| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230403101707.satsniziz3tn2zyd@box>
Date: Mon, 3 Apr 2023 13:17:07 +0300
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
Kostya Serebryany <kcc@...gle.com>,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Taras Madan <tarasmadan@...gle.com>,
"H . J . Lu" <hjl.tools@...il.com>,
Andi Kleen <ak@...ux.intel.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Bharata B Rao <bharata@....com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Ashok Raj <ashok.raj@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv16 11/17] x86/mm/iommu/sva: Make LAM and SVA mutually
exclusive
On Mon, Apr 03, 2023 at 11:56:48AM +0200, Dmitry Vyukov wrote:
> On Mon, 3 Apr 2023 at 11:44, Kirill A. Shutemov <kirill@...temov.name> wrote:
> >
> > On Mon, Apr 03, 2023 at 08:18:57AM +0200, Dmitry Vyukov wrote:
> > > Hi Kirill,
> > >
> > > ARCH_ENABLE_TAGGED_ADDR checks that task->mm == current->mm,
> > > shouldn't ARCH_FORCE_TAGGED_SVA check that as well?
> >
> > Do you a particular race in mind? I cannot think of anything right away.
> >
> > I guess we can add the check for consistency. But if there's a bug it is a
> > different story.
>
> No, I don't have a particular race in mind. Was thinking solely about
> consistency and if these things should be set for other processes
> (relaxing the check is always possible in future, but adding new
> restrictions is generally not possible).
Okay. Makes sense.
It is only reachable with task != current from ptrace, which is rather
obscure path.
Anyway, I will prepare a proper patch with this fixup:
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index eda826a956df..4ffd8e67d273 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -883,6 +883,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
case ARCH_ENABLE_TAGGED_ADDR:
return prctl_enable_tagged_addr(task->mm, arg2);
case ARCH_FORCE_TAGGED_SVA:
+ if (current != task)
+ return -EINVAL;
set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
return 0;
case ARCH_GET_MAX_TAG_BITS:
> > > Also it looks like currently to enable both LAM and SVA.
> > > LAM enabling checks for SVA, but SVA doesn't and both are not mutually
> > > exclusive.
> >
> > For LAM we check SVM with mm_valid_pasid() && !test_bit() in
> > prctl_enable_tagged_addr().
> >
> > For SVM we check for LAM with !mm_lam_cr3_mask() || test_bit() in
> > arch_pgtable_dma_compat() which called from iommu_sva_alloc_pasid().
>
> It seems that currently it's possible to both enable LAM and set SVA bit.
> Then arch_pgtable_dma_compat() will return true, but LAM is enabled.
Right. That's the point of the bit. It allows SVA and LAM to co-exist:
The new ARCH_FORCE_TAGGED_SVA arch_prctl() overrides the limitation.
By using the arch_prctl() userspace takes responsibility to never pass
tagged address to the device.
I'm confused.
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists