lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aLcQ3UCXXNcByW1O@gcabiddu-mobl.ger.corp.intel.com>
Date: Tue, 2 Sep 2025 16:44:29 +0100
From: Giovanni Cabiddu <giovanni.cabiddu@...el.com>
To: Rik van Riel <riel@...riel.com>
CC: <x86@...nel.org>, <linux-kernel@...r.kernel.org>, <bp@...en8.de>,
	<peterz@...radead.org>, <dave.hansen@...ux.intel.com>,
	<zhengqi.arch@...edance.com>, <nadav.amit@...il.com>,
	<thomas.lendacky@....com>, <kernel-team@...a.com>, <linux-mm@...ck.org>,
	<akpm@...ux-foundation.org>, <jackmanb@...gle.com>, <jannh@...gle.com>,
	<mhklinux@...look.com>, <andrew.cooper3@...rix.com>, <Manali.Shukla@....com>,
	<mingo@...nel.org>, Dave Hansen <dave.hansen@...el.com>,
	<baolu.lu@...el.com>, <david.guckian@...el.com>, <damian.muszynski@...el.com>
Subject: [BUG] x86/mm: regression after 4a02ed8e1cc3

On Tue, Feb 25, 2025 at 10:00:36PM -0500, Rik van Riel wrote:
> Reduce code duplication by consolidating the decision point
> for whether to do individual invalidations or a full flush
> inside get_flush_tlb_info.
> 
> Signed-off-by: Rik van Riel <riel@...riel.com>
> Suggested-by: Dave Hansen <dave.hansen@...el.com>
> Tested-by: Michael Kelley <mhklinux@...look.com>
> Acked-by: Dave Hansen <dave.hansen@...el.com>
> Reviewed-by: Borislav Petkov (AMD) <bp@...en8.de>
> ---
After 4a02ed8e1cc3 ("x86/mm: Consolidate full flush threshold
decision"), we've seen data corruption in DMAd buffers when testing SVA.

>From our preliminary analysis, it appears that get_flush_tlb_info()
modifies the start and end parameters for full TLB flushes (setting
start=0, end=TLB_FLUSH_ALL). However, the MMU notifier call at the end
of the function still uses the original parameters instead of the
updated info->start and info->end.

The change below appears to solve the problem, however we are not sure if
this is the right way to fix the problem.

----8<----
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 39f80111e6f1..e66c7662c254 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -1459,7 +1459,7 @@ void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,
 
 	put_flush_tlb_info();
 	put_cpu();
-	mmu_notifier_arch_invalidate_secondary_tlbs(mm, start, end);
+	mmu_notifier_arch_invalidate_secondary_tlbs(mm, info->start, info->end);
 }
 
 static void do_flush_tlb_all(void *info)
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ