From: Jason Gunthorpe <jgg@ziepe.ca>
To: "Christian König" <ckoenig.leichtzumerken@gmail.com>
Cc: "Daniel Vetter" <daniel.vetter@ffwll.ch>,
"Christian König" <christian.koenig@amd.com>,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"Suren Baghdasaryan" <surenb@google.com>,
"Matthew Wilcox" <willy@infradead.org>,
"John Stultz" <john.stultz@linaro.org>,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org
Subject: Re: [Linaro-mm-sig] Re: [PATCH] dma-buf: Require VM_PFNMAP vma for mmap
Date: Wed, 23 Nov 2022 09:28:37 -0400 [thread overview]
Message-ID: <Y34gBUl0m+j1JdFk@ziepe.ca> (raw)
In-Reply-To: <dc2a9d7f-192b-e9d8-b1d1-3b868cb1fd44@gmail.com>
On Wed, Nov 23, 2022 at 02:12:25PM +0100, Christian König wrote:
> Am 23.11.22 um 13:53 schrieb Jason Gunthorpe:
> > On Wed, Nov 23, 2022 at 01:49:41PM +0100, Christian König wrote:
> > > Am 23.11.22 um 13:46 schrieb Jason Gunthorpe:
> > > > On Wed, Nov 23, 2022 at 11:06:55AM +0100, Daniel Vetter wrote:
> > > >
> > > > > > Maybe a GFP flag to set the page reference count to zero or something
> > > > > > like this?
> > > > > Hm yeah that might work. I'm not sure what it will all break though?
> > > > > And we'd need to make sure that underflowing the page refcount dies in
> > > > > a backtrace.
> > > > Mucking with the refcount like this to protect against crazy out of
> > > > tree drives seems horrible..
> > > Well not only out of tree drivers. The intree KVM got that horrible
> > > wrong as well, those where the latest guys complaining about it.
> > kvm was taking refs on special PTEs? That seems really unlikely?
>
> Well then look at this code here:
>
> commit add6a0cd1c5ba51b201e1361b05a5df817083618
> Author: Paolo Bonzini <pbonzini@redhat.com>
> Date: Tue Jun 7 17:51:18 2016 +0200
>
> KVM: MMU: try to fix up page faults before giving up
>
> The vGPU folks would like to trap the first access to a BAR by setting
> vm_ops on the VMAs produced by mmap-ing a VFIO device. The fault
> handler
> then can use remap_pfn_range to place some non-reserved pages in the
> VMA.
>
> This kind of VM_PFNMAP mapping is not handled by KVM, but follow_pfn
> and fixup_user_fault together help supporting it. The patch also
> supports
> VM_MIXEDMAP vmas where the pfns are not reserved and thus subject to
> reference counting.
>
> Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
> Cc: Andrea Arcangeli <aarcange@redhat.com>
> Cc: Radim Krčmář <rkrcmar@redhat.com>
> Tested-by: Neo Jia <cjia@nvidia.com>
> Reported-by: Kirti Wankhede <kwankhede@nvidia.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch is known to be broken in so many ways. It also has a major
security hole that it ignores the PTE flags making the page
RO. Ignoring the special bit is somehow not surprising :(
This probably doesn't work, but is the general idea of what KVM needs
to do:
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 1376a47fedeedb..4161241fc3228c 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2598,6 +2598,19 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma,
return r;
}
+ /*
+ * Special PTEs are never convertible into a struct page, even if the
+ * driver that owns them might have put a PFN with a struct page into
+ * the PFNMAP. If the arch doesn't support special then we cannot
+ * safely process these pages.
+ */
+#ifdef CONFIG_ARCH_HAS_PTE_SPECIAL
+ if (pte_special(*ptep))
+ return -EINVAL;
+#else
+ return -EINVAL;
+#endif
+
if (write_fault && !pte_write(*ptep)) {
pfn = KVM_PFN_ERR_RO_FAULT;
goto out;
Jason
next prev parent reply other threads:[~2022-11-23 13:41 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-22 17:08 [PATCH] dma-buf: Require VM_PFNMAP vma for mmap Daniel Vetter
2022-11-22 18:03 ` Jason Gunthorpe
2022-11-22 18:08 ` Daniel Vetter
2022-11-22 18:50 ` Jason Gunthorpe
2022-11-22 19:29 ` Daniel Vetter
2022-11-22 19:34 ` Jason Gunthorpe
2022-11-22 19:50 ` Daniel Vetter
2022-11-23 9:06 ` Christian König
2022-11-23 9:30 ` Daniel Vetter
2022-11-23 9:39 ` [Linaro-mm-sig] " Christian König
2022-11-23 10:06 ` Daniel Vetter
2022-11-23 12:46 ` Jason Gunthorpe
2022-11-23 12:49 ` Christian König
2022-11-23 12:53 ` Jason Gunthorpe
2022-11-23 13:12 ` Christian König
2022-11-23 13:28 ` Jason Gunthorpe [this message]
2022-11-23 14:28 ` Daniel Vetter
2022-11-23 15:04 ` Jason Gunthorpe
2022-11-23 16:22 ` Daniel Vetter
2022-11-23 14:34 ` Daniel Vetter
2022-11-23 15:08 ` Jason Gunthorpe
2022-11-23 15:15 ` Christian König
2022-11-23 16:26 ` Daniel Vetter
2022-11-23 16:26 ` Jason Gunthorpe
2022-11-23 8:07 ` Thomas Zimmermann
2022-11-23 9:33 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y34gBUl0m+j1JdFk@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=christian.koenig@amd.com \
--cc=ckoenig.leichtzumerken@gmail.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=john.stultz@linaro.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-media@vger.kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=surenb@google.com \
--cc=tzimmermann@suse.de \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox