Re: [RFC PATCH for 4.15 09/14] Provide cpu_opv system call
From: Mathieu Desnoyers
Date: Sat Oct 14 2017 - 10:20:21 EST
----- On Oct 13, 2017, at 10:50 AM, Mathieu Desnoyers mathieu.desnoyers@xxxxxxxxxxxx wrote:
> ----- On Oct 13, 2017, at 9:57 AM, One Thousand Gnomes
> gnomes@xxxxxxxxxxxxxxxxxxx wrote:
>
>>> A maximum limit of 16 operations per cpu_opv syscall invocation is
>>> enforced, so user-space cannot generate a too long preempt-off critical
>>> section.
>>
>> Except that all the operations could be going to mmapped I/O space and if
>> I pick the right targets could take quite a long time to complete.
>
> We could check whether a struct page belongs to mmapped I/O space, and return
> EINVAL in that case.
>
>> It's
>> still only 16 operations - But 160ms is a lot worse than 10ms. In fact
>> with compare_iter I could make it much much worse still as I get 2 x
>> TMP_BUFLEN x 16 x worst case latency in my attack. That's enough to screw
>> up plenty of things.
>
> Would a check that ensures the page is not mmapped I/O space be sufficient
> to take care of this ? If happen to know which API I need to look for, it
> would be welcome.
I think is_zone_device_page() is what I was looking for.
Let me know if I missed something,
Thanks,
Mathieu
> Thanks,
>
> Mathieu
>
>
>>
>> Alan
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> http://www.efficios.com
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com