Re: [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings to be executable

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@mellanox.com>
To: "Ruhl, Michael J" <michael.j.ruhl@intel.com>,
	Kees Cook <keescook@chromium.org>
Cc: Leon Romanovsky <leon@kernel.org>,
	Doug Ledford <dledford@redhat.com>,
	Leon Romanovsky <leonro@mellanox.com>,
	RDMA mailing list <linux-rdma@vger.kernel.org>,
	Andrea Arcangeli <aarcange@redhat.com>,
	Feras Daoud <ferasda@mellanox.com>,
	Haggai Eran <haggaie@mellanox.com>,
	Saeed Mahameed <saeedm@mellanox.com>,
	linux-netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings to be executable
Date: Thu, 18 Apr 2019 05:58:01 +0000	[thread overview]
Message-ID: <20190418055759.GA3155@mellanox.com> (raw)
In-Reply-To: <14063C7AD467DE4B82DEDB5C278E8663BE6A5513@FMSMSX108.amr.corp.intel.com>

On Wed, Apr 17, 2019 at 07:05:37PM +0000, Ruhl, Michael J wrote:

> >diff --git a/drivers/infiniband/core/uverbs_main.c
> >b/drivers/infiniband/core/uverbs_main.c
> >index fef4519d1241..3ef6474cd201 100644
> >+++ b/drivers/infiniband/core/uverbs_main.c
> >@@ -889,6 +889,10 @@ static struct rdma_umap_priv
> >*rdma_user_mmap_pre(struct ib_ucontext *ucontext,
> > 	struct ib_uverbs_file *ufile = ucontext->ufile;
> > 	struct rdma_umap_priv *priv;
> >
> >+	if (vma->vm_flags & VM_EXEC)
> >+		return ERR_PTR(-EINVAL);
> >+	vma->vm_flags &= ~VM_MAYEXEC;
> >+
> 
> A change like this was made in HFI with:
> 
> commit 12220267645cb7d1f3f699218e0098629e932e1f
> IB/hfi: Protect against writable mmap
> 
> This caused user applications that use the stack for execution to fail.
> The VM_EXEC flag is passed down during mmaps.
> 
> We had to remove this patch with:
> 
> commit 7709b0dc265f28695487712c45f02bbd1f98415d
> IB/hfi1: Remove overly conservative VM_EXEC flag check
> 
> to resolve this issue.
> 
> I am not sure if this is an equivalent issue, but the code path
> appears very similar.

It does seem problematic here too

Kees: You have worked in this W^X area in other parts of the kernel,
what should drivers do here?

The situation is we have a driver providing mmap against BAR memory
that is absolutely not intended for execution, so we would prefer to
block VM_EXEC in the driver's mmap fops callback

However READ_IMPLIES_EXEC forces VM_EXEC on for everything with no way
to opt out..

Jason

next prev parent reply	other threads:[~2019-04-18  5:58 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-16 11:07 [PATCH rdma-next 0/6] BAR mappings fixes in RDMA Leon Romanovsky
2019-04-16 11:07 ` Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 1/6] RDMA/mlx5: Do not allow the user to write to the clock page Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 2/6] RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings to be executable Leon Romanovsky
2019-04-17 19:05   ` Ruhl, Michael J
2019-04-18  5:58     ` Jason Gunthorpe [this message]
2019-04-18  6:30       ` Kees Cook
2019-04-18  7:01         ` Jason Gunthorpe
2019-04-18  7:23           ` Kees Cook
2019-04-18  7:23             ` Kees Cook
2019-04-22 12:51             ` Jason Gunthorpe
2019-04-16 11:07 ` [PATCH rdma-next 4/6] RDMA/ucontext: Fix regression with disassociate Leon Romanovsky
2019-04-16 11:07 ` [PATCH mlx5-next 5/6] RDMA/mlx5: Use get_zeroed_page() for clock_info Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 6/6] RDMA: Remove rdma_user_mmap_page Leon Romanovsky
2019-04-24 19:24 ` [PATCH rdma-next 0/6] BAR mappings fixes in RDMA Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190418055759.GA3155@mellanox.com \
    --to=jgg@mellanox.com \
    --cc=aarcange@redhat.com \
    --cc=dledford@redhat.com \
    --cc=ferasda@mellanox.com \
    --cc=haggaie@mellanox.com \
    --cc=keescook@chromium.org \
    --cc=leon@kernel.org \
    --cc=leonro@mellanox.com \
    --cc=linux-rdma@vger.kernel.org \
    --cc=michael.j.ruhl@intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=saeedm@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.