lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 21 May 2019 07:38:53 +0530
From:   Anshuman Khandual <anshuman.khandual@....com>
To:     Dan Williams <dan.j.williams@...el.com>,
        Jerome Glisse <jglisse@...hat.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux MM <linux-mm@...ck.org>,
        Laurent Dufour <ldufour@...ux.vnet.ibm.com>
Subject: Re: [PATCH] mm/dev_pfn: Exclude MEMORY_DEVICE_PRIVATE while computing
 virtual address



On 05/21/2019 01:03 AM, Dan Williams wrote:
> On Mon, May 20, 2019 at 12:27 PM Jerome Glisse <jglisse@...hat.com> wrote:
>>
>> On Mon, May 20, 2019 at 11:07:38AM +0530, Anshuman Khandual wrote:
>>> On 05/18/2019 03:20 AM, Andrew Morton wrote:
>>>> On Fri, 17 May 2019 16:08:34 +0530 Anshuman Khandual <anshuman.khandual@....com> wrote:
>>>>
>>>>> The presence of struct page does not guarantee linear mapping for the pfn
>>>>> physical range. Device private memory which is non-coherent is excluded
>>>>> from linear mapping during devm_memremap_pages() though they will still
>>>>> have struct page coverage. Just check for device private memory before
>>>>> giving out virtual address for a given pfn.
>>>>
>>>> I was going to give my standard "what are the user-visible runtime
>>>> effects of this change?", but...
>>>>
>>>>> All these helper functions are all pfn_t related but could not figure out
>>>>> another way of determining a private pfn without looking into it's struct
>>>>> page. pfn_t_to_virt() is not getting used any where in mainline kernel.Is
>>>>> it used by out of tree drivers ? Should we then drop it completely ?
>>>>
>>>> Yeah, let's kill it.
>>>>
>>>> But first, let's fix it so that if someone brings it back, they bring
>>>> back a non-buggy version.
>>>
>>> Makes sense.
>>>
>>>>
>>>> So...  what (would be) the user-visible runtime effects of this change?
>>>
>>> I am not very well aware about the user interaction with the drivers which
>>> hotplug and manage ZONE_DEVICE memory in general. Hence will not be able to
>>> comment on it's user visible runtime impact. I just figured this out from
>>> code audit while testing ZONE_DEVICE on arm64 platform. But the fix makes
>>> the function bit more expensive as it now involve some additional memory
>>> references.
>>
>> A device private pfn can never leak outside code that does not understand it
>> So this change is useless for any existing users and i would like to keep the
>> existing behavior ie never leak device private pfn.
> 
> The issue is that only an HMM expert might know that such a pfn can
> never leak, in other words the pfn concept from a code perspective is
> already leaked / widespread. Ideally any developer familiar with a pfn
> and the core-mm pfn helpers need only worry about pfn semantics
> without being required to go audit HMM users.

Agreed.

Powered by blists - more mailing lists