Re: [PATCH 1/3] x86/mm: Fix potential overflow in user_pcid_flush_mask
From: Rik van Riel
Date: Tue Jun 03 2025 - 17:21:19 EST
On Mon, 2025-06-02 at 09:55 -0700, Dave Hansen wrote:
> On 6/2/25 06:30, Rik van Riel wrote:
> >
> > @@ -149,6 +166,15 @@ struct tlb_state {
> > * context 0.
> > */
> > struct tlb_context ctxs[TLB_NR_DYN_ASIDS];
> > +
> > +#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
> > + /*
> > + * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate
> > + * the corresponding user PCID needs a flush next time we
> > + * switch to it; see SWITCH_TO_USER_CR3.
> > + */
> > + unsigned long user_pcid_flush_mask[CR3_AVAIL_PCID_LONGS];
> > +#endif
> > };
> > DECLARE_PER_CPU_ALIGNED(struct tlb_state, cpu_tlbstate);
>
> This adds an #ifdef. I guess it makes sense to do it for the now
> larger
> user_pcid_flush_mask[] while it didn't for a single long. But that's
> another logically separate bit that adds complexity to reading this
> whole mess.
>
> Honestly, I'd just leave this out for the bug fix. If someone really
> cares, we can come back and fix it up in mainline.
I added the #ifdef at Ingo's request.
I am happy to do the code in any way you two can
agree on, but we should probably avoid the back
and forth over many versions thing :)
>
> > diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-
> > offsets.c
> > index 6259b474073b..8c41a2e5a53e 100644
> > --- a/arch/x86/kernel/asm-offsets.c
> > +++ b/arch/x86/kernel/asm-offsets.c
> > @@ -103,8 +103,10 @@ static void __used common(void)
> > BLANK();
> > DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
> >
> > +#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
> > /* TLB state for the entry code */
> > OFFSET(TLB_STATE_user_pcid_flush_mask, tlb_state,
> > user_pcid_flush_mask);
> > +#endif
>
> Because it necessitates this hunk too...
I agree this isn't the prettiest, but then again
asm-offsets.c isn't code people will be reading
a lot?
--
All Rights Reversed.