From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"hjl.tools@gmail.com" <hjl.tools@gmail.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"andreyknvl@gmail.com" <andreyknvl@gmail.com>,
"kcc@google.com" <kcc@google.com>,
"ak@linux.intel.com" <ak@linux.intel.com>,
"dvyukov@google.com" <dvyukov@google.com>,
"x86@kernel.org" <x86@kernel.org>,
"ryabinin.a.a@gmail.com" <ryabinin.a.a@gmail.com>,
"Lutomirski, Andy" <luto@kernel.org>,
"glider@google.com" <glider@google.com>
Subject: Re: [PATCHv3 6/8] x86/mm: Provide ARCH_GET_UNTAG_MASK and ARCH_ENABLE_TAGGED_ADDR
Date: Sat, 11 Jun 2022 04:12:12 +0300 [thread overview]
Message-ID: <20220611011212.ockffkv4h3fiwfdl@black.fi.intel.com> (raw)
In-Reply-To: <dda083610d4c8b8d8d0b09021345e9cc0cb35bbe.camel@intel.com>
On Fri, Jun 10, 2022 at 10:18:23PM +0000, Edgecombe, Rick P wrote:
> On Fri, 2022-06-10 at 11:08 -0700, Edgecombe, Richard P wrote:
> > On Fri, 2022-06-10 at 21:06 +0300, Kirill A. Shutemov wrote:
> > > On Fri, Jun 10, 2022 at 04:16:01PM +0000, Edgecombe, Rick P wrote:
> > > > On Fri, 2022-06-10 at 17:35 +0300, Kirill A. Shutemov wrote:
> > > > > +static int prctl_enable_tagged_addr(unsigned long nr_bits)
> > > > > +{
> > > > > + struct mm_struct *mm = current->mm;
> > > > > +
> > > > > + /* Already enabled? */
> > > > > + if (mm->context.lam_cr3_mask)
> > > > > + return -EBUSY;
> > > > > +
> > > > > + /* LAM has to be enabled before spawning threads */
> > > > > + if (get_nr_threads(current) > 1)
> > > > > + return -EBUSY;
> > > >
> > > > Does this work for vfork()? I guess the idea is that locking is
> > > > not
> > > > needed below because there is only one thread with the MM, but
> > > > with
> > > > vfork() another task could operate on the MM, call fork(), etc.
> > > > I'm
> > > > not
> > > > sure...
> > >
> > > I'm not sure I follow. vfork() blocks parent process until child
> > > exit
> > > or
> > > execve(). I don't see how it is a problem.
> >
> > Oh yea, you're right.
>
> Actually, I guess vfork() only suspends the calling thread. So what if
> you had:
> 1. Parent spawns a bunch of threads
> 2. vforks()
> 3. Child enables LAM (it only has one thread, so succeeds)
> 4. Child exits()
> 5. Parent has some threads with LAM, and some not
I think it is in "Don't do that" territory. It is very similar to cases
described in "Caveats" section of the vfork(2) man-page.
> It's some weird userspace that doesn't deserve to have things work for
> it, but I wonder if it could open up little races around untagging. As
> an example, KVM might have a super narrow race where it checks for tags
> in memslots using addr != untagged_addr(addr) before checking
> access_ok(addr, ...). See __kvm_set_memory_region(). If mm-
> >context.untag_mask got set in the middle, tagged memslots could be
> added.
Ultimately, a process which calls vfork(2) is in control of what happens
to the new process until execve(2) or exit(2). So, yes it is very creative
way to shoot yourself into leg, but I don't think it worth preventing.
And I'm not sure how the fix would look like.
--
Kirill A. Shutemov
next prev parent reply other threads:[~2022-06-11 1:12 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-10 14:35 [PATCHv3 0/8] Linear Address Masking enabling Kirill A. Shutemov
2022-06-10 14:35 ` [PATCHv3 1/8] x86/mm: Fix CR3_ADDR_MASK Kirill A. Shutemov
2022-06-10 23:32 ` Edgecombe, Rick P
2022-06-10 14:35 ` [PATCHv3 2/8] x86: CPUID and CR3/CR4 flags for Linear Address Masking Kirill A. Shutemov
2022-06-10 14:35 ` [PATCHv3 3/8] mm: Pass down mm_struct to untagged_addr() Kirill A. Shutemov
2022-06-10 23:33 ` Edgecombe, Rick P
2022-06-17 15:27 ` Alexander Potapenko
2022-06-17 22:38 ` Kirill A. Shutemov
2022-06-10 14:35 ` [PATCHv3 4/8] x86/mm: Handle LAM on context switch Kirill A. Shutemov
2022-06-10 23:55 ` Edgecombe, Rick P
2022-06-15 15:54 ` Kirill A. Shutemov
2022-06-16 9:08 ` Peter Zijlstra
2022-06-16 16:40 ` Kirill A. Shutemov
2022-06-17 15:35 ` Alexander Potapenko
2022-06-17 22:39 ` Kirill A. Shutemov
2022-06-28 23:33 ` Andy Lutomirski
2022-06-29 0:34 ` Kirill A. Shutemov
2022-06-30 1:51 ` Andy Lutomirski
2022-06-10 14:35 ` [PATCHv3 5/8] x86/uaccess: Provide untagged_addr() and remove tags before address check Kirill A. Shutemov
2022-06-13 17:36 ` Edgecombe, Rick P
2022-06-15 16:58 ` Kirill A. Shutemov
2022-06-15 19:06 ` Edgecombe, Rick P
2022-06-16 9:30 ` Peter Zijlstra
2022-06-16 16:44 ` Kirill A. Shutemov
2022-06-17 11:36 ` Peter Zijlstra
2022-06-17 14:22 ` H.J. Lu
2022-06-17 14:28 ` Peter Zijlstra
2022-06-16 9:34 ` Peter Zijlstra
2022-06-16 10:02 ` Peter Zijlstra
2022-06-16 16:48 ` Kirill A. Shutemov
2022-06-28 23:40 ` Andy Lutomirski
2022-06-29 0:42 ` Kirill A. Shutemov
2022-06-30 2:38 ` Andy Lutomirski
2022-07-05 0:13 ` Kirill A. Shutemov
2022-06-10 14:35 ` [PATCHv3 6/8] x86/mm: Provide ARCH_GET_UNTAG_MASK and ARCH_ENABLE_TAGGED_ADDR Kirill A. Shutemov
2022-06-10 15:25 ` Edgecombe, Rick P
2022-06-10 18:04 ` Kirill A. Shutemov
2022-06-10 16:16 ` Edgecombe, Rick P
2022-06-10 18:06 ` Kirill A. Shutemov
2022-06-10 18:08 ` Edgecombe, Rick P
2022-06-10 22:18 ` Edgecombe, Rick P
2022-06-11 1:12 ` Kirill A. Shutemov [this message]
2022-06-11 2:36 ` Edgecombe, Rick P
2022-06-12 21:03 ` Andy Lutomirski
2022-06-16 9:44 ` Peter Zijlstra
2022-06-16 16:54 ` Kirill A. Shutemov
2022-06-30 2:04 ` Andy Lutomirski
2022-06-13 14:42 ` Michal Hocko
2022-06-16 17:05 ` Kirill A. Shutemov
2022-06-19 23:40 ` Kirill A. Shutemov
2022-06-16 9:39 ` Peter Zijlstra
2022-06-28 23:42 ` Andy Lutomirski
2022-06-29 0:53 ` Kirill A. Shutemov
2022-06-30 2:29 ` Andy Lutomirski
2022-07-01 15:38 ` Kirill A. Shutemov
2022-07-02 23:55 ` Andy Lutomirski
2022-07-04 13:43 ` Kirill A. Shutemov
2022-06-10 14:35 ` [PATCHv3 7/8] x86: Expose untagging mask in /proc/$PID/arch_status Kirill A. Shutemov
2022-06-10 15:24 ` Dave Hansen
2022-06-11 1:28 ` Kirill A. Shutemov
2022-06-27 12:00 ` Catalin Marinas
2022-06-10 14:35 ` [PATCHv3 OPTIONAL 8/8] x86/mm: Extend LAM to support to LAM_U48 Kirill A. Shutemov
2022-06-16 10:00 ` Peter Zijlstra
2022-06-10 20:22 ` [PATCHv3 0/8] Linear Address Masking enabling Kostya Serebryany
2022-06-16 22:52 ` Edgecombe, Rick P
2022-06-16 23:43 ` Kirill A. Shutemov
2022-06-16 23:48 ` Edgecombe, Rick P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220611011212.ockffkv4h3fiwfdl@black.fi.intel.com \
--to=kirill.shutemov@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=andreyknvl@gmail.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hjl.tools@gmail.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=ryabinin.a.a@gmail.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.