Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1771479pxb; Thu, 4 Nov 2021 08:10:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTKzplscHXZ9P2E9BRwkZ5LkACfq2TWDd0U7gsBnwr+AoKKyZczh3E/BbWanFWsFO4iwEZ X-Received: by 2002:a5d:81c7:: with SMTP id t7mr38533697iol.65.1636038631505; Thu, 04 Nov 2021 08:10:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636038631; cv=none; d=google.com; s=arc-20160816; b=usQfjOuNhm5b/N+T84DGWfBUEU+khqHY2jdnt4D8qqs+vtZ4WkQg1MgEAfeBcCUoig 5h7xTqRFwe+p+HHTh/Fy887kLLxqUlBQTRArw46jIVQUKUijABgLNfl/w1J+DAqtgm+y i0LYimZ6fY/mw9OGfc7YzMUhuRs41xSs3KdmfX3zqMJpVdpQkIAaZBDBDq1ZpWmHZC3X MGGgx1IKl95Dt4Msw29KqzJFxISzr1CFtPBHlB5bwfDt0tkool/K4xWoLBZDoyZ8K+7N +kk/nUR5bY9+X8oXvS5CqOjztbgEhScAe1C0j5i8uJNq7s+lyNZeKjaTvjmtZO3wXR7s AzNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :to:subject; bh=KRPWeOv5X7tBwDF9K0jE2iW1USgdwV9Om06P8LP2ewY=; b=Iy+obvCSXSwwLtnq+6/hBLdVfigLxAxd+lUMn/tv5sbjID13MJT2TnewJktNK5xEtN m1q6zDsuR6f+CL4dKeFppy6HFPN/xvXVmgcap1kIIFWiGXHdDrWbhi1jV8dz+OFlrZhB AGYxHvqc1i5YifKMxIoE68Rkyn3sIW/4vhU+yRFzy8DJo7En/5wJMF6EpJiQwvqkunvj Dowjskx+wFy/eACnkWjSgva2ufNLpaK0WGDfR/C/YBeufyxbmIyn1UonKDRNL8pzXcdB T83u2XCA8RvbrKNsXA7vNNDu26HElhKbLGq2BTzx9aXVTacdix9DAdpJuI93EnnzhQXw js5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w8si10378023ill.177.2021.11.04.08.09.57; Thu, 04 Nov 2021 08:10:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231295AbhKDPK2 (ORCPT + 99 others); Thu, 4 Nov 2021 11:10:28 -0400 Received: from foss.arm.com ([217.140.110.172]:48806 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229920AbhKDPK0 (ORCPT ); Thu, 4 Nov 2021 11:10:26 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7870C1FB; Thu, 4 Nov 2021 08:07:48 -0700 (PDT) Received: from [10.57.45.134] (unknown [10.57.45.134]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 30D773F7D7; Thu, 4 Nov 2021 08:07:47 -0700 (PDT) Subject: Re: [PATCH v1 2/4] coresight: etm4x: Don't use virtual contextID for non-root PID namespace To: Leo Yan , Mathieu Poirier , Mike Leach , Alexander Shishkin , James Clark , coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org References: <20211031144214.237879-1-leo.yan@linaro.org> <20211031144214.237879-3-leo.yan@linaro.org> From: Suzuki K Poulose Message-ID: <2cd79645-2f1f-1e59-1a26-5540aa7b6f3b@arm.com> Date: Thu, 4 Nov 2021 15:07:45 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20211031144214.237879-3-leo.yan@linaro.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Leo On 31/10/2021 14:42, Leo Yan wrote: > As commented in the function ctxid_pid_store(), it can cause the PID > values mismatching between context ID tracing and PID allocated in a > non-root namespace, and it can leak kernel information. > > For this reason, when a process runs in non-root PID namespace, the > driver doesn't allow contextID tracing and returns failure when access > contextID related sysfs nodes. > > VMID works for virtual contextID when the kernel runs in EL2 mode with > VHE; on the other hand, the driver doesn't prevent users from accessing > it when programs run in the non-root namespace. Thus this can lead > to same issues with contextID described above. > > This patch imposes the checking on VMID related sysfs knobs, it returns > failure if current process runs in non-root PID namespace. > > Signed-off-by: Leo Yan Patch looks good to me. Please see minor comment below. > --- > .../coresight/coresight-etm4x-sysfs.c | 28 +++++++++++++++++++ > 1 file changed, 28 insertions(+) > > diff --git a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c > index e4c8c44d04ef..e218281703b0 100644 > --- a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c > +++ b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c > @@ -2111,6 +2111,13 @@ static ssize_t vmid_val_show(struct device *dev, > struct etmv4_drvdata *drvdata = dev_get_drvdata(dev->parent); > struct etmv4_config *config = &drvdata->config; > > + /* > + * Don't use virtual contextID tracing if coming from a PID namespace. > + * See comment in ctxid_pid_store(). > + */ > + if (task_active_pid_ns(current) != &init_pid_ns) > + return -EINVAL; > + > spin_lock(&drvdata->spinlock); > val = (unsigned long)config->vmid_val[config->vmid_idx]; > spin_unlock(&drvdata->spinlock); > @@ -2125,6 +2132,13 @@ static ssize_t vmid_val_store(struct device *dev, > struct etmv4_drvdata *drvdata = dev_get_drvdata(dev->parent); > struct etmv4_config *config = &drvdata->config; > > + /* > + * Don't use virtual contextID tracing if coming from a PID namespace. > + * See comment in ctxid_pid_store(). > + */ > + if (task_active_pid_ns(current) != &init_pid_ns) Please could we add a helper function to make this obvious ? e.g: task_is_in_root_ns(task) ? Suzuki