Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp666689imm;
        Wed, 29 Aug 2018 09:08:56 -0700 (PDT)
X-Google-Smtp-Source: ANB0Vdaxna+xta9dQJUu+rFTuNGw0+KPHdgZxIVIWvqPiF4qoRXxZSIn7g+Q+4+ElbbF8XrXPTc0
X-Received: by 2002:a17:902:c85:: with SMTP id 5-v6mr6638644plt.141.1535558935969;
        Wed, 29 Aug 2018 09:08:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535558935; cv=none;
        d=google.com; s=arc-20160816;
        b=g1HyxZ6nPoEQoBOUgbuLNVFH5FvWNcP09VTQyXTMWlbt3PjMU0qqOmk8W06pz1H1iD
         3TJiHtZnDPdwP7kXdF7ueEo7jkdt4i3ZgNfLsr/8idXvJBRa9rdAFGiwakZgWCObsk4w
         5uRhFB3pcQmlUHBALw6nTCaUT5OPQfkfCtrjciFVTGXAulJ2SKMUfNCYDSwpfZprqa1O
         LoiyMKCk22WzQ00AmKt9MEoFpAbxakKP2tDrDgyYxrR4aZ7w6jRWikLe2M1P/wCKq9zE
         ObGafFW+gQrOfHZVSWiBnzEwLMvkVn5gkZW9fn5wmIEDn+cVr7iBY97UqmC/JAOU5OSP
         YeuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:in-reply-to:date
         :cc:to:from:subject:message-id:arc-authentication-results;
        bh=qk1vIHMhFGhbN9B5A8mARHmBS0OUnRqD+pQFq3R/rm4=;
        b=m2caWEbulW6GHdXK9yPJ2GE00Yoo97IvKTuGjUMpk+u4PtvvaPeKmQLqvsOfzD5Zv/
         4/zoJTOGVwmRd+YdeQTNgl27J8JhxOTbkRndIajcanwKYBLX/NqwoOGAKVBdAoY/UlSy
         q3MwuJEx4E8X1R5TR7n/zArQkumAX42fthaEUltdRsdEPzKqv8jQTcLcmloVfGCb7r/O
         tYhtsctp5icLlbUeCR18HWMrUUR5QgwAhtdnbTjtVWc/a+j0c9coWfxhIzzzmnPP/dgY
         KX9NK4AKw6SCii4/aIM3G8oueyIR30T0P7qFNnCXA5qwUsvVXaIYk/MYyjo/6hUTPfi1
         BUzA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c31-v6si3702820pgl.126.2018.08.29.09.08.25;
        Wed, 29 Aug 2018 09:08:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729168AbeH2UEd (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 29 Aug 2018 16:04:33 -0400
Received: from shelob.surriel.com ([96.67.55.147]:37510 "EHLO
        shelob.surriel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728976AbeH2UEd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Aug 2018 16:04:33 -0400
Received: from imladris.surriel.com ([96.67.55.152])
        by shelob.surriel.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
        (Exim 4.90_1)
        (envelope-from <riel@shelob.surriel.com>)
        id 1fv2zf-0000NW-6V; Wed, 29 Aug 2018 12:06:55 -0400
Message-ID: <9ff9dd41ff99560dcb3eb78f5835da67293f860c.camel@surriel.com>
Subject: Re: [PATCH v2] x86/nmi: Fix some races in NMI uaccess
From:   Rik van Riel <riel@surriel.com>
To:     Andy Lutomirski <luto@kernel.org>, x86@kernel.org,
        Nadav Amit <nadav.amit@gmail.com>
Cc:     Borislav Petkov <bp@alien8.de>, Jann Horn <jannh@google.com>,
        LKML <linux-kernel@vger.kernel.org>, stable@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>
Date:   Wed, 29 Aug 2018 12:06:54 -0400
In-Reply-To: <dd956eba16646fd0b15c3c0741269dfd84452dac.1535557289.git.luto@kernel.org>
References: <dd956eba16646fd0b15c3c0741269dfd84452dac.1535557289.git.luto@kernel.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
        protocol="application/pgp-signature"; boundary="=-nStG//HEP214a3gQ/inZ"
X-Mailer: Evolution 3.28.5 (3.28.5-1.fc28) 
Mime-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--=-nStG//HEP214a3gQ/inZ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2018-08-29 at 08:47 -0700, Andy Lutomirski wrote:
> In NMI context, we might be in the middle of context switching or in
> the middle of switch_mm_irqs_off().  In either case, CR3 might not
> match current->mm, which could cause copy_from_user_nmi() and
> friends to read the wrong memory.
>=20
> Fix it by adding a new nmi_uaccess_okay() helper and checking it in
> copy_from_user_nmi() and in __copy_from_user_nmi()'s callers.
>=20
> Cc: stable@vger.kernel.org
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Nadav Amit <nadav.amit@gmail.com>
> Signed-off-by: Andy Lutomirski <luto@kernel.org>

Reviewed-by: Rik van Riel <riel@surriel.com>

--=20
All Rights Reversed.

--=-nStG//HEP214a3gQ/inZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEKR73pCCtJ5Xj3yADznnekoTE3oMFAluGxJ4ACgkQznnekoTE
3oPRawf9FDAGQGrXHrkWkB7dhuU6VpIDXvowhfrrWtLk2Yt69cm2XZuDetCVCbAE
plSadIuGuaRm4E0IJXlBQNNRpY+kFNYtOzdklt5yEKe0eB4g5+pcQmYuGgBJu+Xh
/si8oPUD52Yp8+J2pmEDdQUlCa3jR7an7LRO4rE7gsg007HZ6YbA4l3FJE31gkWm
XRkDaHZZ15oKxxscycUWiwnWC8zFTYDViHZgjnDlsXuOd3ZpNd61dP+5DscqkPh/
coTdliPzSSq8/N1+mZJbFPLny0ksMiw0YHpunNGdHWNwdSxqpXhW8UKMFLK1QBGB
gSdXff0o3K6tfXO2BPOGIRCO0P2lGg==
=ZCwn
-----END PGP SIGNATURE-----

--=-nStG//HEP214a3gQ/inZ--