----- On Oct 13, 2017, at 10:50 AM, Mathieu Desnoyers mathieu.desnoy...@efficios.com wrote:
> ----- On Oct 13, 2017, at 9:57 AM, One Thousand Gnomes > gno...@lxorguk.ukuu.org.uk wrote: > >>> A maximum limit of 16 operations per cpu_opv syscall invocation is >>> enforced, so user-space cannot generate a too long preempt-off critical >>> section. >> >> Except that all the operations could be going to mmapped I/O space and if >> I pick the right targets could take quite a long time to complete. > > We could check whether a struct page belongs to mmapped I/O space, and return > EINVAL in that case. > >> It's >> still only 16 operations - But 160ms is a lot worse than 10ms. In fact >> with compare_iter I could make it much much worse still as I get 2 x >> TMP_BUFLEN x 16 x worst case latency in my attack. That's enough to screw >> up plenty of things. > > Would a check that ensures the page is not mmapped I/O space be sufficient > to take care of this ? If happen to know which API I need to look for, it > would be welcome. I think is_zone_device_page() is what I was looking for. Let me know if I missed something, Thanks, Mathieu > Thanks, > > Mathieu > > >> >> Alan > > -- > Mathieu Desnoyers > EfficiOS Inc. > http://www.efficios.com -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com
