From: Eric Farman <farman@linux.ibm.com>
To: Nicolin Chen <nicolinc@nvidia.com>,
kwankhede@nvidia.com, corbet@lwn.net, hca@linux.ibm.com,
gor@linux.ibm.com, agordeev@linux.ibm.com,
borntraeger@linux.ibm.com, svens@linux.ibm.com,
zhenyuw@linux.intel.com, zhi.a.wang@intel.com,
jani.nikula@linux.intel.com, joonas.lahtinen@linux.intel.com,
rodrigo.vivi@intel.com, tvrtko.ursulin@linux.intel.com,
airlied@linux.ie, daniel@ffwll.ch, mjrosato@linux.ibm.com,
pasic@linux.ibm.com, vneethv@linux.ibm.com,
oberpar@linux.ibm.com, freude@linux.ibm.com,
akrowiak@linux.ibm.com, jjherne@linux.ibm.com,
alex.williamson@redhat.com, cohuck@redhat.com, jgg@nvidia.com,
kevin.tian@intel.com, hch@infradead.org
Cc: jchrist@linux.ibm.com, kvm@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-s390@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org
Subject: Re: [RFT][PATCH v2 8/9] vfio/ccw: Add kmap_local_page() for memcpy
Date: Fri, 08 Jul 2022 16:29:29 -0400 [thread overview]
Message-ID: <b8ad32db67e23455e021fc054d22e4512484db59.camel@linux.ibm.com> (raw)
In-Reply-To: <20220706062759.24946-9-nicolinc@nvidia.com>
On Tue, 2022-07-05 at 23:27 -0700, Nicolin Chen wrote:
> A PFN is not secure enough to promise that the memory is not IO. And
> direct access via memcpy() that only handles CPU memory will crash on
> S390 if the PFN is an IO PFN, as we have to use the
> memcpy_to/fromio()
> that uses the special S390 IO access instructions. On the other hand,
> a "struct page *" is always a CPU coherent thing that fits memcpy().
>
> Also, casting a PFN to "void *" for memcpy() is not a proper
> practice,
> kmap_local_page() is the correct API to call here, though S390
> doesn't
> use highmem, which means kmap_local_page() is a NOP.
>
> There's a following patch changing the vfio_pin_pages() API to return
> a list of "struct page *" instead of PFNs. It will block any IO
> memory
> from ever getting into this call path, for such a security purpose.
> In
> this patch, add kmap_local_page() to prepare for that.
This all sounds like it's conflating vfio-ccw with vfio-pci, and
configuration-wise I have a hard time picturing the situation described
above. But in the interest of the change in the next patch, I suppose
it's fine.
Acked-by: Eric Farman <farman@linux.ibm.com>
>
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
> ---
> drivers/s390/cio/vfio_ccw_cp.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/s390/cio/vfio_ccw_cp.c
> b/drivers/s390/cio/vfio_ccw_cp.c
> index 3854c3d573f5..cd4ec4f6d6ff 100644
> --- a/drivers/s390/cio/vfio_ccw_cp.c
> +++ b/drivers/s390/cio/vfio_ccw_cp.c
> @@ -11,6 +11,7 @@
> #include <linux/ratelimit.h>
> #include <linux/mm.h>
> #include <linux/slab.h>
> +#include <linux/highmem.h>
> #include <linux/iommu.h>
> #include <linux/vfio.h>
> #include <asm/idals.h>
> @@ -230,7 +231,6 @@ static long copy_from_iova(struct vfio_device
> *vdev, void *to, u64 iova,
> unsigned long n)
> {
> struct page_array pa = {0};
> - u64 from;
> int i, ret;
> unsigned long l, m;
>
> @@ -246,7 +246,9 @@ static long copy_from_iova(struct vfio_device
> *vdev, void *to, u64 iova,
>
> l = n;
> for (i = 0; i < pa.pa_nr; i++) {
> - from = pa.pa_pfn[i] << PAGE_SHIFT;
> + struct page *page = pfn_to_page(pa.pa_pfn[i]);
> + void *from = kmap_local_page(page);
> +
> m = PAGE_SIZE;
> if (i == 0) {
> from += iova & (PAGE_SIZE - 1);
> @@ -254,7 +256,8 @@ static long copy_from_iova(struct vfio_device
> *vdev, void *to, u64 iova,
> }
>
> m = min(l, m);
> - memcpy(to + (n - l), (void *)from, m);
> + memcpy(to + (n - l), from, m);
> + kunmap_local(from);
>
> l -= m;
> if (l == 0)
next prev parent reply other threads:[~2022-07-08 20:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 6:27 [RFT][PATCH v2 0/9] Update vfio_pin/unpin_pages API Nicolin Chen
2022-07-06 6:27 ` [RFT][PATCH v2 1/9] vfio: Make vfio_unpin_pages() return void Nicolin Chen
2022-07-06 6:54 ` Christoph Hellwig
2022-07-06 15:52 ` Nicolin Chen
2022-07-06 16:45 ` Jason Gunthorpe
2022-07-06 17:38 ` Kirti Wankhede
2022-07-07 8:42 ` Tian, Kevin
2022-07-07 17:12 ` Nicolin Chen
2022-07-07 19:22 ` Jason Gunthorpe
2022-07-07 19:38 ` Nicolin Chen
2022-07-06 6:27 ` [RFT][PATCH v2 2/9] vfio/ap: Pass in physical address of ind to ap_aqic() Nicolin Chen
2022-07-06 16:48 ` Jason Gunthorpe
2022-07-06 6:27 ` [RFT][PATCH v2 3/9] vfio/ccw: Only pass in contiguous pages Nicolin Chen
2022-07-06 17:05 ` Jason Gunthorpe
2022-07-08 20:25 ` Eric Farman
2022-07-08 20:25 ` Eric Farman
2022-07-06 6:27 ` [RFT][PATCH v2 4/9] vfio: Pass in starting IOVA to vfio_pin/unpin_pages API Nicolin Chen
2022-07-06 6:56 ` Christoph Hellwig
2022-07-06 15:54 ` Nicolin Chen
2022-07-06 17:38 ` Kirti Wankhede
2022-07-06 17:49 ` Jason Gunthorpe
2022-07-06 17:58 ` Nicolin Chen
2022-07-06 19:21 ` Nicolin Chen
2022-07-07 8:46 ` Tian, Kevin
2022-07-07 17:04 ` Nicolin Chen
2022-07-08 20:27 ` Eric Farman
2022-07-06 6:27 ` [RFT][PATCH v2 5/9] vfio/ap: Remove redundant pfn Nicolin Chen
2022-07-06 17:55 ` Jason Gunthorpe
2022-07-06 6:27 ` [RFT][PATCH v2 6/9] vfio/ccw: Change pa_pfn list to pa_iova list Nicolin Chen
2022-07-06 17:59 ` Jason Gunthorpe
2022-07-08 20:26 ` Eric Farman
2022-07-06 6:27 ` [RFT][PATCH v2 7/9] vfio: Rename user_iova of vfio_dma_rw() Nicolin Chen
2022-07-06 6:57 ` Christoph Hellwig
2022-07-06 18:15 ` Jason Gunthorpe
2022-07-07 8:47 ` Tian, Kevin
2022-07-06 6:27 ` [RFT][PATCH v2 8/9] vfio/ccw: Add kmap_local_page() for memcpy Nicolin Chen
2022-07-06 18:17 ` Jason Gunthorpe
2022-07-08 20:29 ` Eric Farman [this message]
2022-07-06 6:27 ` [RFT][PATCH v2 9/9] vfio: Replace phys_pfn with pages for vfio_pin_pages() Nicolin Chen
2022-07-06 6:57 ` Christoph Hellwig
2022-07-06 17:39 ` Kirti Wankhede
2022-07-06 18:18 ` Jason Gunthorpe
2022-07-07 8:49 ` Tian, Kevin
2022-07-07 17:03 ` Nicolin Chen
2022-07-08 20:29 ` Eric Farman
2022-07-07 6:08 ` [RFT][PATCH v2 0/9] Update vfio_pin/unpin_pages API Tian, Kevin
2022-07-07 6:17 ` Nicolin Chen
2022-07-08 7:24 ` Xu, Terrence
2022-07-08 20:20 ` Nicolin Chen
2022-07-08 20:30 ` Eric Farman
2022-07-08 20:31 ` Nicolin Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8ad32db67e23455e021fc054d22e4512484db59.camel@linux.ibm.com \
--to=farman@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=airlied@linux.ie \
--cc=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=corbet@lwn.net \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hch@infradead.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=jchrist@linux.ibm.com \
--cc=jgg@nvidia.com \
--cc=jjherne@linux.ibm.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=oberpar@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=rodrigo.vivi@intel.com \
--cc=svens@linux.ibm.com \
--cc=tvrtko.ursulin@linux.intel.com \
--cc=vneethv@linux.ibm.com \
--cc=zhenyuw@linux.intel.com \
--cc=zhi.a.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).