From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
mikey@neuling.org, stewart@linux.vnet.ibm.com,
apopple@au1.ibm.com, hbabu@us.ibm.com, oohall@gmail.com,
linuxppc-dev@ozlabs.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 01/17] powerpc/vas: Define macros, register fields and structures
Date: Wed, 16 Aug 2017 16:07:42 -0700 [thread overview]
Message-ID: <20170816230742.GE31897@us.ibm.com> (raw)
In-Reply-To: <87ziazsol1.fsf@concordia.ellerman.id.au>
Michael Ellerman [mpe@ellerman.id.au] wrote:
> Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> writes:
>
> > Nicholas Piggin [npiggin@gmail.com] wrote:
> >> On Mon, 14 Aug 2017 15:21:48 +1000
> >> Michael Ellerman <mpe@ellerman.id.au> wrote:
> >>
> >> > Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> writes:
> >>
> >> > > arch/powerpc/include/asm/vas.h | 35 ++++
> >> > > arch/powerpc/include/uapi/asm/vas.h | 25 +++
> >> >
> >> > I thought we weren't exposing VAS to userspace yet?
> >> >
> >> > If we are then we need to get things straight WRT copy/paste abort.
> ...
> >
> > In the FTW case, there is no data transfer from user space to the hardware.
Sorry, that was focussed on the paste side.
> > i.e the copy/paste submit a NULL CRB and hardware will be configured (see
> > ->fifo_disable setting in winctx) to ignore any data they specify in the CRB.
>
> I thought the copy did copy a cacheline, but then the paste to the VAS
> window just ignores the contents, and doesn't allow userspace to get the
> content in any way?
Yes, you are right. The copy instruction does read the CRB into its copy-
buffer but for the FTW, VAS ignores the copy-buffer contents on paste.
So, the CRB may be zeroed, but must be a valid buffer.
>
> Which means we have two thirds of a covert channel, ie. something can be
> copied into the copy buffer by one process, and then a second process
> can paste it, but because it can only paste to foreign memory, and the
> only foreign memory it can get is a VAS FTW window, it can't actually
> see the content of the copy buffer.
>
> > Would we be able to allow copy/paste from user space in that case?
>
> Yeah I think so, but it is all a bit fragile.
>
> cheers
next prev parent reply other threads:[~2017-08-16 23:07 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-08 23:06 [PATCH v6 00/17] powerpc/vas: Enable VAS Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 01/17] powerpc/vas: Define macros, register fields and structures Sukadev Bhattiprolu
2017-08-14 5:21 ` Michael Ellerman
2017-08-14 6:05 ` Nicholas Piggin
2017-08-14 11:00 ` Michael Ellerman
2017-08-14 19:14 ` Sukadev Bhattiprolu
2017-08-16 12:07 ` Michael Ellerman
2017-08-16 23:07 ` Sukadev Bhattiprolu [this message]
2017-08-08 23:06 ` [PATCH v6 02/17] powerpc/vas: Move GET_FIELD/SET_FIELD to vas.h Sukadev Bhattiprolu
2017-08-14 7:26 ` Michael Ellerman
2017-08-08 23:06 ` [PATCH v6 03/17] powerpc/vas: Define vas_init() and vas_exit() Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 04/17] powerpc/vas: Define helpers to access MMIO regions Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 05/17] powerpc/vas: Define helpers to init window context Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 06/17] powerpc/vas: Define helpers to alloc/free windows Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 07/17] powerpc/vas: Define vas_win_paste_addr() Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 08/17] powerpc/vas: Define vas_win_id() Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 09/17] powerpc/vas: Define vas_rx_win_open() interface Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 10/17] " Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 11/17] powerpc/vas: Define vas_win_close() interface Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 12/17] powerpc/vas: Define vas_tx_win_open() Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 13/17] powerpc/vas: Define copy/paste interfaces Sukadev Bhattiprolu
2017-08-08 23:06 ` [PATCH v6 14/17] powerpc: Add support for setting SPRN_TIDR Sukadev Bhattiprolu
2017-08-14 7:02 ` Michael Neuling
2017-08-14 7:02 ` Michael Neuling
2017-08-14 13:30 ` Benjamin Herrenschmidt
2017-08-14 19:27 ` Sukadev Bhattiprolu
2017-08-14 11:16 ` Michael Ellerman
2017-08-14 20:03 ` Sukadev Bhattiprolu
2017-08-14 22:25 ` Benjamin Herrenschmidt
2017-08-14 22:23 ` Benjamin Herrenschmidt
2017-08-08 23:07 ` [PATCH v6 15/17] powerpc/vas: Define window open ioctls API Sukadev Bhattiprolu
2017-08-08 23:07 ` [PATCH v6 16/17] powerpc/vas: Implement a simple FTW driver Sukadev Bhattiprolu
2017-08-14 6:53 ` Michael Ellerman
2017-08-08 23:07 ` [PATCH v6 17/17] powerpc/vas: Document FTW API/usage Sukadev Bhattiprolu
2017-08-14 10:43 ` Michael Neuling
2017-08-14 10:43 ` Michael Neuling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170816230742.GE31897@us.ibm.com \
--to=sukadev@linux.vnet.ibm.com \
--cc=apopple@au1.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=hbabu@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mikey@neuling.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=oohall@gmail.com \
--cc=stewart@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.