lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Apr 2022 06:34:19 +0000
From:   "Tian, Kevin" <kevin.tian@...el.com>
To:     Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        "zhangfei.gao@...mail.com" <zhangfei.gao@...mail.com>
CC:     "Yu, Fenghua" <fenghua.yu@...el.com>,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>,
        "Luck, Tony" <tony.luck@...el.com>,
        "Raj, Ashok" <ashok.raj@...el.com>,
        jean-philippe <jean-philippe@...aro.org>,
        "Peter Zijlstra" <peterz@...radead.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        x86 <x86@...nel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        "Hansen, Dave" <dave.hansen@...el.com>,
        iommu <iommu@...ts.linux-foundation.org>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "Lutomirski, Andy" <luto@...nel.org>,
        "Poimboe, Josh" <jpoimboe@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>
Subject: RE: [PATCH v4 05/11] iommu/sva: Assign a PASID to mm on PASID
 allocation and free it on mm exit

> From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
> Sent: Saturday, April 16, 2022 5:00 AM
> 
> Hi zhangfei.gao@...mail.com,
> 
> On Fri, 15 Apr 2022 19:52:03 +0800, "zhangfei.gao@...mail.com"
> <zhangfei.gao@...mail.com> wrote:
> 
> > >>> A PASID might be still used even though it is freed on mm exit.
> > >>>
> > >>> process A:
> > >>> 	sva_bind();
> > >>> 	ioasid_alloc() = N; // Get PASID N for the mm
> > >>> 	fork(): // spawn process B
> > >>> 	exit();
> > >>> 	ioasid_free(N);
> > >>>
> > >>> process B:
> > >>> 	device uses PASID N -> failure
> > >>> 	sva_unbind();
> > >>>
> > >>> Dave Hansen suggests to take a refcount on the mm whenever binding
> the
> > >>> PASID to a device and drop the refcount on unbinding. The mm won't
> be
> > >>> dropped if the PASID is still bound to it.
> > >>>
> > >>> Fixes: 701fac40384f ("iommu/sva: Assign a PASID to mm on PASID
> > >>> allocation and free it on mm exit")
> > >>>
> Is process A's mm intended to be used by process B? Or you really should
> use PASID N on process B's mm? If the latter, it may work for a while until
> B changes mapping.
> 
> It seems you are just extending the life of a defunct mm?
> 

IMHO the intention is not to allow B to access A's mm.

The problem is that PASID N is released on exit() of A and then
reallocated to B before iommu driver gets the chance to quiesce
the device and clear the PASID entry. According to the discussion
the quiesce operation must be done when driver calls unbind()
instead of in mm exit. In this case a failure is reported when
B tries to call bind() on PASID N due to an already-present entry.

Dave's patch extending the life of A's mm until unbind() is called.
With it B either gets a different PASID before A's unbind() is 
completed or same PASID N pointing to B's mm after A's unbind().

Thanks
Kevin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ