From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
kvm@vger.kernel.org
Cc: James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>
Subject: [PATCH 0/2] KVM: arm64: Plug a couple of MM races
Date: Mon, 13 Mar 2023 09:14:23 +0000 [thread overview]
Message-ID: <20230313091425.1962708-1-maz@kernel.org> (raw)
Ard recently reported a really odd warning generated with KASAN, where
the page table walker we use to inspect the userspace page tables was
going into the weeds and accessing something that was looking totally
unrelated (and previously freed).
Will and I spent quite some time looking into it, and while we were
not able to reproduce the issue, we were able to spot at least a
couple of issues that could partially explain the issue.
The first course of action is to disable interrupts while walking the
userspace PTs. This prevents exit_mmap() from tearing down these PTs
by blocking the IPI. We also fail gracefully if the IPI won the race
and killed the page tables before we started the walk.
The second issue is to not use a VMA pointer that was obtained with
the mmap_read_lock held after that lock has been released. There is no
guarantee that it is still valid.
I've earmarked both for stable, though I expect backporting this to
older revisions of the kernel could be... interesting.
M.
Marc Zyngier (2):
KVM: arm64: Disable interrupts while walking userspace PTs
KVM: arm64: Check for kvm_vma_mte_allowed in the critical section
arch/arm64/kvm/mmu.c | 42 +++++++++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 9 deletions(-)
--
2.34.1
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
kvm@vger.kernel.org
Cc: James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
Ard Biesheuvel <ardb@kernel.org>, Will Deacon <will@kernel.org>,
Quentin Perret <qperret@google.com>
Subject: [PATCH 0/2] KVM: arm64: Plug a couple of MM races
Date: Mon, 13 Mar 2023 09:14:23 +0000 [thread overview]
Message-ID: <20230313091425.1962708-1-maz@kernel.org> (raw)
Ard recently reported a really odd warning generated with KASAN, where
the page table walker we use to inspect the userspace page tables was
going into the weeds and accessing something that was looking totally
unrelated (and previously freed).
Will and I spent quite some time looking into it, and while we were
not able to reproduce the issue, we were able to spot at least a
couple of issues that could partially explain the issue.
The first course of action is to disable interrupts while walking the
userspace PTs. This prevents exit_mmap() from tearing down these PTs
by blocking the IPI. We also fail gracefully if the IPI won the race
and killed the page tables before we started the walk.
The second issue is to not use a VMA pointer that was obtained with
the mmap_read_lock held after that lock has been released. There is no
guarantee that it is still valid.
I've earmarked both for stable, though I expect backporting this to
older revisions of the kernel could be... interesting.
M.
Marc Zyngier (2):
KVM: arm64: Disable interrupts while walking userspace PTs
KVM: arm64: Check for kvm_vma_mte_allowed in the critical section
arch/arm64/kvm/mmu.c | 42 +++++++++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 9 deletions(-)
--
2.34.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2023-03-13 9:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-13 9:14 Marc Zyngier [this message]
2023-03-13 9:14 ` [PATCH 0/2] KVM: arm64: Plug a couple of MM races Marc Zyngier
2023-03-13 9:14 ` [PATCH 1/2] KVM: arm64: Disable interrupts while walking userspace PTs Marc Zyngier
2023-03-13 9:14 ` Marc Zyngier
2023-03-13 15:53 ` Sean Christopherson
2023-03-13 15:53 ` Sean Christopherson
2023-03-13 17:16 ` David Matlack
2023-03-13 17:16 ` David Matlack
2023-03-13 17:21 ` Sean Christopherson
2023-03-13 17:21 ` Sean Christopherson
2023-03-13 17:26 ` David Matlack
2023-03-13 17:26 ` David Matlack
2023-03-13 17:40 ` Marc Zyngier
2023-03-13 17:40 ` Marc Zyngier
2023-03-13 9:14 ` [PATCH 2/2] KVM: arm64: Check for kvm_vma_mte_allowed in the critical section Marc Zyngier
2023-03-13 9:14 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230313091425.1962708-1-maz@kernel.org \
--to=maz@kernel.org \
--cc=ardb@kernel.org \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=oliver.upton@linux.dev \
--cc=qperret@google.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.