| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YmLOznyBF0f7COYT@myrica>
Date: Fri, 22 Apr 2022 16:50:38 +0100
From: Jean-Philippe Brucker <jean-philippe@...aro.org>
To: "zhangfei.gao@...mail.com" <zhangfei.gao@...mail.com>
Cc: Fenghua Yu <fenghua.yu@...el.com>,
Dave Hansen <dave.hansen@...el.com>,
Joerg Roedel <joro@...tes.org>,
Ravi V Shankar <ravi.v.shankar@...el.com>,
Tony Luck <tony.luck@...el.com>,
Ashok Raj <ashok.raj@...el.com>,
Peter Zijlstra <peterz@...radead.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86 <x86@...nel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
iommu <iommu@...ts.linux-foundation.org>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>, will@...nel.org,
robin.murphy@....com, zhangfei.gao@...aro.org
Subject: Re: Re: [PATCH v4 05/11] iommu/sva: Assign a PASID to mm on PASID
allocation and free it on mm exit
On Fri, Apr 22, 2022 at 09:15:01PM +0800, zhangfei.gao@...mail.com wrote:
> > I'm trying to piece together what happens from the kernel point of view.
> >
> > * master process with mm A opens a queue fd through uacce, which calls
> > iommu_sva_bind_device(dev, A) -> PASID 1
> >
> > * master forks and exits. Child (daemon) gets mm B, inherits the queue fd.
> > The device is still bound to mm A with PASID 1, since the queue fd is
> > still open.
>
> > We discussed this before, but I don't remember where we left off. The
> > child can't use the queue because its mappings are not copied on fork(),
> > and the queue is still bound to the parent mm A. The child either needs to
> > open a new queue or take ownership of the old one with a new uacce ioctl.
> Yes, currently nginx aligned with the case.
> Child process (worker process) reopen uacce,
>
> Master process (do init) open uacce, iommu_sva_bind_device(dev, A) -> PASID
> 1
> Master process fork Child (daemon) and exit.
>
> Child (daemon) does not use PASID 1 any more, only fork and manage worker
> process.
> Worker process reopen uacce, iommu_sva_bind_device(dev, B) PASID 2
>
> So it is expected.
Yes, that's fine
> > Is that the "IMPLEMENT_DYNAMIC_BIND_FN()" you mention, something out of
> > tree? This operation should unbind from A before binding to B, no?
> > Otherwise we leak PASID 1.
> In 5.16 PASID 1 from master is hold until nginx service stop.
> nginx start
> master:
> iommu_sva_alloc_pasid mm->pasid=1 // master process
>
> lynx https start:
> iommu_sva_alloc_pasid mm->pasid=2 //worker process
>
> nginx stop: from fops_release
> iommu_sva_free_pasid mm->pasid=2 // worker process
> iommu_sva_free_pasid mm->pasid=1 // master process
That's the expected behavior (master could close its fd before forking, in
order to free things up earlier, but it's not mandatory)
> Have one silly question.
>
> kerne driver
> fops_open
> iommu_sva_bind_device
>
> fops_release
> iommu_sva_unbind_device
>
> application
> main()
> fd = open
> return;
>
> Application exit but not close(fd), is it expected fops_release will be
> called automatically by system?
Yes, the application doesn't have to call close() explicitly, the file
descriptor is closed automatically on exit. Note that the fd is copied on
fork(), so it is only released once parent and all child processes exit.
> On 5.17
> fops_release is called automatically, as well as iommu_sva_unbind_device.
> On 5.18-rc1.
> fops_release is not called, have to manually call close(fd)
Right that's weird
> Since nginx may have a issue, it does not call close(fd) when nginx -s quit.
And you're sure that none of the processes are still alive or in zombie
state? Just to cover every possibility.
Thanks,
Jean
Powered by blists - more mailing lists