Re: [PATCH 4/4] iommu/vt-d: Do access checks before calling handle_mm_fault()

From: David Woodhouse
Date: Tue Nov 10 2015 - 09:46:09 EST

On Tue, 2015-11-10 at 14:26 +0100, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@xxxxxxx>
> Not doing so is a bug and might trigger a BUG_ON in
> handle_mm_fault(). So add the proper permission checks
> before calling into mm code.
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>

> +static bool access_error(struct vm_area_struct *vma, struct
> page_req_dsc *req)
> +{
> + return !((req->rd_reqÂÂ&& (vma->vm_flags & VM_READ))ÂÂ||
> + Â(req->wr_reqÂÂ&& (vma->vm_flags & VM_WRITE)) ||
> + Â(req->exe_req && (vma->vm_flags & VM_EXEC)));
> +}
> +

This is a TLB fill request from the device â can it not be asking for
*all* of read, write and exec privs? And you allow it to succeed if any
*one* of the permissions that it asks for is available?

Even if we don't see read+write in the same request, the VT-d spec does
seem quite clear that we *will* see read+exec (Â7.5.1.1 p7-17 of v2.3:

â Execute Requested: If the PASID Present, Read Requested and Execute
 Requested fields are all 1, the request-with-PASID that encounteredÂ
 the recoverable fault that resulted in this page request, requiresÂ
 execute access to the page.

Also, I'm afraid my Skylake box blew up the day I sent the pull request
to Linus so I'm unable to test until I've sorted out a replacement.
Jesse should be able to though...

David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature