| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+YfqSMsZArhh25TESmG-U4jO5Hjphz87wKSnTiaw2Wrfw@mail.gmail.com>
Date: Mon, 3 Apr 2023 12:22:01 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
Kostya Serebryany <kcc@...gle.com>,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
Andrey Konovalov <andreyknvl@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Taras Madan <tarasmadan@...gle.com>,
"H . J . Lu" <hjl.tools@...il.com>,
Andi Kleen <ak@...ux.intel.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Bharata B Rao <bharata@....com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Ashok Raj <ashok.raj@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv16 11/17] x86/mm/iommu/sva: Make LAM and SVA mutually exclusive
On Mon, 3 Apr 2023 at 12:17, Kirill A. Shutemov <kirill@...temov.name> wrote:
>
> On Mon, Apr 03, 2023 at 11:56:48AM +0200, Dmitry Vyukov wrote:
> > On Mon, 3 Apr 2023 at 11:44, Kirill A. Shutemov <kirill@...temov.name> wrote:
> > >
> > > On Mon, Apr 03, 2023 at 08:18:57AM +0200, Dmitry Vyukov wrote:
> > > > Hi Kirill,
> > > >
> > > > ARCH_ENABLE_TAGGED_ADDR checks that task->mm == current->mm,
> > > > shouldn't ARCH_FORCE_TAGGED_SVA check that as well?
> > >
> > > Do you a particular race in mind? I cannot think of anything right away.
> > >
> > > I guess we can add the check for consistency. But if there's a bug it is a
> > > different story.
> >
> > No, I don't have a particular race in mind. Was thinking solely about
> > consistency and if these things should be set for other processes
> > (relaxing the check is always possible in future, but adding new
> > restrictions is generally not possible).
>
> Okay. Makes sense.
>
> It is only reachable with task != current from ptrace, which is rather
> obscure path.
>
> Anyway, I will prepare a proper patch with this fixup:
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index eda826a956df..4ffd8e67d273 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -883,6 +883,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> case ARCH_ENABLE_TAGGED_ADDR:
> return prctl_enable_tagged_addr(task->mm, arg2);
> case ARCH_FORCE_TAGGED_SVA:
> + if (current != task)
> + return -EINVAL;
> set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
> return 0;
> case ARCH_GET_MAX_TAG_BITS:
>
> > > > Also it looks like currently to enable both LAM and SVA.
> > > > LAM enabling checks for SVA, but SVA doesn't and both are not mutually
> > > > exclusive.
> > >
> > > For LAM we check SVM with mm_valid_pasid() && !test_bit() in
> > > prctl_enable_tagged_addr().
> > >
> > > For SVM we check for LAM with !mm_lam_cr3_mask() || test_bit() in
> > > arch_pgtable_dma_compat() which called from iommu_sva_alloc_pasid().
> >
> > It seems that currently it's possible to both enable LAM and set SVA bit.
> > Then arch_pgtable_dma_compat() will return true, but LAM is enabled.
>
> Right. That's the point of the bit. It allows SVA and LAM to co-exist:
>
> The new ARCH_FORCE_TAGGED_SVA arch_prctl() overrides the limitation.
> By using the arch_prctl() userspace takes responsibility to never pass
> tagged address to the device.
>
> I'm confused.
Then I misunderstood what it means. Ignore.
While we are here:
if (mm_valid_pasid(mm) &&
!test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
return -EINTR;
should be EINVAL?
Powered by blists - more mailing lists