lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0108ab72-efca-1027-23e8-e5d445929943@kernel.org>
Date:   Mon, 7 Nov 2022 06:59:42 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     x86@...nel.org, Kostya Serebryany <kcc@...gle.com>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        Andrey Konovalov <andreyknvl@...il.com>,
        Alexander Potapenko <glider@...gle.com>,
        Taras Madan <tarasmadan@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        "H . J . Lu" <hjl.tools@...il.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        Bharata B Rao <bharata@....com>,
        Jacob Pan <jacob.jun.pan@...ux.intel.com>,
        Ashok Raj <ashok.raj@...el.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCHv11 00/16] Linear Address Masking enabling

On 10/24/22 17:17, Kirill A. Shutemov wrote:
> Linear Address Masking[1] (LAM) modifies the checking that is applied to
> 64-bit linear addresses, allowing software to use of the untranslated
> address bits for metadata.
> 
> The capability can be used for efficient address sanitizers (ASAN)
> implementation and for optimizations in JITs and virtual machines.
> 
> The patchset brings support for LAM for userspace addresses. Only LAM_U57 at
> this time.
> 
> Please review and consider applying.

I'm pretty happy with this series other than my two comments (switch_mm 
race and explaining why untagged_addr needs to preserve kernel addresses).

> 
> Results for the self-tests:
> 
>     ok 1 MALLOC: LAM_U57. Dereferencing pointer with metadata
>     # Get segmentation fault(11).ok 2 MALLOC:[Negative] Disable LAM. Dereferencing pointer with metadata.
>     ok 3 BITS: Check default tag bits
>     ok 4 # SKIP MMAP: First mmap high address, then set LAM_U57.
>     ok 5 # SKIP MMAP: First LAM_U57, then High address.
>     ok 6 MMAP: First LAM_U57, then Low address.
>     ok 7 SYSCALL: LAM_U57. syscall with metadata
>     ok 8 SYSCALL:[Negative] Disable LAM. Dereferencing pointer with metadata.
>     ok 9 URING: LAM_U57. Dereferencing pointer with metadata
>     ok 10 URING:[Negative] Disable LAM. Dereferencing pointer with metadata.
>     ok 11 FORK: LAM_U57, child process should get LAM mode same as parent
>     ok 12 EXECVE: LAM_U57, child process should get disabled LAM mode
>     open: Device or resource busy
>     ok 13 PASID: [Negative] Execute LAM, PASID, SVA in sequence
>     ok 14 PASID: Execute LAM, SVA, PASID in sequence
>     ok 15 PASID: [Negative] Execute PASID, LAM, SVA in sequence
>     ok 16 PASID: Execute PASID, SVA, LAM in sequence
>     ok 17 PASID: Execute SVA, LAM, PASID in sequence
>     ok 18 PASID: Execute SVA, PASID, LAM in sequence
>     1..18
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/kas/linux.git lam
> 
> v11:
>    - Move untag_mask to /proc/$PID/status;
>    - s/SVM/SVA/g;
>    - static inline arch_pgtable_dma_compat() instead of macros;
>    - Replace pasid_valid() with mm_valid_pasid();
>    - Acks from Ashok and Jacob (forgot to apply from v9);
> v10:
>    - Rebased to v6.1-rc1;
>    - Add selftest for SVM vs LAM;
> v9:
>    - Fix race between LAM enabling and check that KVM memslot address doesn't
>      have any tags;
>    - Reduce untagged_addr() overhead until the first LAM user;
>    - Clarify SVM vs. LAM semantics;
>    - Use mmap_lock to serialize LAM enabling;
> v8:
>    - Drop redundant smb_mb() in prctl_enable_tagged_addr();
>    - Cleanup code around build_cr3();
>    - Fix commit messages;
>    - Selftests updates;
>    - Acked/Reviewed/Tested-bys from Alexander and Peter;
> v7:
>    - Drop redundant smb_mb() in prctl_enable_tagged_addr();
>    - Cleanup code around build_cr3();
>    - Fix commit message;
>    - Fix indentation;
> v6:
>    - Rebased onto v6.0-rc1
>    - LAM_U48 excluded from the patchet. Still available in the git tree;
>    - add ARCH_GET_MAX_TAG_BITS;
>    - Fix build without CONFIG_DEBUG_VM;
>    - Update comments;
>    - Reviewed/Tested-by from Alexander;
> v5:
>    - Do not use switch_mm() in enable_lam_func()
>    - Use mb()/READ_ONCE() pair on LAM enabling;
>    - Add self-test by Weihong Zhang;
>    - Add comments;
> v4:
>    - Fix untagged_addr() for LAM_U48;
>    - Remove no-threads restriction on LAM enabling;
>    - Fix mm_struct access from /proc/$PID/arch_status
>    - Fix LAM handling in initialize_tlbstate_and_flush()
>    - Pack tlb_state better;
>    - Comments and commit messages;
> v3:
>    - Rebased onto v5.19-rc1
>    - Per-process enabling;
>    - API overhaul (again);
>    - Avoid branches and costly computations in the fast path;
>    - LAM_U48 is in optional patch.
> v2:
>    - Rebased onto v5.18-rc1
>    - New arch_prctl(2)-based API
>    - Expose status of LAM (or other thread features) in
>      /proc/$PID/arch_status
> 
> [1] ISE, Chapter 10. https://cdrdv2.intel.com/v1/dl/getContent/671368
> Kirill A. Shutemov (11):
>    x86/mm: Fix CR3_ADDR_MASK
>    x86: CPUID and CR3/CR4 flags for Linear Address Masking
>    mm: Pass down mm_struct to untagged_addr()
>    x86/mm: Handle LAM on context switch
>    x86/uaccess: Provide untagged_addr() and remove tags before address
>      check
>    KVM: Serialize tagged address check against tagging enabling
>    x86/mm: Provide arch_prctl() interface for LAM
>    x86/mm: Reduce untagged_addr() overhead until the first LAM user
>    mm: Expose untagging mask in /proc/$PID/status
>    iommu/sva: Replace pasid_valid() helper with mm_valid_pasid()
>    x86/mm, iommu/sva: Make LAM and SVA mutually exclusive
> 
> Weihong Zhang (5):
>    selftests/x86/lam: Add malloc and tag-bits test cases for
>      linear-address masking
>    selftests/x86/lam: Add mmap and SYSCALL test cases for linear-address
>      masking
>    selftests/x86/lam: Add io_uring test cases for linear-address masking
>    selftests/x86/lam: Add inherit test cases for linear-address masking
>    selftests/x86/lam: Add ARCH_FORCE_TAGGED_SVA test cases for
>      linear-address masking
> 
>   arch/arm64/include/asm/memory.h               |    4 +-
>   arch/arm64/include/asm/mmu_context.h          |    6 +
>   arch/arm64/include/asm/signal.h               |    2 +-
>   arch/arm64/include/asm/uaccess.h              |    2 +-
>   arch/arm64/kernel/hw_breakpoint.c             |    2 +-
>   arch/arm64/kernel/traps.c                     |    4 +-
>   arch/arm64/mm/fault.c                         |   10 +-
>   arch/sparc/include/asm/mmu_context_64.h       |    6 +
>   arch/sparc/include/asm/pgtable_64.h           |    2 +-
>   arch/sparc/include/asm/uaccess_64.h           |    2 +
>   arch/x86/include/asm/cpufeatures.h            |    1 +
>   arch/x86/include/asm/mmu.h                    |   12 +-
>   arch/x86/include/asm/mmu_context.h            |   47 +
>   arch/x86/include/asm/processor-flags.h        |    4 +-
>   arch/x86/include/asm/tlbflush.h               |   34 +
>   arch/x86/include/asm/uaccess.h                |   46 +-
>   arch/x86/include/uapi/asm/prctl.h             |    5 +
>   arch/x86/include/uapi/asm/processor-flags.h   |    6 +
>   arch/x86/kernel/process.c                     |    3 +
>   arch/x86/kernel/process_64.c                  |   81 +-
>   arch/x86/kernel/traps.c                       |    6 +-
>   arch/x86/mm/tlb.c                             |   48 +-
>   .../gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c  |    2 +-
>   drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c       |    2 +-
>   drivers/gpu/drm/radeon/radeon_gem.c           |    2 +-
>   drivers/infiniband/hw/mlx4/mr.c               |    2 +-
>   drivers/iommu/iommu-sva-lib.c                 |   16 +-
>   drivers/media/common/videobuf2/frame_vector.c |    2 +-
>   drivers/media/v4l2-core/videobuf-dma-contig.c |    2 +-
>   .../staging/media/atomisp/pci/hmm/hmm_bo.c    |    2 +-
>   drivers/tee/tee_shm.c                         |    2 +-
>   drivers/vfio/vfio_iommu_type1.c               |    2 +-
>   fs/proc/array.c                               |    6 +
>   fs/proc/task_mmu.c                            |    2 +-
>   include/linux/ioasid.h                        |    9 -
>   include/linux/mm.h                            |   11 -
>   include/linux/mmu_context.h                   |   14 +
>   include/linux/sched/mm.h                      |    8 +-
>   include/linux/uaccess.h                       |   15 +
>   lib/strncpy_from_user.c                       |    2 +-
>   lib/strnlen_user.c                            |    2 +-
>   mm/gup.c                                      |    6 +-
>   mm/madvise.c                                  |    2 +-
>   mm/mempolicy.c                                |    6 +-
>   mm/migrate.c                                  |    2 +-
>   mm/mincore.c                                  |    2 +-
>   mm/mlock.c                                    |    4 +-
>   mm/mmap.c                                     |    2 +-
>   mm/mprotect.c                                 |    2 +-
>   mm/mremap.c                                   |    2 +-
>   mm/msync.c                                    |    2 +-
>   tools/testing/selftests/x86/Makefile          |    2 +-
>   tools/testing/selftests/x86/lam.c             | 1149 +++++++++++++++++
>   virt/kvm/kvm_main.c                           |   14 +-
>   54 files changed, 1539 insertions(+), 92 deletions(-)
>   create mode 100644 tools/testing/selftests/x86/lam.c
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ