- Do not allow to set FORCE_TAGGED_SVA bit for other process;
- Use EINVAL instead of EINTR for LAM enabling failure due to SVA;
Kirill A. Shutemov (2):
x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA
x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from
outside
arch/x86/kernel/process_64.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
2.39.2
arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
and SVA to co-exist in the process. It is expected by called by the
process when it knows what it is doing.
arch_prctl() operates on the current process, but the same code is
reachable from ptrace where it can be called on arbitrary task.
Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
current process.
Signed-off-by: Kirill A. Shutemov <[email protected]>
Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
Suggested-by: Dmitry Vyukov <[email protected]>
---
arch/x86/kernel/process_64.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index c7dfd727c9ec..cefac2d3a9f6 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
case ARCH_ENABLE_TAGGED_ADDR:
return prctl_enable_tagged_addr(task->mm, arg2);
case ARCH_FORCE_TAGGED_SVA:
+ if (current != task)
+ return -EINVAL;
set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
return 0;
case ARCH_GET_MAX_TAG_BITS:
--
2.39.2
Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
SVA is already in use.
Correct error code for the failure. EINTR is nonsensical there.
Signed-off-by: Kirill A. Shutemov <[email protected]>
Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
Reported-by: Dmitry Vyukov <[email protected]>
---
arch/x86/kernel/process_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 74c7e84a94d8..c7dfd727c9ec 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -760,7 +760,7 @@ static int prctl_enable_tagged_addr(struct mm_struct *mm, unsigned long nr_bits)
if (mm_valid_pasid(mm) &&
!test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
- return -EINTR;
+ return -EINVAL;
if (mmap_write_lock_killable(mm))
return -EINTR;
--
2.39.2
On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
<[email protected]> wrote:
>
> arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> and SVA to co-exist in the process. It is expected by called by the
> process when it knows what it is doing.
>
> arch_prctl() operates on the current process, but the same code is
> reachable from ptrace where it can be called on arbitrary task.
>
> Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> current process.
>
> Signed-off-by: Kirill A. Shutemov <[email protected]>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Suggested-by: Dmitry Vyukov <[email protected]>
> ---
> arch/x86/kernel/process_64.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index c7dfd727c9ec..cefac2d3a9f6 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> case ARCH_ENABLE_TAGGED_ADDR:
> return prctl_enable_tagged_addr(task->mm, arg2);
> case ARCH_FORCE_TAGGED_SVA:
> + if (current != task)
> + return -EINVAL;
prctl_enable_tagged_addr() checks "task->mm != current->mm".
Should we check the same here for consistency? Or also change the
check in prctl_enable_tagged_addr().
arch_prctl() can only do task==current, so I guess "current != task"
is a more reasonable check for prctl_enable_tagged_addr() as well.
> set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
> return 0;
> case ARCH_GET_MAX_TAG_BITS:
> --
> 2.39.2
>
On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
<[email protected]> wrote:
>
> Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> SVA is already in use.
>
> Correct error code for the failure. EINTR is nonsensical there.
>
> Signed-off-by: Kirill A. Shutemov <[email protected]>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Reported-by: Dmitry Vyukov <[email protected]>
Reviewed-by: Dmitry Vyukov <[email protected]>
> ---
> arch/x86/kernel/process_64.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index 74c7e84a94d8..c7dfd727c9ec 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -760,7 +760,7 @@ static int prctl_enable_tagged_addr(struct mm_struct *mm, unsigned long nr_bits)
>
> if (mm_valid_pasid(mm) &&
> !test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
> - return -EINTR;
> + return -EINVAL;
>
> if (mmap_write_lock_killable(mm))
> return -EINTR;
> --
> 2.39.2
>
On Mon, Apr 03, 2023 at 03:55:09PM +0200, Dmitry Vyukov wrote:
> On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
> <[email protected]> wrote:
> >
> > arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> > and SVA to co-exist in the process. It is expected by called by the
> > process when it knows what it is doing.
> >
> > arch_prctl() operates on the current process, but the same code is
> > reachable from ptrace where it can be called on arbitrary task.
> >
> > Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> > current process.
> >
> > Signed-off-by: Kirill A. Shutemov <[email protected]>
> > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > Suggested-by: Dmitry Vyukov <[email protected]>
> > ---
> > arch/x86/kernel/process_64.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> > index c7dfd727c9ec..cefac2d3a9f6 100644
> > --- a/arch/x86/kernel/process_64.c
> > +++ b/arch/x86/kernel/process_64.c
> > @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> > case ARCH_ENABLE_TAGGED_ADDR:
> > return prctl_enable_tagged_addr(task->mm, arg2);
> > case ARCH_FORCE_TAGGED_SVA:
> > + if (current != task)
> > + return -EINVAL;
>
> prctl_enable_tagged_addr() checks "task->mm != current->mm".
> Should we check the same here for consistency? Or also change the
> check in prctl_enable_tagged_addr().
>
> arch_prctl() can only do task==current, so I guess "current != task"
> is a more reasonable check for prctl_enable_tagged_addr() as well.
As of now, prctl_enable_tagged_addr() doesn't have the task on hands. It
gets mm as input, so it cannot check the task directly. But functionally
it is the same check.
I would prefer to keep it this way. Unless anyone feels strongly about it.
--
Kiryl Shutsemau / Kirill A. Shutemov
On Mon, 3 Apr 2023 at 16:31, Kirill A. Shutemov <[email protected]> wrote:
>
> On Mon, Apr 03, 2023 at 03:55:09PM +0200, Dmitry Vyukov wrote:
> > On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
> > <[email protected]> wrote:
> > >
> > > arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> > > and SVA to co-exist in the process. It is expected by called by the
> > > process when it knows what it is doing.
> > >
> > > arch_prctl() operates on the current process, but the same code is
> > > reachable from ptrace where it can be called on arbitrary task.
> > >
> > > Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> > > current process.
> > >
> > > Signed-off-by: Kirill A. Shutemov <[email protected]>
> > > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > > Suggested-by: Dmitry Vyukov <[email protected]>
> > > ---
> > > arch/x86/kernel/process_64.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> > > index c7dfd727c9ec..cefac2d3a9f6 100644
> > > --- a/arch/x86/kernel/process_64.c
> > > +++ b/arch/x86/kernel/process_64.c
> > > @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> > > case ARCH_ENABLE_TAGGED_ADDR:
> > > return prctl_enable_tagged_addr(task->mm, arg2);
> > > case ARCH_FORCE_TAGGED_SVA:
> > > + if (current != task)
> > > + return -EINVAL;
> >
> > prctl_enable_tagged_addr() checks "task->mm != current->mm".
> > Should we check the same here for consistency? Or also change the
> > check in prctl_enable_tagged_addr().
> >
> > arch_prctl() can only do task==current, so I guess "current != task"
> > is a more reasonable check for prctl_enable_tagged_addr() as well.
>
> As of now, prctl_enable_tagged_addr() doesn't have the task on hands. It
> gets mm as input, so it cannot check the task directly. But functionally
> it is the same check.
>
> I would prefer to keep it this way. Unless anyone feels strongly about it.
Fine with me.
Reviewed-by: Dmitry Vyukov <[email protected]>
On 4/3/23 04:10, Kirill A. Shutemov wrote:
> Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> SVA is already in use.
>
> Correct error code for the failure. EINTR is nonsensical there.
>
> Signed-off-by: Kirill A. Shutemov <[email protected]>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Reported-by: Dmitry Vyukov <[email protected]>
Hi Kirill,
These look fine. But in the future, Link:'s for Reported-by's would be
very appreciated if the discussion happened in public.
On Thu, Apr 06, 2023 at 08:31:40AM -0700, Dave Hansen wrote:
> On 4/3/23 04:10, Kirill A. Shutemov wrote:
> > Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> > SVA is already in use.
> >
> > Correct error code for the failure. EINTR is nonsensical there.
> >
> > Signed-off-by: Kirill A. Shutemov <[email protected]>
> > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > Reported-by: Dmitry Vyukov <[email protected]>
>
> Hi Kirill,
>
> These look fine. But in the future, Link:'s for Reported-by's would be
> very appreciated if the discussion happened in public.
Got it.
For this one it is:
Link: https://lore.kernel.org/all/CACT4Y+YfqSMsZArhh25TESmG-U4jO5Hjphz87wKSnTiaw2Wrfw@mail.gmail.com
--
Kiryl Shutsemau / Kirill A. Shutemov