[PATCH 0/2] Couple of trivial fixes for LAM vs. SVA interaction

[PATCH 0/2] Couple of trivial fixes for LAM vs. SVA interaction

[Kirill A. Shutemov]

- Do not allow to set FORCE_TAGGED_SVA bit for other process;

- Use EINVAL instead of EINTR for LAM enabling failure due to SVA;

Kirill A. Shutemov (2):
  x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA
  x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from
    outside

 arch/x86/kernel/process_64.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

-- 
2.39.2

[PATCH 1/2] x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA

[Kirill A. Shutemov]

Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
SVA is already in use.

Correct error code for the failure. EINTR is nonsensical there.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
---
 arch/x86/kernel/process_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 74c7e84a94d8..c7dfd727c9ec 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -760,7 +760,7 @@ static int prctl_enable_tagged_addr(struct mm_struct *mm, unsigned long nr_bits)
 
 	if (mm_valid_pasid(mm) &&
 	    !test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
-		return -EINTR;
+		return -EINVAL;
 
 	if (mmap_write_lock_killable(mm))
 		return -EINTR;
-- 
2.39.2

[PATCH 2/2] x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from outside

[Kirill A. Shutemov]

arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
and SVA to co-exist in the process. It is expected by called by the
process when it knows what it is doing.

arch_prctl() operates on the current process, but the same code is
reachable from ptrace where it can be called on arbitrary task.

Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
current process.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
---
 arch/x86/kernel/process_64.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index c7dfd727c9ec..cefac2d3a9f6 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
 	case ARCH_ENABLE_TAGGED_ADDR:
 		return prctl_enable_tagged_addr(task->mm, arg2);
 	case ARCH_FORCE_TAGGED_SVA:
+		if (current != task)
+			return -EINVAL;
 		set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
 		return 0;
 	case ARCH_GET_MAX_TAG_BITS:
-- 
2.39.2

Re: [PATCH 2/2] x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from outside

[Dmitry Vyukov]

On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
<kirill.shutemov@linux.intel.com> wrote:
>
> arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> and SVA to co-exist in the process. It is expected by called by the
> process when it knows what it is doing.
>
> arch_prctl() operates on the current process, but the same code is
> reachable from ptrace where it can be called on arbitrary task.
>
> Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> current process.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Suggested-by: Dmitry Vyukov <dvyukov@google.com>
> ---
>  arch/x86/kernel/process_64.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index c7dfd727c9ec..cefac2d3a9f6 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
>         case ARCH_ENABLE_TAGGED_ADDR:
>                 return prctl_enable_tagged_addr(task->mm, arg2);
>         case ARCH_FORCE_TAGGED_SVA:
> +               if (current != task)
> +                       return -EINVAL;

prctl_enable_tagged_addr() checks "task->mm != current->mm".
Should we check the same here for consistency? Or also change the
check in prctl_enable_tagged_addr().

arch_prctl() can only do task==current, so I guess "current != task"
is a more reasonable check for prctl_enable_tagged_addr() as well.



>                 set_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &task->mm->context.flags);
>                 return 0;
>         case ARCH_GET_MAX_TAG_BITS:
> --
> 2.39.2
>

Re: [PATCH 1/2] x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA

[Dmitry Vyukov]

On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
<kirill.shutemov@linux.intel.com> wrote:
>
> Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> SVA is already in use.
>
> Correct error code for the failure. EINTR is nonsensical there.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Reported-by: Dmitry Vyukov <dvyukov@google.com>

Reviewed-by: Dmitry Vyukov <dvyukov@google.com>

> ---
>  arch/x86/kernel/process_64.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index 74c7e84a94d8..c7dfd727c9ec 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -760,7 +760,7 @@ static int prctl_enable_tagged_addr(struct mm_struct *mm, unsigned long nr_bits)
>
>         if (mm_valid_pasid(mm) &&
>             !test_bit(MM_CONTEXT_FORCE_TAGGED_SVA, &mm->context.flags))
> -               return -EINTR;
> +               return -EINVAL;
>
>         if (mmap_write_lock_killable(mm))
>                 return -EINTR;
> --
> 2.39.2
>

Re: [PATCH 2/2] x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from outside

[Kirill A. Shutemov]

On Mon, Apr 03, 2023 at 03:55:09PM +0200, Dmitry Vyukov wrote:
> On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
> <kirill.shutemov@linux.intel.com> wrote:
> >
> > arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> > and SVA to co-exist in the process. It is expected by called by the
> > process when it knows what it is doing.
> >
> > arch_prctl() operates on the current process, but the same code is
> > reachable from ptrace where it can be called on arbitrary task.
> >
> > Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> > current process.
> >
> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > Suggested-by: Dmitry Vyukov <dvyukov@google.com>
> > ---
> >  arch/x86/kernel/process_64.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> > index c7dfd727c9ec..cefac2d3a9f6 100644
> > --- a/arch/x86/kernel/process_64.c
> > +++ b/arch/x86/kernel/process_64.c
> > @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> >         case ARCH_ENABLE_TAGGED_ADDR:
> >                 return prctl_enable_tagged_addr(task->mm, arg2);
> >         case ARCH_FORCE_TAGGED_SVA:
> > +               if (current != task)
> > +                       return -EINVAL;
> 
> prctl_enable_tagged_addr() checks "task->mm != current->mm".
> Should we check the same here for consistency? Or also change the
> check in prctl_enable_tagged_addr().
> 
> arch_prctl() can only do task==current, so I guess "current != task"
> is a more reasonable check for prctl_enable_tagged_addr() as well.

As of now, prctl_enable_tagged_addr() doesn't have the task on hands. It
gets mm as input, so it cannot check the task directly. But functionally
it is the same check.

I would prefer to keep it this way. Unless anyone feels strongly about it.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Re: [PATCH 2/2] x86/mm/iommu/sva: Do not allow to set FORCE_TAGGED_SVA bit from outside

[Dmitry Vyukov]

On Mon, 3 Apr 2023 at 16:31, Kirill A. Shutemov <kirill@shutemov.name> wrote:
>
> On Mon, Apr 03, 2023 at 03:55:09PM +0200, Dmitry Vyukov wrote:
> > On Mon, 3 Apr 2023 at 13:10, Kirill A. Shutemov
> > <kirill.shutemov@linux.intel.com> wrote:
> > >
> > > arch_prctl(ARCH_FORCE_TAGGED_SVA) overrides the default and allows LAM
> > > and SVA to co-exist in the process. It is expected by called by the
> > > process when it knows what it is doing.
> > >
> > > arch_prctl() operates on the current process, but the same code is
> > > reachable from ptrace where it can be called on arbitrary task.
> > >
> > > Make it strict and only allow to set MM_CONTEXT_FORCE_TAGGED_SVA for the
> > > current process.
> > >
> > > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> > > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > > Suggested-by: Dmitry Vyukov <dvyukov@google.com>
> > > ---
> > >  arch/x86/kernel/process_64.c | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> > > index c7dfd727c9ec..cefac2d3a9f6 100644
> > > --- a/arch/x86/kernel/process_64.c
> > > +++ b/arch/x86/kernel/process_64.c
> > > @@ -885,6 +885,8 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
> > >         case ARCH_ENABLE_TAGGED_ADDR:
> > >                 return prctl_enable_tagged_addr(task->mm, arg2);
> > >         case ARCH_FORCE_TAGGED_SVA:
> > > +               if (current != task)
> > > +                       return -EINVAL;
> >
> > prctl_enable_tagged_addr() checks "task->mm != current->mm".
> > Should we check the same here for consistency? Or also change the
> > check in prctl_enable_tagged_addr().
> >
> > arch_prctl() can only do task==current, so I guess "current != task"
> > is a more reasonable check for prctl_enable_tagged_addr() as well.
>
> As of now, prctl_enable_tagged_addr() doesn't have the task on hands. It
> gets mm as input, so it cannot check the task directly. But functionally
> it is the same check.
>
> I would prefer to keep it this way. Unless anyone feels strongly about it.

Fine with me.

Reviewed-by: Dmitry Vyukov <dvyukov@google.com>

Re: [PATCH 1/2] x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA

[Dave Hansen]

On 4/3/23 04:10, Kirill A. Shutemov wrote:
> Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> SVA is already in use.
> 
> Correct error code for the failure. EINTR is nonsensical there.
> 
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> Reported-by: Dmitry Vyukov <dvyukov@google.com>

Hi Kirill,

These look fine. But in the future, Link:'s for Reported-by's would be
very appreciated if the discussion happened in public.

Re: [PATCH 1/2] x86/mm/iommu/sva: Fix error code for LAM enabling failure due to SVA

[Kirill A. Shutemov]

On Thu, Apr 06, 2023 at 08:31:40AM -0700, Dave Hansen wrote:
> On 4/3/23 04:10, Kirill A. Shutemov wrote:
> > Normally, LAM and SVA are mutually exclusive. LAM enabling will fail if
> > SVA is already in use.
> > 
> > Correct error code for the failure. EINTR is nonsensical there.
> > 
> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> > Fixes: 23e5d9ec2bab ("x86/mm/iommu/sva: Make LAM and SVA mutually exclusive")
> > Reported-by: Dmitry Vyukov <dvyukov@google.com>
> 
> Hi Kirill,
> 
> These look fine. But in the future, Link:'s for Reported-by's would be
> very appreciated if the discussion happened in public.

Got it.

For this one it is:

Link: https://lore.kernel.org/all/CACT4Y+YfqSMsZArhh25TESmG-U4jO5Hjphz87wKSnTiaw2Wrfw@mail.gmail.com

-- 
  Kiryl Shutsemau / Kirill A. Shutemov