lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240220072926.6466-3-ankita@nvidia.com>
Date: Tue, 20 Feb 2024 12:59:24 +0530
From: <ankita@...dia.com>
To: <ankita@...dia.com>, <jgg@...dia.com>, <maz@...nel.org>,
	<oliver.upton@...ux.dev>, <james.morse@....com>, <suzuki.poulose@....com>,
	<yuzenghui@...wei.com>, <reinette.chatre@...el.com>, <surenb@...gle.com>,
	<stefanha@...hat.com>, <brauner@...nel.org>, <catalin.marinas@....com>,
	<will@...nel.org>, <mark.rutland@....com>, <alex.williamson@...hat.com>,
	<kevin.tian@...el.com>, <yi.l.liu@...el.com>, <ardb@...nel.org>,
	<akpm@...ux-foundation.org>, <andreyknvl@...il.com>,
	<wangjinchao@...sion.com>, <gshan@...hat.com>, <shahuang@...hat.com>,
	<ricarkol@...gle.com>, <linux-mm@...ck.org>, <lpieralisi@...nel.org>,
	<rananta@...gle.com>, <ryan.roberts@....com>, <david@...hat.com>,
	<linus.walleij@...aro.org>, <bhe@...hat.com>
CC: <aniketa@...dia.com>, <cjia@...dia.com>, <kwankhede@...dia.com>,
	<targupta@...dia.com>, <vsethi@...dia.com>, <acurrid@...dia.com>,
	<apopple@...dia.com>, <jhubbard@...dia.com>, <danw@...dia.com>,
	<kvmarm@...ts.linux.dev>, <mochs@...dia.com>, <zhiw@...dia.com>,
	<kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<linux-arm-kernel@...ts.infradead.org>
Subject: [PATCH v8 2/4] mm: introduce new flag to indicate wc safe

From: Ankit Agrawal <ankita@...dia.com>

The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64, allowing KVM
stage 2 device mapping attributes to use NormalNC rather than
DEVICE_nGnRE, which allows guest mappings supporting combining
attributes (WC). ARM does not architecturally guarantee this is safe,
and indeed some MMIO regions like the GICv2 VCPU interface can trigger
uncontained faults if NormalNC is used.

Even worse we expect there are platforms where even DEVICE_nGnRE can
allow uncontained faults in corner cases. Unfortunately existing ARM IP
requires platform integration to take responsibility to prevent this.

To safely use VFIO in KVM the platform must guarantee full safety in the
guest where no action taken against a MMIO mapping can trigger an
uncontained failure. We belive that most VFIO PCI platforms support this
for both mapping types, at least in common flows, based on some
expectations of how PCI IP is integrated. This can be enabled more broadly,
for instance into vfio-platform drivers, but only after the platform
vendor completes auditing for safety.

The VMA flag VM_ALLOW_ANY_UNCACHED was found to be the simplest and
cleanest way to communicate the information from VFIO to KVM that
mapping the region in S2 as NormalNC is safe. KVM consumes it to
activate the code that does the S2 mapping as NormalNC.

Suggested-by: Catalin Marinas <catalin.marinas@....com>
Reviewed-by: Jason Gunthorpe <jgg@...dia.com>
Acked-by: David Hildenbrand <david@...hat.com>
Signed-off-by: Ankit Agrawal <ankita@...dia.com>
---
 include/linux/mm.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index f5a97dec5169..59576e56c58b 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -391,6 +391,20 @@ extern unsigned int kobjsize(const void *objp);
 # define VM_UFFD_MINOR		VM_NONE
 #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */
 
+/*
+ * This flag is used to connect VFIO to arch specific KVM code. It
+ * indicates that the memory under this VMA is safe for use with any
+ * non-cachable memory type inside KVM. Some VFIO devices, on some
+ * platforms, are thought to be unsafe and can cause machine crashes
+ * if KVM does not lock down the memory type.
+ */
+#ifdef CONFIG_64BIT
+#define VM_ALLOW_ANY_UNCACHED_BIT	39
+#define VM_ALLOW_ANY_UNCACHED		BIT(VM_ALLOW_ANY_UNCACHED_BIT)
+#else
+#define VM_ALLOW_ANY_UNCACHED		VM_NONE
+#endif
+
 /* Bits set in the VMA until the stack is in its final location */
 #define VM_STACK_INCOMPLETE_SETUP (VM_RAND_READ | VM_SEQ_READ | VM_STACK_EARLY)
 
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ