-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Xtensa: dup_table duplicates the pinned PTEVADDR entry #71633
Comments
Hi @ldmstm! We appreciate you submitting your first issue for our open-source project. 🌟 Even though I'm a bot, I can assure you that the whole community is genuinely grateful for your time and effort. 🤖💙 |
Not clear what is the problem here, we indeed map the physical memory for all page tables, but we don't map the virtual address for the page table [CONFIG_XTENSA_MMU_PTEVADDR + 4MB], we just pin the l1 page for this area and the auto refill does the rest. |
In the dup_tables routine it believes this entry you place at XTENSA_MMU_L1_POS(CONFIG_XTENSA_MMU_PTEVADDR) during kernel startup is a valid L1 page table entry to a different L2 page table, when in reality it's just itself. When duplicating it, this causes memory to be mapped at CONFIG_XTENSA_MMU_PTEVADDR for other memory domains, when in reality we only want the mapping at the 4MB * user_asid offset |
I think I got what you mean, it is confuse because we don't map the page itself until it is used, so if I understood correctly, we can do:
I can't see a security issue because it is mapped as using kernel ring and the whole page table (physical memory) is already mapped, but indeed we can save memory doing it :) |
Looks perfect to me, a whole 4k saved per memory domain. Thanks! |
The page table duplication routine in the current Xtensa implementation dup_table only skips copying and allocating L2 page tables when it detects a PTE as "illegal" (attributes 12 or 14), however it should also skip this when the index is the same as the one for the kernel ptables pinned virtual address, ie the entry that maps
CONFIG_XTENSA_MMU_PTEVADDR
.Doing this copy wastes an entire 4k of memory and could potentially be a security issue, as it's copying the L1 table as an L2 page table.
Expected behavior
The code should entirely skip the entry that matches
CONFIG_XTENSA_MMU_PTEVADDR
and mark it as unmapped when duplicating the table.Impact
Wasted memory, potential security issue.
Additional context
Xtensa platform with MMU and userspace enabled
The text was updated successfully, but these errors were encountered: