From patchwork Fri Nov 11 21:58:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 19019 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp989186wru; Fri, 11 Nov 2022 14:07:54 -0800 (PST) X-Google-Smtp-Source: AA0mqf6Yf+oMcUzdgKRdy9kFAejFzMUtB5FQ1ho3uIR+bwDRyo7WjJmu3p6z6Yh8DBc0vFcgrMli X-Received: by 2002:a17:90a:fa11:b0:212:6a0b:7d55 with SMTP id cm17-20020a17090afa1100b002126a0b7d55mr3941736pjb.16.1668204474209; Fri, 11 Nov 2022 14:07:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668204474; cv=none; d=google.com; s=arc-20160816; b=dK9XDQAf5QTH1URmtyDIloTQzm/Y+3ybGBQRH0QiOoWOiYOiLuEwtc3z34oMmX0DHJ GAUbVOAMKI+JPAPFmLISpIxYkV7G4mdoYdhwJ3Qv6JL7oOqJnfO+avlSRo3S50yIyi8X ksuBCrOcdDglBgxJIJT2oH9cRGx/uZiQFJ2tIPBejRCk8r9W9s3wJsm8fwKEk5L2UBw1 CVOja8J7iRmgiI8jYk+MqNUNgMGarXVriwuJPssdjncgtG0WGi9A3CvFsuejwtRQqkoI 4Ulq/rsbNj5JBs32wbrrwv2tuDrYI7regnQupylolG1kWiuolAQ+zGqoA2e69DK98EZ8 9aDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=TswilBXU7Oy2dZWbDT8QS/k6DwfBrI6z7NIJB3tf5LE=; b=VE23BC2jneDm26UkbG8KDCPd4BkfkL+l6tlt4Y1ZToEyPQrnzLKilXChqN5x/Jx6bU va+ietT/Vvi8YfWiqo4ccAZkkU+QBv5FNH5RZtLMSnZHbwwaDZ7daz6kEMzsBXVh20O6 S9sZZVo0D6qxyxAflZBFVW8JuzuykT1EbcoI2CnB7vTIIempDCj5APEUOnr96c5wy/9l OsbbM4/Ht7GAUOYCtgyTkfFGmcjaCISuP++QXWDflD2k39CP48EO7dEBwpvKZL5tP2zE AgBWMR/xwnn20oiMXZnxI+WU9WSJ7ceNZSPHvJzqyWoRa+UDwnEWTKNfBsBPQHaSQUHl smuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=nAN2yu3s; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 97-20020a17090a09ea00b00213d28acc5esi3657834pjo.73.2022.11.11.14.07.40; Fri, 11 Nov 2022 14:07:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=nAN2yu3s; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234271AbiKKV7M (ORCPT + 99 others); Fri, 11 Nov 2022 16:59:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234027AbiKKV6j (ORCPT ); Fri, 11 Nov 2022 16:58:39 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5093AE0FE; Fri, 11 Nov 2022 13:58:32 -0800 (PST) Date: Fri, 11 Nov 2022 21:58:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1668203911; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TswilBXU7Oy2dZWbDT8QS/k6DwfBrI6z7NIJB3tf5LE=; b=nAN2yu3sIlFigIfN0mcq6rpB7d6KyiBWOQkU5medLVyb3R/WepcD1/7HALAdKnL7XSst+I LXE9tTTRFFauFW04iLgqUnZsaC+8gAz7nzdAHokJhmCiRQxmmuKdfpN0C2pobEEZWLF8JD /3yhXkPWhN0n6G7Qf7TPVRtMh2lLyXHwZsj3PUWA+40N6FUaTj3/Y6E/U0OdI/E9zxWkfR tuFkA2+t6aXBDYZHwcVSDq/zAYAAsMydQtAfjZl5jDcvnoFiYYJ/1cQ+WFvJVPQm9uD3cN tmdQa3EdpbDi/uDNHz4EJp1S0pQ/LBgYsFriHAlRv3BPqG/SMoO3MiPtI6y7XA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1668203911; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TswilBXU7Oy2dZWbDT8QS/k6DwfBrI6z7NIJB3tf5LE=; b=7qj5LszF/Ho1YcA358+VyPszIVrx6cwH1OmTe2E7ceGguYWTIb2pzTnpQ4KOrEGcjcE+QW wHv+wHGrASp63nDA== From: "tip-bot2 for Kirill A. Shutemov" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/mm] KVM: Serialize tagged address check against tagging enabling Cc: Rick Edgecombe , "Kirill A. Shutemov" , Dave Hansen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <166820390975.4906.6851822769298607595.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749239174531697096?= X-GMAIL-MSGID: =?utf-8?q?1749239174531697096?= The following commit has been merged into the x86/mm branch of tip: Commit-ID: 9e4ce48087db09c0788a02fb2fd19f24c7f81529 Gitweb: https://git.kernel.org/tip/9e4ce48087db09c0788a02fb2fd19f24c7f81529 Author: Kirill A. Shutemov AuthorDate: Wed, 09 Nov 2022 19:51:30 +03:00 Committer: Dave Hansen CommitterDate: Fri, 11 Nov 2022 13:28:07 -08:00 KVM: Serialize tagged address check against tagging enabling KVM forbids usage of tagged userspace addresses for memslots. It is done by checking if the address stays the same after untagging. It is works fine for ARM TBI, but it the check gets racy for LAM. TBI enabling happens per-thread, so nobody can enable tagging for the thread while the memslot gets added. LAM gets enabled per-process. If it gets enabled after the untagged_addr() check, but before access_ok() check the kernel can wrongly allow tagged userspace_addr. Use mmap lock to protect against parallel LAM enabling. Reported-by: Rick Edgecombe Signed-off-by: Kirill A. Shutemov Signed-off-by: Dave Hansen Link: https://lore.kernel.org/all/20221109165140.9137-7-kirill.shutemov%40linux.intel.com --- virt/kvm/kvm_main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d213990..8399aae 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1943,12 +1943,22 @@ int __kvm_set_memory_region(struct kvm *kvm, return -EINVAL; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) return -EINVAL; + + /* Serialize against tagging enabling */ + if (mmap_read_lock_killable(kvm->mm)) + return -EINTR; + /* We can read the guest memory with __xxx_user() later on. */ if ((mem->userspace_addr & (PAGE_SIZE - 1)) || (mem->userspace_addr != untagged_addr(kvm->mm, mem->userspace_addr)) || !access_ok((void __user *)(unsigned long)mem->userspace_addr, - mem->memory_size)) + mem->memory_size)) { + mmap_read_unlock(kvm->mm); return -EINVAL; + } + + mmap_read_unlock(kvm->mm); + if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_MEM_SLOTS_NUM) return -EINVAL; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)