From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Dan Williams <dan.j.williams@intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jane Chu <jane.chu@oracle.com>,
"Aneesh Kumar K . V" <aneesh.kumar@linux.ibm.com>,
Sean Christopherson <seanjc@google.com>,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
Mike Rapoport <rppt@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
linux-mm@kvack.org, Borislav Petkov <bp@alien8.de>,
x86@kernel.org
Subject: Re: [RFC 1/2] x86/mm/cpa: always fail when user address is passed
Date: Mon, 20 Jun 2022 17:08:24 +0900 [thread overview]
Message-ID: <YrAq+LU0+Z/iMRDD@hyeyoo> (raw)
In-Reply-To: <1d6cfffd-582b-b3fa-75b2-5bf21519071b@intel.com>
On Thu, Jun 16, 2022 at 07:20:09AM -0700, Dave Hansen wrote:
> On 6/16/22 01:49, Hyeonggon Yoo wrote:
> > On Tue, Jun 14, 2022 at 11:31:48AM -0700, Dave Hansen wrote:
> >> On 6/13/22 23:39, Hyeonggon Yoo wrote:
> >>> @@ -1514,6 +1515,11 @@ static int __change_page_attr(struct cpa_data *cpa, int primary)
> >>> pte_t *kpte, old_pte;
> >>>
> >>> address = __cpa_addr(cpa, cpa->curpage);
> >>> +
> >>> + if (WARN((IS_ENABLED(CONFIG_EFI) ? cpa->pgd != efi_mm.pgd : true)
> >>> + && address <= TASK_SIZE_MAX,
> >>> + KERN_WARNING "CPA: Got a user address"))
> >>> + return -EINVAL;
> >>
> >> I was expecting this to actually go after _PAGE_USER, not necessarily
> >> userspace addresses themselves.
> >
> > userspace ptes may not have _PAGE_USER set. (e.g. swap entry)
> > I think it's more accurate to go after user addresses.
>
> It would, of course, have to be paired with _PAGE_PRESENT checks. This
> works both on the way in and out of the set_memory code. It shouldn't
> clear other bits a PTE with _PAGE_PRESENT|_PAGE_USER and
You mean nothing should not use set_memory code for PTEs with
_PAGE_USER|_PAGE_PRESENT but set_memory can still be used to clear
_PAGE_USER|_PAGE_PRESENT?
Can't we just simply deny any PTE/PMDs with _PAGE_PRESENT|_PAGE_USER?
> also shouldn't
> *result* in _PAGE_USER|_PAGE_PRESENT PTEs, even if those PTEs are in the
> kernel address space.
Makes sense.
> Filtering on the addresses also makes sense.
>
> >> What does and should happen with the VDSO, for instance? It's a
> >> _PAGE_USER mapping, but it's >TASK_SIZE.
> >
> > you mean vsyscall? AFAIK address of mapped vDSO image is < TASK_SIZE.
> > (or please tell me I'm wrong)
>
> You're right. That was a silly thinko.
>
> >> Should set_page_attr() work on it?
> >
> > vsyscall does not need CPA functionalities.
> > So I don't think it (__change_page_attr()) should work on vsyscall.
>
> Agreed.
--
Thanks,
Hyeonggon
next prev parent reply other threads:[~2022-06-20 8:08 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-14 6:39 [RFC 0/2] CPA improvements Hyeonggon Yoo
2022-06-14 6:39 ` [RFC 1/2] x86/mm/cpa: always fail when user address is passed Hyeonggon Yoo
2022-06-14 17:52 ` Edgecombe, Rick P
2022-06-15 3:26 ` Hyeonggon Yoo
2022-06-15 18:17 ` Edgecombe, Rick P
2022-06-14 18:31 ` Dave Hansen
2022-06-16 8:49 ` Hyeonggon Yoo
2022-06-16 14:20 ` Dave Hansen
2022-06-20 8:08 ` Hyeonggon Yoo [this message]
2022-07-07 20:24 ` Dave Hansen
2022-06-15 13:11 ` Christoph Hellwig
2022-06-16 8:51 ` Hyeonggon Yoo
2022-06-14 6:39 ` [RFC 2/2] x86/mm/cpa: drop pgprot_clear_protnone_bits() Hyeonggon Yoo
2022-06-14 6:53 ` Hyeonggon Yoo
2022-06-14 18:23 ` Edgecombe, Rick P
2022-06-15 3:47 ` Hyeonggon Yoo
2022-06-15 18:18 ` Edgecombe, Rick P
2022-06-19 12:20 ` Hyeonggon Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YrAq+LU0+Z/iMRDD@hyeyoo \
--to=42.hyeyoo@gmail.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=aneesh.kumar@linux.ibm.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jane.chu@oracle.com \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox