From: Marc Zyngier <maz@kernel.org> To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org Cc: James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Zenghui Yu <yuzenghui@huawei.com>, Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>, Quentin Perret <qperret@google.com> Subject: [PATCH 0/2] KVM: arm64: Plug a couple of MM races Date: Mon, 13 Mar 2023 09:14:23 +0000 [thread overview] Message-ID: <20230313091425.1962708-1-maz@kernel.org> (raw) Ard recently reported a really odd warning generated with KASAN, where the page table walker we use to inspect the userspace page tables was going into the weeds and accessing something that was looking totally unrelated (and previously freed). Will and I spent quite some time looking into it, and while we were not able to reproduce the issue, we were able to spot at least a couple of issues that could partially explain the issue. The first course of action is to disable interrupts while walking the userspace PTs. This prevents exit_mmap() from tearing down these PTs by blocking the IPI. We also fail gracefully if the IPI won the race and killed the page tables before we started the walk. The second issue is to not use a VMA pointer that was obtained with the mmap_read_lock held after that lock has been released. There is no guarantee that it is still valid. I've earmarked both for stable, though I expect backporting this to older revisions of the kernel could be... interesting. M. Marc Zyngier (2): KVM: arm64: Disable interrupts while walking userspace PTs KVM: arm64: Check for kvm_vma_mte_allowed in the critical section arch/arm64/kvm/mmu.c | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) -- 2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org> To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org Cc: James Morse <james.morse@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Oliver Upton <oliver.upton@linux.dev>, Zenghui Yu <yuzenghui@huawei.com>, Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>, Quentin Perret <qperret@google.com> Subject: [PATCH 0/2] KVM: arm64: Plug a couple of MM races Date: Mon, 13 Mar 2023 09:14:23 +0000 [thread overview] Message-ID: <20230313091425.1962708-1-maz@kernel.org> (raw) Ard recently reported a really odd warning generated with KASAN, where the page table walker we use to inspect the userspace page tables was going into the weeds and accessing something that was looking totally unrelated (and previously freed). Will and I spent quite some time looking into it, and while we were not able to reproduce the issue, we were able to spot at least a couple of issues that could partially explain the issue. The first course of action is to disable interrupts while walking the userspace PTs. This prevents exit_mmap() from tearing down these PTs by blocking the IPI. We also fail gracefully if the IPI won the race and killed the page tables before we started the walk. The second issue is to not use a VMA pointer that was obtained with the mmap_read_lock held after that lock has been released. There is no guarantee that it is still valid. I've earmarked both for stable, though I expect backporting this to older revisions of the kernel could be... interesting. M. Marc Zyngier (2): KVM: arm64: Disable interrupts while walking userspace PTs KVM: arm64: Check for kvm_vma_mte_allowed in the critical section arch/arm64/kvm/mmu.c | 42 +++++++++++++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 9 deletions(-) -- 2.34.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2023-03-13 9:15 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-03-13 9:14 Marc Zyngier [this message] 2023-03-13 9:14 ` [PATCH 0/2] KVM: arm64: Plug a couple of MM races Marc Zyngier 2023-03-13 9:14 ` [PATCH 1/2] KVM: arm64: Disable interrupts while walking userspace PTs Marc Zyngier 2023-03-13 9:14 ` Marc Zyngier 2023-03-13 15:53 ` Sean Christopherson 2023-03-13 15:53 ` Sean Christopherson 2023-03-13 17:16 ` David Matlack 2023-03-13 17:16 ` David Matlack 2023-03-13 17:21 ` Sean Christopherson 2023-03-13 17:21 ` Sean Christopherson 2023-03-13 17:26 ` David Matlack 2023-03-13 17:26 ` David Matlack 2023-03-13 17:40 ` Marc Zyngier 2023-03-13 17:40 ` Marc Zyngier 2023-03-13 9:14 ` [PATCH 2/2] KVM: arm64: Check for kvm_vma_mte_allowed in the critical section Marc Zyngier 2023-03-13 9:14 ` Marc Zyngier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230313091425.1962708-1-maz@kernel.org \ --to=maz@kernel.org \ --cc=ardb@kernel.org \ --cc=james.morse@arm.com \ --cc=kvm@vger.kernel.org \ --cc=kvmarm@lists.linux.dev \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=oliver.upton@linux.dev \ --cc=qperret@google.com \ --cc=suzuki.poulose@arm.com \ --cc=will@kernel.org \ --cc=yuzenghui@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.