback, the pte pointer refers to a hugetlb entry. On > architectures where hugetlb entries need huge_ptep_get(), reading that > entry with ptep_get() can make the permission check use the wrong PFN. >=20 > Use huge_ptep_get() before decoding the hugetlb PFN. >=20 > Currently there is no path which can trigger a bug: huge_ptep_get() is = a > simple ptep_get() for x86, and the prot_none walk occurs only for x86. >=20 > So no need to backport - use the correct helper anyways. >=20 > Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged = high MMIO PROT_NONE mappings") > Signed-off-by: Dev Jain Reviewed-by: Muchun Song Thanks.=