From: Jarkko Sakkinen <jarkko@kernel.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: linux-sgx@vger.kernel.org, stable@vger.kernel.org,
Sean Christopherson <seanjc@google.com>,
Haitao Huang <haitao.huang@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Jethro Beekman <jethro@fortanix.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5] x86/sgx: Fix use-after-free in sgx_mmu_notifier_release()
Date: Wed, 3 Feb 2021 23:54:42 +0200 [thread overview]
Message-ID: <YBsbojMEeq3pCNhy@kernel.org> (raw)
In-Reply-To: <8df884af-825e-bae0-f0c3-c3e97f48d138@intel.com>
On Wed, Feb 03, 2021 at 07:46:48AM -0800, Dave Hansen wrote:
> On 1/30/21 11:20 AM, Jarkko Sakkinen wrote:
> ...
> > Example scenario would such that all removals "side-channel" through
> > the notifier callback. Then mmu_notifier_unregister() gets called
> > exactly zero times. No MMU notifier srcu sync would be then happening.
> >
> > NOTE: There's bunch of other examples, I'm just giving one.
>
> Could you flesh this out a bit? I don't quite understand the scenario
> from what you describe above.
>
> In any case, I'm open to other implementations that fix the race we know
> about. If you think you have a better fix, I'm happy to review it and
> make sure it closes the other race.
I'll bake up a new patch. Generally speaking, I think why this has been so
difficult, is because of a chicken-egg-problem. The whole issue should be
sorted when a new entry is first added to the mm_list, i.e. increase the
refcount for each added entry.
/Jarkko
prev parent reply other threads:[~2021-02-03 21:55 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-28 12:58 [PATCH v5] x86/sgx: Fix use-after-free in sgx_mmu_notifier_release() Jarkko Sakkinen
2021-01-28 16:33 ` Dave Hansen
2021-01-30 19:20 ` Jarkko Sakkinen
2021-01-30 19:26 ` Jarkko Sakkinen
2021-02-03 15:46 ` Dave Hansen
2021-02-03 21:54 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBsbojMEeq3pCNhy@kernel.org \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jethro@fortanix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.