From nobody Thu Apr 2 15:36:23 2026 Received: from canpmsgout12.his.huawei.com (canpmsgout12.his.huawei.com [113.46.200.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2012F36495E for ; Sat, 28 Feb 2026 07:15:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.227 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772262930; cv=none; b=k9aXDeE050zNeSSV036kPHGFnvoPBcbBRcs/WO2EmdqYTqaPoPpVtovoKLoqWSFX9iphHy/dSs6iBbkqVMrUEpbFGV8dmrsinSkyj/i0cYtu8bxJ8dUULsvupcMBQ8syfAb5x6Ok/Lv+wdcq73ub/9n4PRwB74q3k1kNz8LSy3c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772262930; c=relaxed/simple; bh=GIC5vRYgJ75d8warcQxj59U0K6CxdimB7AATy2Nqjio=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=i9x5kX7N6bGwyP4zlJvNqBA0L18qCC4q5se28DZsSgPt1UXc4sBFE04mynK27SYfQAMrYNeb5UePhG9BKxALzLGtm2l14r3PvlwirLLYGNzM5Cfk+Es6hC16ftlSJkfhijhHD9TdFFIjvG/loSrKa09812eGAqEOWWyFxwCjqj4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=LoTKhMsn; arc=none smtp.client-ip=113.46.200.227 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="LoTKhMsn" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=4WAYkRFCYpcA+nAu13ib8+d0IGvS7iebtzbag+H95n4=; b=LoTKhMsnG4bUuracOAyVcvy7GChGNh6pZ0RXf5XyLir4bwYo/l+8jGr8CLDvZFyTS5KqC73M5 tcFI8XDj92UQ0NwM/PDBYjTSTLRu09DO2bv0fhN/8yVkr9XQyw+Wwb/ZZT4oJNaYFDxkRhi9SFL 6yMWypZ6QWkvJvOIu++TKjk= Received: from mail.maildlp.com (unknown [172.19.162.92]) by canpmsgout12.his.huawei.com (SkyGuard) with ESMTPS id 4fNGYs1cGwznTVY; Sat, 28 Feb 2026 15:10:41 +0800 (CST) Received: from kwepemr500001.china.huawei.com (unknown [7.202.194.229]) by mail.maildlp.com (Postfix) with ESMTPS id 3B40B40568; Sat, 28 Feb 2026 15:15:20 +0800 (CST) Received: from huawei.com (10.50.87.63) by kwepemr500001.china.huawei.com (7.202.194.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Sat, 28 Feb 2026 15:15:19 +0800 From: Yin Tirui To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , CC: , , Subject: [PATCH RFC v3 2/4] mm/pgtable: Make pfn_pte() filter out huge page attributes Date: Sat, 28 Feb 2026 15:09:04 +0800 Message-ID: <20260228070906.1418911-3-yintirui@huawei.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260228070906.1418911-1-yintirui@huawei.com> References: <20260228070906.1418911-1-yintirui@huawei.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: kwepems200001.china.huawei.com (7.221.188.67) To kwepemr500001.china.huawei.com (7.202.194.229) Content-Type: text/plain; charset="utf-8" A fundamental principle of page table type safety is that `pte_t` represents the lowest level page table entry and should never carry huge page attribut= es. Currently, passing a pgprot with huge page bits (e.g., extracted via pmd_pgprot()) into pfn_pte() creates a malformed PTE that retains the huge attribute, leading to the necessity of the ugly `pte_clrhuge()` anti-patter= n. Enforce type safety by making `pfn_pte()` inherently filter out huge page attributes: - On x86: Strip the `_PAGE_PSE` bit. - On ARM64: Mask out the block descriptor bits in `PTE_TYPE_MASK` and enforce the `PTE_TYPE_PAGE` format. - On RISC-V: No changes required, as RISC-V leaf PMDs and PTEs share the exact same hardware format and do not use a distinct huge bit. Signed-off-by: Yin Tirui --- arch/arm64/include/asm/pgtable.h | 4 +++- arch/x86/include/asm/pgtable.h | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgta= ble.h index b3e58735c49b..f2a7a40106d2 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -141,7 +141,9 @@ static inline pteval_t __phys_to_pte_val(phys_addr_t ph= ys) =20 #define pte_pfn(pte) (__pte_to_phys(pte) >> PAGE_SHIFT) #define pfn_pte(pfn,prot) \ - __pte(__phys_to_pte_val((phys_addr_t)(pfn) << PAGE_SHIFT) | pgprot_val(pr= ot)) + __pte(__phys_to_pte_val((phys_addr_t)(pfn) << PAGE_SHIFT) | \ + ((pgprot_val(prot) & ~(PTE_TYPE_MASK & ~PTE_VALID)) | \ + (PTE_TYPE_PAGE & ~PTE_VALID))) =20 #define pte_none(pte) (!pte_val(pte)) #define pte_page(pte) (pfn_to_page(pte_pfn(pte))) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 1662c5a8f445..a4dbd81d42bf 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -738,6 +738,10 @@ static inline pgprotval_t check_pgprot(pgprot_t pgprot) static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot) { phys_addr_t pfn =3D (phys_addr_t)page_nr << PAGE_SHIFT; + + /* Filter out _PAGE_PSE to ensure PTEs never carry the huge page bit */ + pgprot =3D __pgprot(pgprot_val(pgprot) & ~_PAGE_PSE); + /* This bit combination is used to mark shadow stacks */ WARN_ON_ONCE((pgprot_val(pgprot) & (_PAGE_DIRTY | _PAGE_RW)) =3D=3D _PAGE_DIRTY); --=20 2.22.0