lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZPiCNTbGp64MRfhQ@ziepe.ca>
Date:   Wed, 6 Sep 2023 10:44:21 -0300
From:   Jason Gunthorpe <jgg@...pe.ca>
To:     Jingqi Liu <Jingqi.liu@...el.com>
Cc:     iommu@...ts.linux.dev, Lu Baolu <baolu.lu@...ux.intel.com>,
        Tian Kevin <kevin.tian@...el.com>,
        Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
        Robin Murphy <robin.murphy@....com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iommu/vt-d: debugfs: Fix race with iommu unmap when
 traversing

On Sun, Sep 03, 2023 at 10:40:50PM +0800, Jingqi Liu wrote:
> When traversing page table, it may race with iommu unmap.
> 
> For the page table page pointed to by a PDPE/PDE, there are three
> scenarios in the iommu unmap path.
> 
>   1) The page has been freed.
> 
>      If the page has a refcount of zero, it has been freed. The
>      debugfs should avoid to traverse it.
> 
>      In the debugfs, the refcount of a page table page is checked
>      before traversing it. If its refcount is zero, the page will not
>      be traversed. If the refcount is not zero, increment its refcount
>      before traversal and decrement its refcount after traversal.

No, you can't do this - the page can have been reallocated already.

A sane design would be to RCU free the page table entries and have
this walker be RCU protected. I think I said that already once..

There is some infrastructure we should build to make this sensible,
but it is the right direction.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ