Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3104379pxk;
        Mon, 7 Sep 2020 03:23:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyE5E4xnJntV8PR/52VkMe7e9CfCUnp5LFn/UQmwa5T5BPiOqMaYyrpDDvB4s9VMaecPLv1
X-Received: by 2002:a17:906:7cc6:: with SMTP id h6mr20142312ejp.266.1599474194599;
        Mon, 07 Sep 2020 03:23:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599474194; cv=none;
        d=google.com; s=arc-20160816;
        b=NrFsyH/TTsxcwwDzXMWffUwB3RiP+ad4rBpwLBZ0Hr5tdNXSgPk41B1QdMhQAB0jFI
         /TcsAgNZR5ib1v5pR0MmvisKAx9qqdMifI+ypp3Dh59z9dsw8cbS9dbvoaddlUZibVkP
         uZyHn7HVe/6ldtAKALGJa4YZjRo9rTTi9Fb32WJg23twAWoUGBHsnj3maoiPBrx0IQon
         LRQCDt3yZHYqGb4FRuwFN3TSRgSFPpNwvniIANLrKhsoVk1rRYsiHnquIRA7B4KtcWQV
         JHSFm49vWMNWh+BMOoPe5vluE0WMd92NzDHAHT3Zj7w+0N1+kyuG6nk+P+1sTet4go5T
         xaGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=OUH4beMp92UD1XwmD6qLxVRc+QDP3D0ro22ELsF6zeY=;
        b=Wg8jXQFd12VVf5ll/4aBR9n4USwqJIcPERmcoEZYA6cvPe9JDZkr0LEI4ZMMlOZpK7
         8j7mHQbFUJ4oZhFdE3hhuPpXPJVaO2fATimiut/WdNQ7XQ6NZZYqUtvhpLy7kvucQoZ7
         3hLaqwa+50Vrhx+eZcJuJhJ3KV5n769sHMMCTEaqkI4g5XeHYH56rk22Do7jKKUGJK5E
         RIQhnG167p+JrF1q0TAt+0sbFg6YbciRPVIUSZ1fpHzr0daPeK4SsPkuWOu1yIw9VXOm
         KI2YSd5zGSrsAVYOQm1NO9+UR81im56Ji2wyE5STJsurKBkM1opk3As8aaxQERWPZA9V
         5jSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z15si817184ejm.695.2020.09.07.03.22.51;
        Mon, 07 Sep 2020 03:23:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728960AbgIGKVr (ORCPT <rfc822;qidong1992@gmail.com>
        + 99 others); Mon, 7 Sep 2020 06:21:47 -0400
Received: from ex13-edg-ou-001.vmware.com ([208.91.0.189]:8125 "EHLO
        EX13-EDG-OU-001.vmware.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728421AbgIGKVn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Sep 2020 06:21:43 -0400
Received: from sc9-mailhost3.vmware.com (10.113.161.73) by
 EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP Server id
 15.0.1156.6; Mon, 7 Sep 2020 03:21:33 -0700
Received: from akaher-virtual-machine.eng.vmware.com (unknown [10.197.103.239])
        by sc9-mailhost3.vmware.com (Postfix) with ESMTP id 22D5540271;
        Mon,  7 Sep 2020 03:21:34 -0700 (PDT)
From:   Ajay Kaher <akaher@vmware.com>
To:     <gregkh@linuxfoundation.org>
CC:     <alex.williamson@redhat.com>, <cohuck@redhat.com>,
        <peterx@redhat.com>, <kvm@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>,
        <srivatsab@vmware.com>, <srivatsa@csail.mit.edu>,
        <vsirnapalli@vmware.com>, <akaher@vmware.com>
Subject: [PATCH v4.19.y 0/3] vfio: Fix for CVE-2020-12888
Date:   Mon, 7 Sep 2020 15:47:23 +0530
Message-ID: <1599473843-34234-4-git-send-email-akaher@vmware.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1599473843-34234-1-git-send-email-akaher@vmware.com>
References: <1599473843-34234-1-git-send-email-akaher@vmware.com>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: None (EX13-EDG-OU-001.vmware.com: akaher@vmware.com does not
 designate permitted sender hosts)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
    
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when it is disabled, some h/w devices issue an
interrupt to the CPU to indicate a fatal error condition, crashing the system.
This flaw allows a guest user or process to crash the host system resulting in
a denial of service.
    
Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped
before user access.
    
Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling
remap_pfn_range(). Also provides a list of vmas actively mapping the area which
can later use to invalidate those mappings.
    
Patch 3/ block the user from accessing memory spaces which is disabled by using
new vma list support to zap, or invalidate, those memory mappings in order to
force them to be faulted back in on access.
    
Upstreamed patches link:
https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home
        
[PATCH v4.19.y 1/3]:
Backporting of upsream commit 41311242221e:
vfio/type1: Support faulting PFNMAP vmas
        
[PATCH v4.19.y 2/3]:
Backporting of upsream commit 11c4cd07ba11:
vfio-pci: Fault mmaps to enable vma tracking
        
[PATCH v4.19.y 3/3]:
Backporting of upsream commit abafbc551fdd:
vfio-pci: Invalidate mmaps and block MMIO access on disabled memory