----- On Oct 13, 2017, at 10:50 AM, Mathieu Desnoyers mathieu.desnoyers@xxxxxxxxxxxx wrote: > ----- On Oct 13, 2017, at 9:57 AM, One Thousand Gnomes > gnomes@xxxxxxxxxxxxxxxxxxx wrote: > >>> A maximum limit of 16 operations per cpu_opv syscall invocation is >>> enforced, so user-space cannot generate a too long preempt-off critical >>> section. >> >> Except that all the operations could be going to mmapped I/O space and if >> I pick the right targets could take quite a long time to complete. > > We could check whether a struct page belongs to mmapped I/O space, and return > EINVAL in that case. > >> It's >> still only 16 operations - But 160ms is a lot worse than 10ms. In fact >> with compare_iter I could make it much much worse still as I get 2 x >> TMP_BUFLEN x 16 x worst case latency in my attack. That's enough to screw >> up plenty of things. > > Would a check that ensures the page is not mmapped I/O space be sufficient > to take care of this ? If happen to know which API I need to look for, it > would be welcome. I think is_zone_device_page() is what I was looking for. Let me know if I missed something, Thanks, Mathieu > Thanks, > > Mathieu > > >> >> Alan > > -- > Mathieu Desnoyers > EfficiOS Inc. > http://www.efficios.com -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
