| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Feb 2024 12:59:24 +0530 From: <ankita@...dia.com> To: <ankita@...dia.com>, <jgg@...dia.com>, <maz@...nel.org>, <oliver.upton@...ux.dev>, <james.morse@....com>, <suzuki.poulose@....com>, <yuzenghui@...wei.com>, <reinette.chatre@...el.com>, <surenb@...gle.com>, <stefanha@...hat.com>, <brauner@...nel.org>, <catalin.marinas@....com>, <will@...nel.org>, <mark.rutland@....com>, <alex.williamson@...hat.com>, <kevin.tian@...el.com>, <yi.l.liu@...el.com>, <ardb@...nel.org>, <akpm@...ux-foundation.org>, <andreyknvl@...il.com>, <wangjinchao@...sion.com>, <gshan@...hat.com>, <shahuang@...hat.com>, <ricarkol@...gle.com>, <linux-mm@...ck.org>, <lpieralisi@...nel.org>, <rananta@...gle.com>, <ryan.roberts@....com>, <david@...hat.com>, <linus.walleij@...aro.org>, <bhe@...hat.com> CC: <aniketa@...dia.com>, <cjia@...dia.com>, <kwankhede@...dia.com>, <targupta@...dia.com>, <vsethi@...dia.com>, <acurrid@...dia.com>, <apopple@...dia.com>, <jhubbard@...dia.com>, <danw@...dia.com>, <kvmarm@...ts.linux.dev>, <mochs@...dia.com>, <zhiw@...dia.com>, <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org> Subject: [PATCH v8 2/4] mm: introduce new flag to indicate wc safe From: Ankit Agrawal <ankita@...dia.com> The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64, allowing KVM stage 2 device mapping attributes to use NormalNC rather than DEVICE_nGnRE, which allows guest mappings supporting combining attributes (WC). ARM does not architecturally guarantee this is safe, and indeed some MMIO regions like the GICv2 VCPU interface can trigger uncontained faults if NormalNC is used. Even worse we expect there are platforms where even DEVICE_nGnRE can allow uncontained faults in corner cases. Unfortunately existing ARM IP requires platform integration to take responsibility to prevent this. To safely use VFIO in KVM the platform must guarantee full safety in the guest where no action taken against a MMIO mapping can trigger an uncontained failure. We belive that most VFIO PCI platforms support this for both mapping types, at least in common flows, based on some expectations of how PCI IP is integrated. This can be enabled more broadly, for instance into vfio-platform drivers, but only after the platform vendor completes auditing for safety. The VMA flag VM_ALLOW_ANY_UNCACHED was found to be the simplest and cleanest way to communicate the information from VFIO to KVM that mapping the region in S2 as NormalNC is safe. KVM consumes it to activate the code that does the S2 mapping as NormalNC. Suggested-by: Catalin Marinas <catalin.marinas@....com> Reviewed-by: Jason Gunthorpe <jgg@...dia.com> Acked-by: David Hildenbrand <david@...hat.com> Signed-off-by: Ankit Agrawal <ankita@...dia.com> --- include/linux/mm.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index f5a97dec5169..59576e56c58b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -391,6 +391,20 @@ extern unsigned int kobjsize(const void *objp); # define VM_UFFD_MINOR VM_NONE #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ +/* + * This flag is used to connect VFIO to arch specific KVM code. It + * indicates that the memory under this VMA is safe for use with any + * non-cachable memory type inside KVM. Some VFIO devices, on some + * platforms, are thought to be unsafe and can cause machine crashes + * if KVM does not lock down the memory type. + */ +#ifdef CONFIG_64BIT +#define VM_ALLOW_ANY_UNCACHED_BIT 39 +#define VM_ALLOW_ANY_UNCACHED BIT(VM_ALLOW_ANY_UNCACHED_BIT) +#else +#define VM_ALLOW_ANY_UNCACHED VM_NONE +#endif + /* Bits set in the VMA until the stack is in its final location */ #define VM_STACK_INCOMPLETE_SETUP (VM_RAND_READ | VM_SEQ_READ | VM_STACK_EARLY) -- 2.34.1
Powered by blists - more mailing lists