powerpc: Use mm_context vas_windows counter to issue CP_ABORT
set_thread_uses_vas() sets used_vas flag for a process that opened VAS
window and issue CP_ABORT during context switch for only that process.
In multi-thread application, windows can be shared. For example Thread
A can open a window and Thread B can run COPY/PASTE instructions to
send NX request which may cause corruption or snooping or a covert
channel Also once this flag is set, continue to run CP_ABORT even the
VAS window is closed.
So define vas-windows counter in process mm_context, increment this
counter for each window open and decrement it for window close. If
vas-windows is set, issue CP_ABORT during context switch. It means
clear the foreign real address mapping only if the process / thread
uses COPY/PASTE. Then disable it for that process if windows are not
open.
Moved set_thread_uses_vas() code to vas_tx_win_open() as this
functionality is needed only for userspace open windows. We are adding
VAS userspace support along with this fix. So no need to include this
fix in stable releases.
Fixes: 9d2a4d7133 ("powerpc: Define set_thread_uses_vas()")
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Reported-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Milton Miller <miltonm@us.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1587017291.2275.1077.camel@hbabu-laptop
This commit is contained in:
Haren Myneni
committed by
Michael Ellerman
Michael Ellerman
parent
1d955f9818
commit
c420644c0a
@@ -1228,7 +1228,8 @@ struct task_struct *__switch_to(struct task_struct *prev,
|
||||
* mappings, we must issue a cp_abort to clear any state and
|
||||
* prevent snooping, corruption or a covert channel.
|
||||
*/
|
||||
if (current->thread.used_vas)
|
||||
if (current->mm &&
|
||||
atomic_read(¤t->mm->context.vas_windows))
|
||||
asm volatile(PPC_CP_ABORT);
|
||||
}
|
||||
#endif /* CONFIG_PPC_BOOK3S_64 */
|
||||
@@ -1467,27 +1468,6 @@ void arch_setup_new_exec(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
int set_thread_uses_vas(void)
|
||||
{
|
||||
#ifdef CONFIG_PPC_BOOK3S_64
|
||||
if (!cpu_has_feature(CPU_FTR_ARCH_300))
|
||||
return -EINVAL;
|
||||
|
||||
current->thread.used_vas = 1;
|
||||
|
||||
/*
|
||||
* Even a process that has no foreign real address mapping can use
|
||||
* an unpaired COPY instruction (to no real effect). Issue CP_ABORT
|
||||
* to clear any pending COPY and prevent a covert channel.
|
||||
*
|
||||
* __switch_to() will issue CP_ABORT on future context switches.
|
||||
*/
|
||||
asm volatile(PPC_CP_ABORT);
|
||||
|
||||
#endif /* CONFIG_PPC_BOOK3S_64 */
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_PPC64
|
||||
/**
|
||||
* Assign a TIDR (thread ID) for task @t and set it in the thread
|
||||
|
||||
Reference in New Issue
Block a user