Re: [PATCH v2 14/18] powerpc: Define set_thread_used_vas()
From: Michael Ellerman
Date: Thu Nov 09 2017 - 06:01:38 EST
Sukadev Bhattiprolu <sukadev@xxxxxxxxxxxxxxxxxx> writes:
> diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
> index d861fcd..cb5f108 100644
> --- a/arch/powerpc/kernel/process.c
> +++ b/arch/powerpc/kernel/process.c
> @@ -1234,17 +1234,17 @@ struct task_struct *__switch_to(struct task_struct *prev,
> * The copy-paste buffer can only store into foreign real
> * addresses, so unprivileged processes can not see the
> * data or use it in any way unless they have foreign real
> - * mappings. We don't have a VAS driver that allocates those
> - * yet, so no cpabort is required.
> + * mappings. If the new process has the foreign real address
> + * mappings, we must issue a cp_abort to clear any state and
> + * prevent a covert channel being setup.
> + *
> + * DD1 allows paste into normal system memory so we do an
> + * unpaired copy, rather than cp_abort, to clear the buffer,
> + * since cp_abort is quite expensive.
> */
> - if (cpu_has_feature(CPU_FTR_POWER9_DD1)) {
> - /*
> - * DD1 allows paste into normal system memory, so we
> - * do an unpaired copy here to clear the buffer and
> - * prevent a covert channel being set up.
> - *
> - * cpabort is not used because it is quite expensive.
> - */
> + if (new_thread->used_vas) {
So this has a bug in that it's not safe to use new_thread here.
Because this is on the way out of __switch_to(), this code can run both
when switching to a new task and also when switching back to an older
task. In the latter case the task pointed to by new_thread may have
already been freed.
I've fixed it up here to use current_thread_info()->task->thread.used_vas,
so that it's always checking current.
cheers