From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F543C4829E for ; Sun, 18 Feb 2024 10:08:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DCF4E6B0085; Sun, 18 Feb 2024 05:08:24 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D7F9F6B0088; Sun, 18 Feb 2024 05:08:24 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C20A46B0089; Sun, 18 Feb 2024 05:08:24 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id ABD896B0085 for ; Sun, 18 Feb 2024 05:08:24 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 4FE0E8012D for ; Sun, 18 Feb 2024 10:08:24 +0000 (UTC) X-FDA: 81804499728.08.B75C693 Received: from szxga07-in.huawei.com (szxga07-in.huawei.com [45.249.212.35]) by imf08.hostedemail.com (Postfix) with ESMTP id 4848316000C for ; Sun, 18 Feb 2024 10:08:20 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf08.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708250902; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b0vAkIh3LdqK3gxrvdCw+B1PKVOLviZCqdpTR3YyvI4=; b=a4yRmrj8lFj1BrhMFnCYQfrZ8+c3H+HGaBP7AQoSOH8W93T4vZwuDFIr1ySIjGnVREdW8+ FV9Mrp/j1GmFz8DWCSwJC5T7yieaxKSyk6twoDUtCYPdV/q/q9Fv/RiifDdaJN2i1quuBj BZzyxR/exwTKtfag+mJEYK1C5c0jQZQ= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf08.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.35 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708250902; a=rsa-sha256; cv=none; b=8fUVJ4eJzM17ka0FOSvw8NFceezhvaPPNh5Kkolqi3+tn7d4rJBSNGEwsBPlPPhvOrJHuy pLxUL1s4pz7CqP6YL0jqfyrLOYTLr/HnMti71G+6jXmqMzxt85jT56UyYhu/6/daPHn4Zl NKvHzNDNtu4/cais2ycWvE+5f66R5Rg= Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga07-in.huawei.com (SkyGuard) with ESMTP id 4Td1XL1yLyz1Q8sf; Sun, 18 Feb 2024 18:06:10 +0800 (CST) Received: from kwepemm600017.china.huawei.com (unknown [7.193.23.234]) by mail.maildlp.com (Postfix) with ESMTPS id C2A4B1A0172; Sun, 18 Feb 2024 18:08:16 +0800 (CST) Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Sun, 18 Feb 2024 18:08:15 +0800 Message-ID: <100198dd-320f-68e6-9c09-210620940a74@huawei.com> Date: Sun, 18 Feb 2024 18:08:14 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH -next v5 2/3] x86/mce: set MCE_IN_KERNEL_COPYIN for DEFAULT_MCE_SAFE exception To: Borislav Petkov CC: Thomas Gleixner , Ingo Molnar , , Dave Hansen , , "H. Peter Anvin" , Tony Luck , Andy Lutomirski , Peter Zijlstra , Andrew Morton , Naoya Horiguchi , , , , Guohanjun References: <20240204082627.3892816-1-tongtiangen@huawei.com> <20240204082627.3892816-3-tongtiangen@huawei.com> <20240207122942.GRZcN3tqWkV-WE-pak@fat_crate.local> From: Tong Tiangen In-Reply-To: <20240207122942.GRZcN3tqWkV-WE-pak@fat_crate.local> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To kwepemm600017.china.huawei.com (7.193.23.234) X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 4848316000C X-Stat-Signature: kegf8ouzeuxabqy5xx87kim9bn6pyqns X-Rspam-User: X-HE-Tag: 1708250900-654466 X-HE-Meta: U2FsdGVkX19vF/uhHfScdoRyYG3/DZK/SMfltYinuppwivaHH2u4jTy1Hubcqe+SZ2yWfjYnMCz0rqIXDzgLIvUkv1P8/Arcf3Zj3s1SWM8lk/UUaXIqSR1BcN/n9HQS/OYW3MA++PGmoeQwzTA7tiBOWJNHbl2ziQnLXX1uPIe3CPM9f4yqs+aE0WiJLuTFmJA1tsDR9iE8GBKDd5lp+EQRqXVIQYJ3aUMPZceOmQNYKPLknpl2q5opA5e1BPX49kWqU7Yao0GL8eXl1I0FDQZSfwF2zz2hTuQU5qrPMTpF5+Xe5MVHd/L4IH5+/tc1muzdmvjfeg0iDd/Q5hVq9uN22LadY+Ez0DpnnmhcxjjeHJN9p9T0n+/4ECxC3Mkxt1lnok6Vap0xmovDmGv2cF28eaHYmkiZQjqj87Gl5QkXJS3azJnlQ1rIcrRfcexioiIuY8ZaSbKUxv6nxMYqY/hGqgbqDBtraNtKCLoK5MuC7+K6agN5QzQ2b/67PqbDanc18kfvjf83w2xrhriKbgsNGxRreGVo1xXfo/lvtR3n01cZZC4iok0OjA/5+ZX+YuT9HXhmSzuGuGj3Xcd3/yCXjQ0vxa5QJGQKHmcssXmcIVSsG87Z8+Ak0YZwtDtM/hG+Ba2BprKpQFS33VIAojH/ECRt5buBZJBr7E1sYmUKmqkxkkOBNduEqWo4DUPdGGTCv6kPnPk+V2Ma/7beQA377+r2ONRNId6VzxuFyqYzGoSnHEMvioZEQzLMY+6iuSOZVHkJdm6R7mPY/P5oUEE826qoVkqY7e+BIVa3ejxZaQTEuvFIal/m78sUk/q1ty2Me8ItIpr07aaFXHPnFozrT+rb+5wk X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2024/2/7 20:29, Borislav Petkov 写道: > On Sun, Feb 04, 2024 at 04:26:26PM +0800, Tong Tiangen wrote: >> diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c >> index bca780fa5e57..b2cce1b6c96d 100644 >> --- a/arch/x86/kernel/cpu/mce/severity.c >> +++ b/arch/x86/kernel/cpu/mce/severity.c >> @@ -292,11 +292,11 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) >> case EX_TYPE_UACCESS: >> if (!copy_user) >> return IN_KERNEL; >> + fallthrough; >> + case EX_TYPE_DEFAULT_MCE_SAFE: >> m->kflags |= MCE_IN_KERNEL_COPYIN; >> fallthrough; > > I knew something was still bugging me here and this is still wrong. > > Let's imagine this flow: > > copy_mc_to_user() - note *src is kernel memory > |-> copy_mc_enhanced_fast_string or copy_mc_fragile - it's the same thing > |-> -#MC, exception type EX_TYPE_DEFAULT_MCE_SAFE > |-> error_context(): > case EX_TYPE_DEFAULT_MCE_SAFE: > m->kflags |= MCE_IN_KERNEL_COPYIN; > > MCE_IN_KERNEL_COPYIN does kill_me_never(): > > pr_err("Kernel accessed poison in user space at %llx\n", p->mce_addr); > > but that's reading from kernel memory! Hi: 1. The copy_mc_to_kernel() is used in the coredump, KSM, and COW scenarios, in these scenarios, the src mem stores the user data and the kernel use kernel address to access the src mem(using kmap()). 2. the src mem of copy_mc_to_user() is currently only used by the DAX: dax_iomap_iter() -> dax_copy_to_iter() -> _copy_mc_to_iter -> copy_to_user_iter_mc() -> copy_mc_to_user() DAX is also used to store user data,such as pmem,pmem uses the kernel address to access src mem(memremap_pages()): pmem_attach_disk() -> devm_memremap_pages() -> memremap_pages() 3. EX_TYPE_DEFAULT_MCE_SAFE is only used in copy_mc_to_user()/copy_mc_to_kernel()。 4. Therefore, for EX_TYPE_DEFAULT_MCE_SAFE, the memory page where the hardware error occurs stores user data, these page can be securely isolated. This is different from UACCESS, which can be securely isolated only COPYIN(the src mem is user data) is checked. Based on the above understanding, I think the original logic should be fine, except for the pr_err() in kill_me_never(). Thanks. Tong. > > IOW, I *think* that switch statement should be this: > > switch (fixup_type) { > case EX_TYPE_UACCESS: > case EX_TYPE_DEFAULT_MCE_SAFE: > if (!copy_user) > return IN_KERNEL; > > m->kflags |= MCE_IN_KERNEL_COPYIN; > fallthrough; > > case EX_TYPE_FAULT_MCE_SAFE: > m->kflags |= MCE_IN_KERNEL_RECOV; > return IN_KERNEL_RECOV; > > default: > return IN_KERNEL; > } > > Provided I'm not missing a case and provided is_copy_from_user() really > detects all cases properly. > > And then patch 3 is wrong because we only can handle "copy in" - not > just any copy. > > Thx. >