Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp2622718pxk;
        Sun, 6 Sep 2020 07:19:54 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxgv0R6CjtxgSCZAZVbwLonGN3v9uvmRgKPKuWs+yROu4rMDk2tsFEdCGxPHtcbYorST6vG
X-Received: by 2002:a17:906:5488:: with SMTP id r8mr16382264ejo.483.1599401994828;
        Sun, 06 Sep 2020 07:19:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599401994; cv=none;
        d=google.com; s=arc-20160816;
        b=QEo18lqC2pQD3NSEWoqpoupkDZM3GRKJ8EXlNWhvLNlvuFQ8/73/XPih/XcJguApYt
         eb9C40O0NquaviT19QKQU3Xtn4lz9VDfHgYHTMieY5p/u5wiJ2GIhmRq9NTWfQE8KJHG
         gy3eYL4RnYI/36/pcBaZxJ20VL9F2rb2joPMmPtlp/qyMJoTGSkERD6lcbEZ0Lxg5Pjg
         4s0Ob/LbbcHxvenJHRMLtE/xX8NlpocFUKgmnH5JujbkbJM5W+V1XoYWEeZqzXOIe60t
         PE7o4cYMu3v1Dla+D7UvGVJCkvvFC0/IPL5hy4apc5/SC4FK3r9pXjt5Bqw3hgCpTQdB
         GCpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=fjuZGgArSYX6Ws5SV+xEICYkW94OkCDp49nIqzC5K+Y=;
        b=mUu3JrdgudK9xAgknTmETlL8LAN0S2FeLUNR8NzausZ7P+PpVBG9AlrK9Xjj/Qsflp
         UAuzxYYQvw1H69nr12B6vBWm+KeKWDuWS+u7DOLaAHoOWS7/W7rXN7X2Xft6wnVqj1im
         ZhS4/KupQ2Nd9zLBXA0bThFa575r0u3ARv4dd4aWQTQyD3lL8CuVPMONTgWhQgZqDk3f
         l1dKZuhZzXqiJG6N4zaj7FlOjeoFEd4qXcIh/AGCPXUHcg+gQL27F26M8c4pOTzai9P+
         Taeo+tmKDAEjj9osBal7YBimWMp+6VvzeEsoU4+LUXU/HYVW+zLL93vGunPCy/e/J1Da
         kxfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c25si7794912edr.545.2020.09.06.07.19.32;
        Sun, 06 Sep 2020 07:19:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728886AbgIFORI (ORCPT <rfc822;atom.tux.beastie@gmail.com>
        + 99 others); Sun, 6 Sep 2020 10:17:08 -0400
Received: from ex13-edg-ou-001.vmware.com ([208.91.0.189]:50007 "EHLO
        EX13-EDG-OU-001.vmware.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728887AbgIFONB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 6 Sep 2020 10:13:01 -0400
Received: from sc9-mailhost3.vmware.com (10.113.161.73) by
 EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP Server id
 15.0.1156.6; Sun, 6 Sep 2020 07:12:25 -0700
Received: from akaher-virtual-machine.eng.vmware.com (unknown [10.197.103.239])
        by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 973FD408D3;
        Sun,  6 Sep 2020 07:12:25 -0700 (PDT)
From:   Ajay Kaher <akaher@vmware.com>
To:     <gregkh@linuxfoundation.org>
CC:     <alex.williamson@redhat.com>, <cohuck@redhat.com>,
        <peterx@redhat.com>, <kvm@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>,
        <srivatsab@vmware.com>, <srivatsa@csail.mit.edu>,
        <vsirnapalli@vmware.com>, <akaher@vmware.com>
Subject: [PATCH v5.4.y 0/3] vfio: Fix for CVE-2020-12888
Date:   Sun, 6 Sep 2020 19:37:57 +0530
Message-ID: <1599401277-32172-4-git-send-email-akaher@vmware.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1599401277-32172-1-git-send-email-akaher@vmware.com>
References: <1599401277-32172-1-git-send-email-akaher@vmware.com>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: None (EX13-EDG-OU-001.vmware.com: akaher@vmware.com does not
 designate permitted sender hosts)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
    
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when it is disabled, some h/w devices issue an
interrupt to the CPU to indicate a fatal error condition, crashing the system.
This flaw allows a guest user or process to crash the host system resulting in
a denial of service.
    
Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped
before user access.
    
Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling
remap_pfn_range(). Also provides a list of vmas actively mapping the area which
can later use to invalidate those mappings.
    
Patch 3/ block the user from accessing memory spaces which is disabled by using
new vma list support to zap, or invalidate, those memory mappings in order to
force them to be faulted back in on access.
    
Upstreamed patches link:
https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home
        
[PATCH v5.4.y 1/3]:
Backporting of upsream commit 41311242221e:
vfio/type1: Support faulting PFNMAP vmas
        
[PATCH v5.4.y 2/3]:
Backporting of upsream commit 11c4cd07ba11:
vfio-pci: Fault mmaps to enable vma tracking
        
[PATCH v5.4.y 3/3]:
Backporting of upsream commit abafbc551fdd:
vfio-pci: Invalidate mmaps and block MMIO access on disabled memory