From patchwork Fri Sep 30 14:47:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 12995566 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C847DC433FE for ; Fri, 30 Sep 2022 14:48:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1EAEC6B0074; Fri, 30 Sep 2022 10:48:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0D5976B0075; Fri, 30 Sep 2022 10:48:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB70B6B0078; Fri, 30 Sep 2022 10:48:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id DDE8A6B0074 for ; Fri, 30 Sep 2022 10:48:20 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B68891A065C for ; Fri, 30 Sep 2022 14:48:20 +0000 (UTC) X-FDA: 79969032360.25.8D06B82 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by imf07.hostedemail.com (Postfix) with ESMTP id 3631340017 for ; Fri, 30 Sep 2022 14:48:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664549300; x=1696085300; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=SFh0GJTyJWNp3y0moE5EY5JgImk4r4/0PgKi36Vpy/Q=; b=nGgVMCvGv2URuTZA6cxtmc7rGwr4o/ZjGWh2Pyo37W79LyGECfvo1XNh TAMy19EC8y3N6kHnFYhL+tNjTDSxJHN4HjzYr2VWuOHTx1gkcl4/z3ufB n9nGS9Lff+I7m4uHFhdMEuRntGli3ahhKzGMAq3VJfXJNSi7Bl1z+gpv9 k5VPd8xVdcqAik7FaElvO1eqa2ff4Ue3iq6Uro62b1a3Fb5qcwX2yVhkE pg+OL1NscQmWw/OuqkRQRsFiTQXlF+XCmDyvUl/u3q+Wze6dcmLCAMIdp 5BhZBvwmsC6yLKSragYK5sxvlZPZDMgiOl42RXFnL+LzBIbN0ioarUi5X A==; X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="299808867" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="299808867" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 07:48:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="653563762" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="653563762" Received: from herrerop-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.38.128]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 07:48:11 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 639C4104D60; Fri, 30 Sep 2022 17:48:02 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Andy Lutomirski , Peter Zijlstra Cc: x86@kernel.org, Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Bharata B Rao , Jacob Pan , Ashok Raj , linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Marc Zyngier Subject: [PATCHv9 06/14] KVM: Serialize tagged address check against tagging enabling Date: Fri, 30 Sep 2022 17:47:50 +0300 Message-Id: <20220930144758.30232-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220930144758.30232-1-kirill.shutemov@linux.intel.com> References: <20220930144758.30232-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1664549300; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6vW8b7PUV0t+gmPTEiAl8caRpqryHDJQ8qjGI6ixMo8=; b=WWG5iQZENe0fNuupaW/r9C6f7XhlhsyXtg5Y+RfwTNWYb+w6qbeFZZHLCe6qoe+Dk6GbUk j+YgN/SmlA33wmY+zFMm5EVyzJvdBQjJiuBK18GPFTkfmJ5neNxXSEKhsOu2EInQht9jK7 I75ACOtK4xnWmaQ6HNIPkIce8uRFo94= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=nGgVMCvG; spf=none (imf07.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.93) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664549300; a=rsa-sha256; cv=none; b=liafJ/I+ZtbOyNSLyCSQwBwOnscngvIbZKdv67M3koxf7nbBA5eVtiVyMRXnASLdTGVTZb rwQu5uuPB4Q+NVlqsv+YaWJ+O1IG9UrVFbQKhPxsseYzhcp9gn+rUiKFYR59BEHIpIzMbC IJF5Yd6Rxjf8+qw3OUmZnvSdjHKzZW4= Authentication-Results: imf07.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=nGgVMCvG; spf=none (imf07.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.93) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none) X-Rspam-User: X-Stat-Signature: 6wkcmnz7aqiypyoo57h6wafwqi133dsc X-Rspamd-Queue-Id: 3631340017 X-Rspamd-Server: rspam08 X-HE-Tag: 1664549299-324380 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: KVM forbids usage of tagged userspace addresses for memslots. It is done by checking if the address stays the same after untagging. It is works fine for ARM TBI, but it the check gets racy for LAM. TBI enabling happens per-thread, so nobody can enable tagging for the thread while the memslot gets added. LAM gets enabled per-process. If it gets enabled after the untagged_addr() check, but before access_ok() check the kernel can wrongly allow tagged userspace_addr. Use mmap lock to protect against parallel LAM enabling. Signed-off-by: Kirill A. Shutemov Reported-by: Rick Edgecombe Cc: Marc Zyngier --- virt/kvm/kvm_main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d2239aa85cf5..858c3e870ebc 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1941,12 +1941,22 @@ int __kvm_set_memory_region(struct kvm *kvm, return -EINVAL; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) return -EINVAL; + + /* Serialize against tagging enabling */ + if (mmap_read_lock_killable(kvm->mm)) + return -EINTR; + /* We can read the guest memory with __xxx_user() later on. */ if ((mem->userspace_addr & (PAGE_SIZE - 1)) || (mem->userspace_addr != untagged_addr(kvm->mm, mem->userspace_addr)) || !access_ok((void __user *)(unsigned long)mem->userspace_addr, - mem->memory_size)) + mem->memory_size)) { + mmap_read_unlock(kvm->mm); return -EINVAL; + } + + mmap_read_unlock(kvm->mm); + if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_MEM_SLOTS_NUM) return -EINVAL; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)