From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>
Cc: x86@kernel.org, Kostya Serebryany <kcc@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Alexander Potapenko <glider@google.com>,
Taras Madan <tarasmadan@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
"H . J . Lu" <hjl.tools@gmail.com>,
Andi Kleen <ak@linux.intel.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Bharata B Rao <bharata@amd.com>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Ashok Raj <ashok.raj@intel.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Marc Zyngier <maz@kernel.org>
Subject: [PATCHv12 06/16] KVM: Serialize tagged address check against tagging enabling
Date: Wed, 9 Nov 2022 19:51:30 +0300 [thread overview]
Message-ID: <20221109165140.9137-7-kirill.shutemov@linux.intel.com> (raw)
In-Reply-To: <20221109165140.9137-1-kirill.shutemov@linux.intel.com>
KVM forbids usage of tagged userspace addresses for memslots. It is done
by checking if the address stays the same after untagging.
It is works fine for ARM TBI, but it the check gets racy for LAM. TBI
enabling happens per-thread, so nobody can enable tagging for the thread
while the memslot gets added.
LAM gets enabled per-process. If it gets enabled after the
untagged_addr() check, but before access_ok() check the kernel can
wrongly allow tagged userspace_addr.
Use mmap lock to protect against parallel LAM enabling.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: Marc Zyngier <maz@kernel.org>
---
virt/kvm/kvm_main.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index d2139906ff91..8399aae16e83 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1943,12 +1943,22 @@ int __kvm_set_memory_region(struct kvm *kvm,
return -EINVAL;
if (mem->guest_phys_addr & (PAGE_SIZE - 1))
return -EINVAL;
+
+ /* Serialize against tagging enabling */
+ if (mmap_read_lock_killable(kvm->mm))
+ return -EINTR;
+
/* We can read the guest memory with __xxx_user() later on. */
if ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
(mem->userspace_addr != untagged_addr(kvm->mm, mem->userspace_addr)) ||
!access_ok((void __user *)(unsigned long)mem->userspace_addr,
- mem->memory_size))
+ mem->memory_size)) {
+ mmap_read_unlock(kvm->mm);
return -EINVAL;
+ }
+
+ mmap_read_unlock(kvm->mm);
+
if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_MEM_SLOTS_NUM)
return -EINVAL;
if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)
--
2.38.0
next prev parent reply other threads:[~2022-11-09 16:53 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 16:51 [PATCHv12 00/16] Linear Address Masking enabling Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 01/16] x86/mm: Fix CR3_ADDR_MASK Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 02/16] x86: CPUID and CR3/CR4 flags for Linear Address Masking Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 03/16] mm: Pass down mm_struct to untagged_addr() Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 04/16] x86/mm: Handle LAM on context switch Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 05/16] x86/uaccess: Provide untagged_addr() and remove tags before address check Kirill A. Shutemov
2022-11-09 16:51 ` Kirill A. Shutemov [this message]
2022-11-09 16:51 ` [PATCHv12 07/16] x86/mm: Provide arch_prctl() interface for LAM Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 08/16] x86/mm: Reduce untagged_addr() overhead until the first LAM user Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 09/16] mm: Expose untagging mask in /proc/$PID/status Kirill A. Shutemov
2022-11-11 9:59 ` Catalin Marinas
2022-11-11 14:50 ` Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 10/16] iommu/sva: Replace pasid_valid() helper with mm_valid_pasid() Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 11/16] x86/mm, iommu/sva: Make LAM and SVA mutually exclusive Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 12/16] selftests/x86/lam: Add malloc and tag-bits test cases for linear-address masking Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 13/16] selftests/x86/lam: Add mmap and SYSCALL " Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 14/16] selftests/x86/lam: Add io_uring " Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 15/16] selftests/x86/lam: Add inherit " Kirill A. Shutemov
2022-11-09 16:51 ` [PATCHv12 16/16] selftests/x86/lam: Add ARCH_FORCE_TAGGED_SVA " Kirill A. Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221109165140.9137-7-kirill.shutemov@linux.intel.com \
--to=kirill.shutemov@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=andreyknvl@gmail.com \
--cc=ashok.raj@intel.com \
--cc=bharata@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hjl.tools@gmail.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=maz@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=ryabinin.a.a@gmail.com \
--cc=tarasmadan@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.