| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2022 18:20:32 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sasha Levin <sashal@...nel.org>, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, kvm@...r.kernel.org
Subject: Re: [PATCH MANUALSEL 5.15 4/7] KVM: x86/mmu: do not allow readers to
acquire references to invalid roots
On 4/27/22 17:54, Sasha Levin wrote:
> From: Paolo Bonzini <pbonzini@...hat.com>
>
> [ Upstream commit 614f6970aa70242a3f8a8051b01244c029f77b2a ]
>
> Remove the "shared" argument of for_each_tdp_mmu_root_yield_safe, thus ensuring
> that readers do not ever acquire a reference to an invalid root. After this
> patch, all readers except kvm_tdp_mmu_zap_invalidated_roots() treat
> refcount=0/valid, refcount=0/invalid and refcount=1/invalid in exactly the
> same way. kvm_tdp_mmu_zap_invalidated_roots() is different but it also
> does not acquire a reference to the invalid root, and it cannot see
> refcount=0/invalid because it is guaranteed to run after
> kvm_tdp_mmu_invalidate_all_roots().
>
> Opportunistically add a lockdep assertion to the yield-safe iterator.
>
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
> arch/x86/kvm/mmu/tdp_mmu.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
> index 853780eb033b..7e854313ec3b 100644
> --- a/arch/x86/kvm/mmu/tdp_mmu.c
> +++ b/arch/x86/kvm/mmu/tdp_mmu.c
> @@ -155,14 +155,15 @@ static struct kvm_mmu_page *tdp_mmu_next_root(struct kvm *kvm,
> for (_root = tdp_mmu_next_root(_kvm, NULL, _shared, _only_valid); \
> _root; \
> _root = tdp_mmu_next_root(_kvm, _root, _shared, _only_valid)) \
> - if (kvm_mmu_page_as_id(_root) != _as_id) { \
> + if (kvm_lockdep_assert_mmu_lock_held(_kvm, _shared) && \
> + kvm_mmu_page_as_id(_root) != _as_id) { \
> } else
>
> #define for_each_valid_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared) \
> __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared, true)
>
> -#define for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared) \
> - __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, _shared, false)
> +#define for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id) \
> + __for_each_tdp_mmu_root_yield_safe(_kvm, _root, _as_id, false, false)
>
> #define for_each_tdp_mmu_root(_kvm, _root, _as_id) \
> list_for_each_entry_rcu(_root, &_kvm->arch.tdp_mmu_roots, link, \
> @@ -828,7 +829,7 @@ bool __kvm_tdp_mmu_zap_gfn_range(struct kvm *kvm, int as_id, gfn_t start,
> {
> struct kvm_mmu_page *root;
>
> - for_each_tdp_mmu_root_yield_safe(kvm, root, as_id, false)
> + for_each_tdp_mmu_root_yield_safe(kvm, root, as_id)
> flush = zap_gfn_range(kvm, root, start, end, can_yield, flush,
> false);
>
Sorry no, this is a NACK.
Paolo
Powered by blists - more mailing lists