linux/drivers/iommu
Dave Hansen 1b2ee1266e mm/core: Do not enforce PKEY permissions on remote mm access
We try to enforce protection keys in software the same way that we
do in hardware.  (See long example below).

But, we only want to do this when accessing our *own* process's
memory.  If GDB set PKRU[6].AD=1 (disable access to PKEY 6), then
tried to PTRACE_POKE a target process which just happened to have
some mprotect_pkey(pkey=6) memory, we do *not* want to deny the
debugger access to that memory.  PKRU is fundamentally a
thread-local structure and we do not want to enforce it on access
to _another_ thread's data.

This gets especially tricky when we have workqueues or other
delayed-work mechanisms that might run in a random process's context.
We can check that we only enforce pkeys when operating on our *own* mm,
but delayed work gets performed when a random user context is active.
We might end up with a situation where a delayed-work gup fails when
running randomly under its "own" task but succeeds when running under
another process.  We want to avoid that.

To avoid that, we use the new GUP flag: FOLL_REMOTE and add a
fault flag: FAULT_FLAG_REMOTE.  They indicate that we are
walking an mm which is not guranteed to be the same as
current->mm and should not be subject to protection key
enforcement.

Thanks to Jerome Glisse for pointing out this scenario.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Chinner <dchinner@redhat.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Eric B Munson <emunson@akamai.com>
Cc: Geliang Tang <geliangtang@163.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Xie XiuQi <xiexiuqi@huawei.com>
Cc: iommu@lists.linux-foundation.org
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-18 19:46:28 +01:00
..
amd_iommu_init.c IOMMU Updates for Linux v4.4 2015-11-05 16:12:10 -08:00
amd_iommu_proto.h IOMMU Updates for Linux v4.2 2015-06-23 18:27:19 -07:00
amd_iommu_types.h iommu/amd: Move 'struct dma_ops_domain' definition to amd_iommu.c 2015-12-28 17:18:50 +01:00
amd_iommu_v2.c mm/core: Do not enforce PKEY permissions on remote mm access 2016-02-18 19:46:28 +01:00
amd_iommu.c iommu/amd: Correct the wrong setting of alias DTE in do_attach 2016-01-29 12:30:47 +01:00
arm-smmu-v3.c iommu/arm-smmu: Use STE.S1STALLD only when supported 2015-12-17 12:05:36 +00:00
arm-smmu.c iommu/arm-smmu: Invalidate TLBs properly 2015-12-17 12:05:35 +00:00
dma-iommu.c iommu/dma: Use correct offset in map_sg 2016-01-07 13:36:41 +01:00
dmar.c iommu/vt-d: Fix up error handling in alloc_iommu 2016-01-07 13:44:41 +01:00
exynos-iommu.c iommu/exynos: Add callback for initializing devices from device tree 2015-05-29 10:50:08 +02:00
fsl_pamu_domain.c iommu/fsl: Convert to device_group call-back 2015-10-22 00:00:49 +02:00
fsl_pamu_domain.h iommu/fsl: Make use of domain_alloc and domain_free 2015-03-31 15:32:14 +02:00
fsl_pamu.c powerpc/fsl: Move fsl_guts.h out of arch/powerpc 2015-10-21 18:05:50 -05:00
fsl_pamu.h iommu/fsl: Various cleanups 2015-02-03 18:47:18 +01:00
intel_irq_remapping.c x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros 2015-12-19 11:49:55 +01:00
intel-iommu.c iommu/vt-d: Don't skip PCI devices when disabling IOTLB 2016-01-29 12:18:13 +01:00
intel-svm.c iommu/vt-d: Do access checks before calling handle_mm_fault() 2015-12-14 15:37:55 +01:00
io-pgtable-arm.c iommu/io-pgtable-arm: Fix io-pgtable-arm build failure 2016-01-29 12:14:08 +01:00
io-pgtable.c iommu/io-pgtable-arm: Move init-fn declarations to io-pgtable.h 2015-08-13 19:51:04 +02:00
io-pgtable.h iommu/io-pgtable: Make io_pgtable_ops_to_pgtable() macro common 2015-12-17 12:05:35 +00:00
iommu-sysfs.c iommu: Fix compile error in iommu-sysfs.c 2014-07-07 12:01:21 +02:00
iommu-traces.c iommu: Add iommu_error class event to iommu trace 2013-09-25 11:07:04 +02:00
iommu.c Revert "scatterlist: use sg_phys()" 2015-12-15 12:54:06 -08:00
iova.c iommu: Make the iova library a module 2015-07-28 15:48:01 +01:00
ipmmu-vmsa.c Merge branches 's390', 'arm/renesas', 'arm/msm', 'arm/shmobile', 'arm/smmu', 'x86/amd' and 'x86/vt-d' into next 2016-01-19 15:30:43 +01:00
irq_remapping.c iommu/vt-d: Add a command line parameter for VT-d posted-interrupts 2015-10-01 15:06:54 +02:00
irq_remapping.h iommu, x86: Setup Posted-Interrupts capability for Intel iommu 2015-06-12 11:33:52 +02:00
Kconfig iommu/shmobile: Remove unused Renesas IPMMU/IPMMUI driver 2015-12-14 15:55:57 +01:00
Makefile iommu/shmobile: Remove unused Renesas IPMMU/IPMMUI driver 2015-12-14 15:55:57 +01:00
msm_iommu_dev.c iommu/msm: Use platform_register/unregister_drivers() 2015-12-14 15:51:21 +01:00
msm_iommu_hw-8xxx.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
msm_iommu.c iommu/msm: Use BUG_ON instead of if () BUG() 2015-08-13 19:50:51 +02:00
msm_iommu.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
of_iommu.c of: iommu: Silence misleading warning 2015-08-03 16:07:49 +02:00
omap-iommu-debug.c fs/seq_file: convert int seq_vprint/seq_printf/etc... returns to void 2015-09-11 15:21:34 -07:00
omap-iommu.c iommu/omap: Add support for configuring dsp iommus on DRA7xx 2015-10-14 14:35:47 +02:00
omap-iommu.h iommu/omap: Add support for configuring dsp iommus on DRA7xx 2015-10-14 14:35:47 +02:00
omap-iopgtable.h iommu/omap: Use BIT(x) macros in omap-iopgtable.h 2015-08-03 16:04:42 +02:00
rockchip-iommu.c Merge branches 'arm/rockchip', 'arm/exynos', 'arm/smmu', 'x86/vt-d', 'x86/amd', 'default-domains' and 'core' into next 2015-06-19 17:17:47 +02:00
s390-iommu.c iommu/s390: Fix sparse warnings 2015-11-26 14:41:01 +01:00
tegra-gart.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
tegra-smmu.c iommu/tegra-smmu: Parameterize number of TLB lines 2015-08-13 17:05:28 +02:00