From patchwork Tue Oct 18 11:33:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 13010294 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D2ABC43219 for ; Tue, 18 Oct 2022 11:34:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C75238E0001; Tue, 18 Oct 2022 07:34:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AE7B08E0007; Tue, 18 Oct 2022 07:34:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 766B48E0001; Tue, 18 Oct 2022 07:34:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 505E28E0001 for ; Tue, 18 Oct 2022 07:34:21 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 05E1C14115C for ; Tue, 18 Oct 2022 11:34:21 +0000 (UTC) X-FDA: 80033861922.07.888D7E3 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by imf06.hostedemail.com (Postfix) with ESMTP id 7B0B0180033 for ; Tue, 18 Oct 2022 11:34:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666092860; x=1697628860; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=kLvyVSLWSQb+POxDNMInSWdsGrXEv5cSfT1ANJOQpLA=; b=dKorDDnI4r5z++X7my6pRK9hy1NEzES8SOgR13xJNR5iG90wSF6ikt3N 01ZaYlAXb19TPuC/27WVLMiR+PGy1vUavQ2U7IEA/EJfE8ycznVysk4ns Dz2dXXyhMCZqNM7ImStxHgCrE6zhaBd161l37TKOk6sJtKtmawoR+F9PX LaB6gOIlAi+Qf9rmwAlGlIcZnonQKq81RNo/RUlBW0fcEaQsmdOm6LyOk sHpkz8hJll4VrURqgGRbhq/S68sz9MVnmUBVBC19evcrjadf5QGWN5SsC XXjx5Jofok7HZMSWxgFZQYy4eHf6kYN/rc58n3fBXWGC40u8ukFyAB2mn g==; X-IronPort-AV: E=McAfee;i="6500,9779,10503"; a="293445875" X-IronPort-AV: E=Sophos;i="5.95,193,1661842800"; d="scan'208";a="293445875" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Oct 2022 04:34:18 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10503"; a="661861181" X-IronPort-AV: E=Sophos;i="5.95,193,1661842800"; d="scan'208";a="661861181" Received: from vhavel-mobl.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.51.115]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Oct 2022 04:34:13 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 3000D104716; Tue, 18 Oct 2022 14:34:04 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Andy Lutomirski , Peter Zijlstra Cc: x86@kernel.org, Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Bharata B Rao , Jacob Pan , Ashok Raj , linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" , Marc Zyngier Subject: [PATCHv10 06/15] KVM: Serialize tagged address check against tagging enabling Date: Tue, 18 Oct 2022 14:33:49 +0300 Message-Id: <20221018113358.7833-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221018113358.7833-1-kirill.shutemov@linux.intel.com> References: <20221018113358.7833-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666092860; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/oO7gDFSCqJwvHDXoFqlm+XodfhyUhtj9wWrRX+3h+8=; b=PUcsLZPNyxwBUvJoVyRVeNJmIFHu3U1n6ipSU2IZ7tjP760mP4HOGCkZgUr2sdo+NN6Fu8 ictuGu6k/8U0VLH+KIsnprsexE/j1kwiFD/nKY+sSpbBhMJE76veaH1ruwrFb9FX4vE86O vuI8okJj9IuOaW+wHJpg+ScoaNcxHBA= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=dKorDDnI; spf=none (imf06.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.20) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666092860; a=rsa-sha256; cv=none; b=FD0DW/2N0/ED0cCrlMw33Hh16QwTb74jbi0dBpTxJoqMW8k2XQmXVFhAH8z6xDc4K6E40c XDvewI7O1AOpIlCxIXegbr9uOxyvma/+VtpMN9kHhHhquOCA92tp0Rzu3YEKPpRPySL4p0 GHC1Zn79bvpTXJfRzZjvc2NjR6eQrjI= Authentication-Results: imf06.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=dKorDDnI; spf=none (imf06.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.20) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none) X-Stat-Signature: ujdkf1iihwkqn4eosxci1o95mox5k8oc X-Rspamd-Queue-Id: 7B0B0180033 X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1666092860-773414 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: KVM forbids usage of tagged userspace addresses for memslots. It is done by checking if the address stays the same after untagging. It is works fine for ARM TBI, but it the check gets racy for LAM. TBI enabling happens per-thread, so nobody can enable tagging for the thread while the memslot gets added. LAM gets enabled per-process. If it gets enabled after the untagged_addr() check, but before access_ok() check the kernel can wrongly allow tagged userspace_addr. Use mmap lock to protect against parallel LAM enabling. Signed-off-by: Kirill A. Shutemov Reported-by: Rick Edgecombe Cc: Marc Zyngier --- virt/kvm/kvm_main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 8c86b06b35da..833742c21c91 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1943,12 +1943,22 @@ int __kvm_set_memory_region(struct kvm *kvm, return -EINVAL; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) return -EINVAL; + + /* Serialize against tagging enabling */ + if (mmap_read_lock_killable(kvm->mm)) + return -EINTR; + /* We can read the guest memory with __xxx_user() later on. */ if ((mem->userspace_addr & (PAGE_SIZE - 1)) || (mem->userspace_addr != untagged_addr(kvm->mm, mem->userspace_addr)) || !access_ok((void __user *)(unsigned long)mem->userspace_addr, - mem->memory_size)) + mem->memory_size)) { + mmap_read_unlock(kvm->mm); return -EINVAL; + } + + mmap_read_unlock(kvm->mm); + if (as_id >= KVM_ADDRESS_SPACE_NUM || id >= KVM_MEM_SLOTS_NUM) return -EINVAL; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr)