From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: kvm@vger.kernel.org, netdev@vger.kernel.org,
Laurent Vivier <laurent@vivier.eu>,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH v2 0/2] vhost: Skip access checks on GIOVAs
Date: Thu, 1 Oct 2020 08:46:29 -0400 [thread overview]
Message-ID: <20201001084608-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <160139701999.162128.2399875915342200263.stgit@bahia.lan>
On Tue, Sep 29, 2020 at 06:30:20PM +0200, Greg Kurz wrote:
> This series addresses some misuse around vring addresses provided by
> userspace when using an IOTLB device. The misuse cause failures of
> the VHOST_SET_VRING_ADDR ioctl on POWER, which in turn causes QEMU
> to crash at migration time.
>
> While digging some more I realized that log_access_ok() can also be
> passed a GIOVA (vq->log_addr) even though log_used() will never log
> anything at that address. I could observe addresses beyond the end
> of the log bitmap being passed to access_ok(), but it didn't have any
> impact because the addresses were still acceptable from an access_ok()
> standpoint. Adding a second patch to fix that anyway.
>
> Note that I've also posted a patch for QEMU so that it skips the used
> structure GIOVA when allocating the log bitmap. Otherwise QEMU fails to
> allocate it because POWER puts GIOVAs very high in the address space (ie.
> over 0x800000000000000ULL).
>
> https://patchwork.ozlabs.org/project/qemu-devel/patch/160105498386.68108.2145229309875282336.stgit@bahia.lan/
I queued this. Jason, can you ack please?
> v2:
> - patch 1: move the (vq->ioltb) check from vhost_vq_access_ok() to
> vq_access_ok() as suggested by MST
> - patch 2: new patch
>
> ---
>
> Greg Kurz (2):
> vhost: Don't call access_ok() when using IOTLB
> vhost: Don't call log_access_ok() when using IOTLB
>
>
> drivers/vhost/vhost.c | 32 ++++++++++++++++++++++++--------
> 1 file changed, 24 insertions(+), 8 deletions(-)
>
> --
> Greg
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: Jason Wang <jasowang@redhat.com>,
kvm@vger.kernel.org, virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org, qemu-devel@nongnu.org,
Laurent Vivier <laurent@vivier.eu>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH v2 0/2] vhost: Skip access checks on GIOVAs
Date: Thu, 1 Oct 2020 08:46:29 -0400 [thread overview]
Message-ID: <20201001084608-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <160139701999.162128.2399875915342200263.stgit@bahia.lan>
On Tue, Sep 29, 2020 at 06:30:20PM +0200, Greg Kurz wrote:
> This series addresses some misuse around vring addresses provided by
> userspace when using an IOTLB device. The misuse cause failures of
> the VHOST_SET_VRING_ADDR ioctl on POWER, which in turn causes QEMU
> to crash at migration time.
>
> While digging some more I realized that log_access_ok() can also be
> passed a GIOVA (vq->log_addr) even though log_used() will never log
> anything at that address. I could observe addresses beyond the end
> of the log bitmap being passed to access_ok(), but it didn't have any
> impact because the addresses were still acceptable from an access_ok()
> standpoint. Adding a second patch to fix that anyway.
>
> Note that I've also posted a patch for QEMU so that it skips the used
> structure GIOVA when allocating the log bitmap. Otherwise QEMU fails to
> allocate it because POWER puts GIOVAs very high in the address space (ie.
> over 0x800000000000000ULL).
>
> https://patchwork.ozlabs.org/project/qemu-devel/patch/160105498386.68108.2145229309875282336.stgit@bahia.lan/
I queued this. Jason, can you ack please?
> v2:
> - patch 1: move the (vq->ioltb) check from vhost_vq_access_ok() to
> vq_access_ok() as suggested by MST
> - patch 2: new patch
>
> ---
>
> Greg Kurz (2):
> vhost: Don't call access_ok() when using IOTLB
> vhost: Don't call log_access_ok() when using IOTLB
>
>
> drivers/vhost/vhost.c | 32 ++++++++++++++++++++++++--------
> 1 file changed, 24 insertions(+), 8 deletions(-)
>
> --
> Greg
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kurz <groug@kaod.org>
Cc: kvm@vger.kernel.org, netdev@vger.kernel.org,
Jason Wang <jasowang@redhat.com>,
Laurent Vivier <laurent@vivier.eu>,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH v2 0/2] vhost: Skip access checks on GIOVAs
Date: Thu, 1 Oct 2020 08:46:29 -0400 [thread overview]
Message-ID: <20201001084608-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <160139701999.162128.2399875915342200263.stgit@bahia.lan>
On Tue, Sep 29, 2020 at 06:30:20PM +0200, Greg Kurz wrote:
> This series addresses some misuse around vring addresses provided by
> userspace when using an IOTLB device. The misuse cause failures of
> the VHOST_SET_VRING_ADDR ioctl on POWER, which in turn causes QEMU
> to crash at migration time.
>
> While digging some more I realized that log_access_ok() can also be
> passed a GIOVA (vq->log_addr) even though log_used() will never log
> anything at that address. I could observe addresses beyond the end
> of the log bitmap being passed to access_ok(), but it didn't have any
> impact because the addresses were still acceptable from an access_ok()
> standpoint. Adding a second patch to fix that anyway.
>
> Note that I've also posted a patch for QEMU so that it skips the used
> structure GIOVA when allocating the log bitmap. Otherwise QEMU fails to
> allocate it because POWER puts GIOVAs very high in the address space (ie.
> over 0x800000000000000ULL).
>
> https://patchwork.ozlabs.org/project/qemu-devel/patch/160105498386.68108.2145229309875282336.stgit@bahia.lan/
I queued this. Jason, can you ack please?
> v2:
> - patch 1: move the (vq->ioltb) check from vhost_vq_access_ok() to
> vq_access_ok() as suggested by MST
> - patch 2: new patch
>
> ---
>
> Greg Kurz (2):
> vhost: Don't call access_ok() when using IOTLB
> vhost: Don't call log_access_ok() when using IOTLB
>
>
> drivers/vhost/vhost.c | 32 ++++++++++++++++++++++++--------
> 1 file changed, 24 insertions(+), 8 deletions(-)
>
> --
> Greg
next prev parent reply other threads:[~2020-10-01 12:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 16:30 [PATCH v2 0/2] vhost: Skip access checks on GIOVAs Greg Kurz
2020-09-29 16:30 ` Greg Kurz
2020-09-29 16:30 ` [PATCH v2 1/2] vhost: Don't call access_ok() when using IOTLB Greg Kurz
2020-09-29 16:30 ` Greg Kurz
2020-10-03 1:51 ` Jason Wang
2020-10-03 1:51 ` Jason Wang
2020-10-03 1:51 ` Jason Wang
2020-09-29 16:30 ` [PATCH v2 2/2] vhost: Don't call log_access_ok() " Greg Kurz
2020-09-29 16:30 ` Greg Kurz
2020-10-03 1:58 ` Jason Wang
2020-10-03 1:58 ` Jason Wang
2020-10-03 1:58 ` Jason Wang
2020-10-03 8:38 ` Greg Kurz
2020-10-03 8:38 ` Greg Kurz
2020-10-01 12:46 ` Michael S. Tsirkin [this message]
2020-10-01 12:46 ` [PATCH v2 0/2] vhost: Skip access checks on GIOVAs Michael S. Tsirkin
2020-10-01 12:46 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201001084608-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=kvm@vger.kernel.org \
--cc=laurent@vivier.eu \
--cc=netdev@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.