| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Oct 2020 18:44:13 +0200
From: Daniel Vetter <daniel.vetter@...ll.ch>
To: DRI Development <dri-devel@...ts.freedesktop.org>,
LKML <linux-kernel@...r.kernel.org>
Cc: kvm@...r.kernel.org, linux-mm@...ck.org,
linux-arm-kernel@...ts.infradead.org,
linux-samsung-soc@...r.kernel.org, linux-media@...r.kernel.org,
linux-s390@...r.kernel.org, Daniel Vetter <daniel.vetter@...ll.ch>
Subject: [PATCH 00/13] follow_pfn and other iomap races
Hi all,
This developed from a discussion with Jason, starting with some patches
touching get_vaddr_frame that I typed up.
The problem is that way back VM_IO | VM_PFNMAP mappings were pretty
static, and so just following the ptes to derive a pfn and then use that
somewhere else was ok.
But we're no longer in such a world, there's tons of little races and some
fundamental problems.
This series here is an attempt to at least scope the problem, it's all the
issues I've found with quite some code reading all over the tree:
- first part tries to move mm/frame-vector.c away, it's fundamentally an
unsafe thing
- two patches to close follow_pfn races by holding pt locks
- two pci patches where I spotted inconsinstencies between the 3 different
ways userspace can map pci bars
- and finally some patches to mark up the remaining issue
No testing beyond "it compiles", this is very much an rfc to figure out
whether this makes sense, whether it's a real thing, and how to fix this
up properly.
Cheers, Daniel
Daniel Vetter (13):
drm/exynos: Stop using frame_vector helpers
drm/exynos: Use FOLL_LONGTERM for g2d cmdlists
misc/habana: Stop using frame_vector helpers
misc/habana: Use FOLL_LONGTERM for userptr
mm/frame-vector: Use FOLL_LONGTERM
media: videobuf2: Move frame_vector into media subsystem
mm: close race in generic_access_phys
s390/pci: Remove races against pte updates
PCI: obey iomem restrictions for procfs mmap
PCI: revoke mappings like devmem
mm: add unsafe_follow_pfn
media/videbuf1|2: Mark follow_pfn usage as unsafe
vfio/type1: Mark follow_pfn as unsafe
arch/s390/pci/pci_mmio.c | 98 +++++++++++--------
drivers/char/mem.c | 16 ++-
drivers/gpu/drm/exynos/Kconfig | 1 -
drivers/gpu/drm/exynos/exynos_drm_g2d.c | 49 +++++-----
drivers/media/common/videobuf2/Kconfig | 1 -
drivers/media/common/videobuf2/Makefile | 1 +
.../media/common/videobuf2}/frame_vector.c | 40 +++-----
drivers/media/platform/omap/Kconfig | 1 -
drivers/media/v4l2-core/videobuf-dma-contig.c | 2 +-
drivers/misc/habanalabs/Kconfig | 1 -
drivers/misc/habanalabs/common/habanalabs.h | 3 +-
drivers/misc/habanalabs/common/memory.c | 52 +++++-----
drivers/pci/mmap.c | 3 +
drivers/pci/proc.c | 5 +
drivers/vfio/vfio_iommu_type1.c | 4 +-
include/linux/ioport.h | 2 +
include/linux/mm.h | 47 +--------
include/media/videobuf2-core.h | 42 ++++++++
mm/Kconfig | 3 -
mm/Makefile | 1 -
mm/memory.c | 76 +++++++++++++-
mm/nommu.c | 17 ++++
security/Kconfig | 13 +++
23 files changed, 296 insertions(+), 182 deletions(-)
rename {mm => drivers/media/common/videobuf2}/frame_vector.c (90%)
--
2.28.0
Powered by blists - more mailing lists