From: Jason Gunthorpe <jgg@nvidia.com>
To: Steve Sistare <steven.sistare@oracle.com>
Cc: kvm@vger.kernel.org, Alex Williamson <alex.williamson@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
Kevin Tian <kevin.tian@intel.com>
Subject: Re: [PATCH V5 2/7] vfio/type1: prevent locked_vm underflow
Date: Fri, 16 Dec 2022 10:09:34 -0400 [thread overview]
Message-ID: <Y5x8HoAEJA7r8ko+@nvidia.com> (raw)
In-Reply-To: <1671141424-81853-3-git-send-email-steven.sistare@oracle.com>
On Thu, Dec 15, 2022 at 01:56:59PM -0800, Steve Sistare wrote:
> When a vfio container is preserved across exec, the task does not change,
> but it gets a new mm with locked_vm=0. If the user later unmaps a dma
> mapping, locked_vm underflows to a large unsigned value, and a subsequent
> dma map request fails with ENOMEM in __account_locked_vm.
>
> To avoid underflow, grab and save the mm at the time a dma is mapped.
> Use that mm when adjusting locked_vm, rather than re-acquiring the saved
> task's mm, which may have changed. If the saved mm is dead, do nothing.
>
> Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
> ---
> drivers/vfio/vfio_iommu_type1.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
Add fixes lines and a CC stable
The subject should be more like 'vfio/typ1: Prevent corruption of mm->locked_vm via exec()'
> @@ -1687,6 +1689,8 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
> get_task_struct(current->group_leader);
> dma->task = current->group_leader;
> dma->lock_cap = capable(CAP_IPC_LOCK);
> + dma->mm = dma->task->mm;
This should be current->mm, current->group_leader->mm is not quite the
same thing (and maybe another bug, I'm not sure)
Jason
next prev parent reply other threads:[~2022-12-16 14:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 21:56 [PATCH V5 0/7] fixes for virtual address update Steve Sistare
2022-12-15 21:56 ` [PATCH V5 1/7] vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR Steve Sistare
2022-12-16 14:10 ` Jason Gunthorpe
2022-12-15 21:56 ` [PATCH V5 2/7] vfio/type1: prevent locked_vm underflow Steve Sistare
2022-12-16 14:09 ` Jason Gunthorpe [this message]
2022-12-16 15:42 ` Steven Sistare
2022-12-16 16:10 ` Alex Williamson
2022-12-16 16:16 ` Steven Sistare
2022-12-16 16:33 ` Alex Williamson
2022-12-16 17:07 ` Jason Gunthorpe
2022-12-15 21:57 ` [PATCH V5 3/7] vfio/type1: count reserved pages Steve Sistare
2022-12-15 22:15 ` Steven Sistare
2022-12-15 21:57 ` [PATCH V5 4/7] vfio/type1: restore locked_vm Steve Sistare
2022-12-16 14:12 ` Jason Gunthorpe
2022-12-15 21:57 ` [PATCH V5 5/7] vfio/type1: revert "block on invalid vaddr" Steve Sistare
2022-12-15 21:57 ` [PATCH V5 6/7] vfio/type1: revert "implement notify callback" Steve Sistare
2022-12-15 21:57 ` [PATCH V5 7/7] vfio: revert "iommu driver " Steve Sistare
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y5x8HoAEJA7r8ko+@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=steven.sistare@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.