| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZPiCNTbGp64MRfhQ@ziepe.ca>
Date: Wed, 6 Sep 2023 10:44:21 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Jingqi Liu <Jingqi.liu@...el.com>
Cc: iommu@...ts.linux.dev, Lu Baolu <baolu.lu@...ux.intel.com>,
Tian Kevin <kevin.tian@...el.com>,
Joerg Roedel <joro@...tes.org>, Will Deacon <will@...nel.org>,
Robin Murphy <robin.murphy@....com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iommu/vt-d: debugfs: Fix race with iommu unmap when
traversing
On Sun, Sep 03, 2023 at 10:40:50PM +0800, Jingqi Liu wrote:
> When traversing page table, it may race with iommu unmap.
>
> For the page table page pointed to by a PDPE/PDE, there are three
> scenarios in the iommu unmap path.
>
> 1) The page has been freed.
>
> If the page has a refcount of zero, it has been freed. The
> debugfs should avoid to traverse it.
>
> In the debugfs, the refcount of a page table page is checked
> before traversing it. If its refcount is zero, the page will not
> be traversed. If the refcount is not zero, increment its refcount
> before traversal and decrement its refcount after traversal.
No, you can't do this - the page can have been reallocated already.
A sane design would be to RCU free the page table entries and have
this walker be RCU protected. I think I said that already once..
There is some infrastructure we should build to make this sensible,
but it is the right direction.
Jason
Powered by blists - more mailing lists