diff options
| author | Haren Myneni <haren@linux.ibm.com> | 2020-04-15 23:08:11 -0700 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2020-04-20 16:53:01 +1000 |
| commit | c420644c0a8f8839ca7269acbb8a3fc7fe1ec97d (patch) | |
| tree | 36c507a971a43af80e3a70537cd9ae3f75922edf /arch/powerpc/platforms | |
| parent | 1d955f981895464d8f112179a20bfdb92e6c63d4 (diff) | |
powerpc: Use mm_context vas_windows counter to issue CP_ABORT
set_thread_uses_vas() sets used_vas flag for a process that opened VAS
window and issue CP_ABORT during context switch for only that process.
In multi-thread application, windows can be shared. For example Thread
A can open a window and Thread B can run COPY/PASTE instructions to
send NX request which may cause corruption or snooping or a covert
channel Also once this flag is set, continue to run CP_ABORT even the
VAS window is closed.
So define vas-windows counter in process mm_context, increment this
counter for each window open and decrement it for window close. If
vas-windows is set, issue CP_ABORT during context switch. It means
clear the foreign real address mapping only if the process / thread
uses COPY/PASTE. Then disable it for that process if windows are not
open.
Moved set_thread_uses_vas() code to vas_tx_win_open() as this
functionality is needed only for userspace open windows. We are adding
VAS userspace support along with this fix. So no need to include this
fix in stable releases.
Fixes: 9d2a4d71332c ("powerpc: Define set_thread_uses_vas()")
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Reported-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Milton Miller <miltonm@us.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1587017291.2275.1077.camel@hbabu-laptop
Diffstat (limited to 'arch/powerpc/platforms')
| -rw-r--r-- | arch/powerpc/platforms/powernv/vas-window.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c index e15b40596746..d62787f502c9 100644 --- a/arch/powerpc/platforms/powernv/vas-window.c +++ b/arch/powerpc/platforms/powernv/vas-window.c @@ -1058,13 +1058,6 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, rc = -ENODEV; goto free_window; } - /* - * A user mapping must ensure that context switch issues - * CP_ABORT for this thread. - */ - rc = set_thread_uses_vas(); - if (rc) - goto free_window; /* * Window opened by a child thread may not be closed when @@ -1090,7 +1083,7 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, mmgrab(txwin->mm); mmput(txwin->mm); - mm_context_add_copro(txwin->mm); + mm_context_add_vas_window(txwin->mm); /* * Process closes window during exit. In the case of * multithread application, the child thread can open @@ -1099,6 +1092,17 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, * to take pid reference for parent thread. */ txwin->tgid = find_get_pid(task_tgid_vnr(current)); + /* + * Even a process that has no foreign real address mapping can + * use an unpaired COPY instruction (to no real effect). Issue + * CP_ABORT to clear any pending COPY and prevent a covert + * channel. + * + * __switch_to() will issue CP_ABORT on future context switches + * if process / thread has any open VAS window (Use + * current->mm->context.vas_windows). + */ + asm volatile(PPC_CP_ABORT); } set_vinst_win(vinst, txwin); @@ -1332,7 +1336,7 @@ int vas_win_close(struct vas_window *window) /* Drop references to pid and mm */ put_pid(window->pid); if (window->mm) { - mm_context_remove_copro(window->mm); + mm_context_remove_vas_window(window->mm); mmdrop(window->mm); } } |