Re: [PATCHv16 11/17] x86/mm/iommu/sva: Make LAM and SVA mutually exclusive

From: Dmitry Vyukov <dvyukov@google.com>
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	x86@kernel.org, Kostya Serebryany <kcc@google.com>,
	Andrey Ryabinin <ryabinin.a.a@gmail.com>,
	Andrey Konovalov <andreyknvl@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	Taras Madan <tarasmadan@google.com>,
	"H . J . Lu" <hjl.tools@gmail.com>,
	Andi Kleen <ak@linux.intel.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Bharata B Rao <bharata@amd.com>,
	Jacob Pan <jacob.jun.pan@linux.intel.com>,
	Ashok Raj <ashok.raj@intel.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCHv16 11/17] x86/mm/iommu/sva: Make LAM and SVA mutually exclusive
Date: Mon, 3 Apr 2023 12:22:01 +0200	[thread overview]
Message-ID: <CACT4Y+YfqSMsZArhh25TESmG-U4jO5Hjphz87wKSnTiaw2Wrfw@mail.gmail.com> (raw)
In-Reply-To: <20230403101707.satsniziz3tn2zyd@box>

On Mon, 3 Apr 2023 at 12:17, Kirill A. Shutemov <kirill@shutemov.name> wrote:
>
> On Mon, Apr 03, 2023 at 11:56:48AM +0200, Dmitry Vyukov wrote:
> > On Mon, 3 Apr 2023 at 11:44, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> > >
> > > On Mon, Apr 03, 2023 at 08:18:57AM +0200, Dmitry Vyukov wrote:
> > > > Hi Kirill,
> > > >
> > > > ARCH_ENABLE_TAGGED_ADDR checks that task->mm == current->mm,
> > > > shouldn't ARCH_FORCE_TAGGED_SVA check that as well?
> > >
> > > Do you a particular race in mind? I cannot think of anything right away.
> > >
> > > I guess we can add the check for consistency. But if there's a bug it is a
> > > different story.
> >
> > No, I don't have a particular race in mind. Was thinking solely about
> > consistency and if these things should be set for other processes
> > (relaxing the check is always possible in future, but adding new
> > restrictions is generally not possible).
>
> Okay. Makes sense.
>
> It is only reachable with task != current from ptrace, which is rather
> obscure path.
>
> Anyway, I will prepare a proper patch with this fixup:
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index eda826a956df..4ffd8e67d273 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -883,6 +883,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
>         case ARCH_ENABLE_TAGGED_ADDR:
>                 return prctl_enable_tagged_addr(task->mm, arg2);
>         case ARCH_FORCE_TAGGED_SVA:
> +               if (current != task)
> +                       return -EINVAL;
>                 set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
>                 return 0;
>         case ARCH_GET_MAX_TAG_BITS:
>
> > > > Also it looks like currently to enable both LAM and SVA.
> > > > LAM enabling checks for SVA, but SVA doesn't and both are not mutually
> > > > exclusive.
> > >
> > > For LAM we check SVM with mm_valid_pasid() && !test_bit() in
> > > prctl_enable_tagged_addr().
> > >
> > > For SVM we check for LAM with !mm_lam_cr3_mask() || test_bit() in
> > > arch_pgtable_dma_compat() which called from iommu_sva_alloc_pasid().
> >
> > It seems that currently it's possible to both enable LAM and set SVA bit.
> > Then arch_pgtable_dma_compat() will return true, but LAM is enabled.
>
> Right. That's the point of the bit. It allows SVA and LAM to co-exist:
>
>     The new ARCH_FORCE_TAGGED_SVA arch_prctl() overrides the limitation.
>     By using the arch_prctl() userspace takes responsibility to never pass
>     tagged address to the device.
>
> I'm confused.

Then I misunderstood what it means. Ignore.

While we are here:

        if (mm_valid_pasid(mm) &&
            !test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
                return -EINTR;

should be EINVAL?