Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3347459pxk; Mon, 7 Sep 2020 10:13:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxPkLfyNKdtRv8b32R5wXSv2MuDC7LR0MoiqisStmoK/Qxjql1AiI2LZqhx3FFhI+z6Vyud X-Received: by 2002:a17:907:110f:: with SMTP id qu15mr18758820ejb.359.1599498788646; Mon, 07 Sep 2020 10:13:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599498788; cv=none; d=google.com; s=arc-20160816; b=rG3qBr5lo2Slc2eLt87kOFm6zyrWTKWxSLaBV2QjRI/kka/YjaiZfNZ0r7RPjNKBSW UWVbBQWomjkMNPibH6jkC2Ax6f9lwNuLS0NvXbBHcipGQnNtMGnNpnDvKVaNRkvXKt9V bDaxdwh0on6Pj64OrNSyufLdpe9qXgdZ/HfjBtWWyeLxBzOmfXfvR2VB7XqLhE1hecq1 ki8c1MIL6rv2OGW2VyS01nvFyJx7gIAE+S4zWn7TxUYp2P6C1+qiInr8AF/hRgH6km/C otcMLGSOcvyTwgchg0QfuJ/kE8QpbwQQGa9dsNCB66Miygn8y92bS/xUJSp8lTWGrN34 jGWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=GtZA0HOOj/9AAVWeGD3Ez4awszPPp8Qfrv5QWbcCz+o=; b=csPMRnL2Xvsjt7BhQp6JD2ZYkhpL1eH4pWToOl3Bi1b0FnzJl/VXWp4O9EvAPaH0y2 pHS1Awg9UkwvyA/Qg5NR2V1YzWdr65w5If4/kLUwhEtpPjwJqOEU26oYf/KH7TaIi88E xTzKc9puwYdnr4uUSD7BXxmIuXelPERkpxA6d2gKAxOk8K6ODX6bZRRWYAwi6W/Rtz4s /blWAzbrOA2qm2DHpJ2eyk1FwRtqTqKWsz0YGNrWd5MYTC6R5h8ZLF3rMZ9bMhZShbu6 hDJmQByKx0YJVoFwRE3EYnBTxAmYZe8JnL9rv2maYmym1F6M9A9a2+b2F1xw1rYe3Z0W KMXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yZUdJ2q+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t25si10087133ejs.675.2020.09.07.10.12.46; Mon, 07 Sep 2020 10:13:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yZUdJ2q+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730750AbgIGRKQ (ORCPT + 99 others); Mon, 7 Sep 2020 13:10:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:38244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729826AbgIGRJN (ORCPT ); Mon, 7 Sep 2020 13:09:13 -0400 Received: from localhost (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5FD98206B8; Mon, 7 Sep 2020 17:09:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599498552; bh=c+LatMKoM5/1BtRYscz0019UW7w/K1nTQivhKbKM+5A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yZUdJ2q+CoFJrKpQif7Uu7/CVm3k0fTvJEpPo2b076qALItHtgWLU8Vlioo9h2dCm n7jtruYdt9WQgX6MMRzzhTaGZMCfSpIxra9rrOY37S+ebdGDJ4PTJCjltfLVt4iruz K5o/ZS2od70QbhK4hxG6TRP5XQsNOyQLo6JUhBew= Date: Mon, 7 Sep 2020 13:09:11 -0400 From: Sasha Levin To: Ajay Kaher Cc: gregkh@linuxfoundation.org, alex.williamson@redhat.com, cohuck@redhat.com, peterx@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, srivatsab@vmware.com, srivatsa@csail.mit.edu, vsirnapalli@vmware.com Subject: Re: [PATCH v5.4.y 0/3] vfio: Fix for CVE-2020-12888 Message-ID: <20200907170911.GM8670@sasha-vm> References: <1599401277-32172-1-git-send-email-akaher@vmware.com> <1599401277-32172-4-git-send-email-akaher@vmware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1599401277-32172-4-git-send-email-akaher@vmware.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 06, 2020 at 07:37:57PM +0530, Ajay Kaher wrote: >CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some >devices may lead to DoS scenario > >The VFIO modules allow users (guest VMs) to enable or disable access to the >devices' MMIO memory address spaces. If a user attempts to access (read/write) >the devices' MMIO address space when it is disabled, some h/w devices issue an >interrupt to the CPU to indicate a fatal error condition, crashing the system. >This flaw allows a guest user or process to crash the host system resulting in >a denial of service. > >Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped >before user access. > >Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling >remap_pfn_range(). Also provides a list of vmas actively mapping the area which >can later use to invalidate those mappings. > >Patch 3/ block the user from accessing memory spaces which is disabled by using >new vma list support to zap, or invalidate, those memory mappings in order to >force them to be faulted back in on access. I've queued this and the 4.19 backports, thanks! -- Thanks, Sasha