From c420644c0a8f8839ca7269acbb8a3fc7fe1ec97d Mon Sep 17 00:00:00 2001 From: Haren Myneni Date: Wed, 15 Apr 2020 23:08:11 -0700 Subject: powerpc: Use mm_context vas_windows counter to issue CP_ABORT set_thread_uses_vas() sets used_vas flag for a process that opened VAS window and issue CP_ABORT during context switch for only that process. In multi-thread application, windows can be shared. For example Thread A can open a window and Thread B can run COPY/PASTE instructions to send NX request which may cause corruption or snooping or a covert channel Also once this flag is set, continue to run CP_ABORT even the VAS window is closed. So define vas-windows counter in process mm_context, increment this counter for each window open and decrement it for window close. If vas-windows is set, issue CP_ABORT during context switch. It means clear the foreign real address mapping only if the process / thread uses COPY/PASTE. Then disable it for that process if windows are not open. Moved set_thread_uses_vas() code to vas_tx_win_open() as this functionality is needed only for userspace open windows. We are adding VAS userspace support along with this fix. So no need to include this fix in stable releases. Fixes: 9d2a4d71332c ("powerpc: Define set_thread_uses_vas()") Signed-off-by: Haren Myneni Reported-by: Nicholas Piggin Suggested-by: Milton Miller Suggested-by: Nicholas Piggin Reviewed-by: Nicholas Piggin Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/1587017291.2275.1077.camel@hbabu-laptop --- arch/powerpc/platforms/powernv/vas-window.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'arch/powerpc/platforms') diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c index e15b40596746..d62787f502c9 100644 --- a/arch/powerpc/platforms/powernv/vas-window.c +++ b/arch/powerpc/platforms/powernv/vas-window.c @@ -1058,13 +1058,6 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, rc = -ENODEV; goto free_window; } - /* - * A user mapping must ensure that context switch issues - * CP_ABORT for this thread. - */ - rc = set_thread_uses_vas(); - if (rc) - goto free_window; /* * Window opened by a child thread may not be closed when @@ -1090,7 +1083,7 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, mmgrab(txwin->mm); mmput(txwin->mm); - mm_context_add_copro(txwin->mm); + mm_context_add_vas_window(txwin->mm); /* * Process closes window during exit. In the case of * multithread application, the child thread can open @@ -1099,6 +1092,17 @@ struct vas_window *vas_tx_win_open(int vasid, enum vas_cop_type cop, * to take pid reference for parent thread. */ txwin->tgid = find_get_pid(task_tgid_vnr(current)); + /* + * Even a process that has no foreign real address mapping can + * use an unpaired COPY instruction (to no real effect). Issue + * CP_ABORT to clear any pending COPY and prevent a covert + * channel. + * + * __switch_to() will issue CP_ABORT on future context switches + * if process / thread has any open VAS window (Use + * current->mm->context.vas_windows). + */ + asm volatile(PPC_CP_ABORT); } set_vinst_win(vinst, txwin); @@ -1332,7 +1336,7 @@ int vas_win_close(struct vas_window *window) /* Drop references to pid and mm */ put_pid(window->pid); if (window->mm) { - mm_context_remove_copro(window->mm); + mm_context_remove_vas_window(window->mm); mmdrop(window->mm); } } -- cgit v1.2.3