Re: [PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check

From: Dave Hansen
Date: Tue Sep 10 2024 - 15:54:54 EST

Next message: Hugues Bruant: "Re: [REGRESSION] soft lockup on boot starting with kernel 6.10 / commit 5186ba33234c9a90833f7c93ce7de80e25fac6f5"
Previous message: Oliver Upton: "Re: [PATCH v3] KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer"
Next in thread: Alexey Gladkov: "Re: [PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/6/24 04:49, Alexey Gladkov wrote:
> +static inline bool is_kernel_addr(unsigned long addr)
> +{
> + return (long)addr < 0;
> +}
> +
> static int handle_mmio(struct pt_regs *regs, struct ve_info *ve)
> {
> unsigned long *reg, val, vaddr;
> @@ -434,6 +439,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve)
> return -EINVAL;
> }
>
> + if (!user_mode(regs) && !is_kernel_addr(ve->gla)) {
> + WARN_ONCE(1, "Access to userspace address is not supported");
> + return -EINVAL;
> + }

Should we really be open-coding a "is_kernel_addr" check? I mean,
TASK_SIZE_MAX is there for a reason. While I doubt we'd ever change the
positive vs. negative address space convention on 64-bit, I don't see a
good reason to write a 64-bit x86-specific is_kernel_addr() when a more
generic, portable and conventional idiom would do.

So, please use either a:

addr < TASK_SIZE_MAX

check, or use fault_in_kernel_space() directly.

Next message: Hugues Bruant: "Re: [REGRESSION] soft lockup on boot starting with kernel 6.10 / commit 5186ba33234c9a90833f7c93ce7de80e25fac6f5"
Previous message: Oliver Upton: "Re: [PATCH v3] KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer"
Next in thread: Alexey Gladkov: "Re: [PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]