Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3449307pxk;
        Mon, 7 Sep 2020 13:22:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwV94au1h6mUCK/Rk8ZS+MubxTD06WwuYyQfSYNK30kPKNBdNu2BG8TXwgzv28awKMKCW9a
X-Received: by 2002:a17:906:934f:: with SMTP id p15mr18749502ejw.497.1599510178123;
        Mon, 07 Sep 2020 13:22:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599510178; cv=none;
        d=google.com; s=arc-20160816;
        b=gvV/sk7nNl3P5yRXfr7Q5GEaEwH+seiBvCl+ZxmkgOqwdZjiRsoO25dKoVr2h63z3j
         O1W/HvFkAKEiAEuXQTlYY26PaQ0Ks97FnTc+NXK1rBthZtJ8t8EeA6dEgdBWjfZbf9Yp
         AVnUfyVZUthgXrpW35a56fnq+QHGJqopLTD74gxY/0kgQALdaI/LOykSkORINdw8Lwzd
         CWLErfboLYtfIvYZi2Q4vV0kpZShSIQ9fFD0LAz5/EXNLGNyYRA/tJNKE2miA1zDePah
         w+rlJHPbYM0VeZGwoU3PW/Mf4atodmP7KyjTk4wgkqvY8oW25DQyRMKZJZm0AYgUB1GK
         cIow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from;
        bh=bepPiMSFR209FkaQAPU/pFKPo8j45tBsLJsHknY+QqU=;
        b=t+0sGTrShV5iuezQAI4+vdQZkbsoj7NPj6FvNbNsuRd7F5nEK9fFRKf7V2ZlHs73Zw
         fw4jjNqYUvOFgodB+vIv+CtUSqcBuyNusyksWXgj0+JHDrXei+CABiXDKuxdWFj+0Lqd
         OneFJq8UCGXLJY/koGV7+p/XcgcCG7WNhJ/YZt8wkAt+C1zQRIaDMWujNmJu52ePCwjn
         f8EaNWvFoQJ11p5rUphUrL2OoJZp1hYVVQiGAX/kA1Thf1skuQN1E589Tx57Nq7Otpk4
         6FaLAQSbOo/uBuah0igTb6IlYlDpJiO38YIUC2fMkMD0A2wTV/kGUs+oSHKY6IaJj8ER
         uy0g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g25si8747003edu.330.2020.09.07.13.22.36;
        Mon, 07 Sep 2020 13:22:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vmware.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729747AbgIGUVg (ORCPT <rfc822;jaegeuk-test@gmail.com>
        + 99 others); Mon, 7 Sep 2020 16:21:36 -0400
Received: from ex13-edg-ou-001.vmware.com ([208.91.0.189]:17994 "EHLO
        EX13-EDG-OU-001.vmware.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1729658AbgIGUVZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 7 Sep 2020 16:21:25 -0400
Received: from sc9-mailhost3.vmware.com (10.113.161.73) by
 EX13-EDG-OU-001.vmware.com (10.113.208.155) with Microsoft SMTP Server id
 15.0.1156.6; Mon, 7 Sep 2020 13:21:21 -0700
Received: from akaher-virtual-machine.eng.vmware.com (unknown [10.197.103.239])
        by sc9-mailhost3.vmware.com (Postfix) with ESMTP id EF9574072D;
        Mon,  7 Sep 2020 13:21:21 -0700 (PDT)
From:   Ajay Kaher <akaher@vmware.com>
To:     <gregkh@linuxfoundation.org>, <sashal@kernel.org>
CC:     <alex.williamson@redhat.com>, <cohuck@redhat.com>,
        <peterx@redhat.com>, <kvm@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>,
        <srivatsab@vmware.com>, <srivatsa@csail.mit.edu>,
        <vsirnapalli@vmware.com>, <akaher@vmware.com>
Subject: [PATCH v4.14.y 0/3] vfio: Fix for CVE-2020-12888
Date:   Tue, 8 Sep 2020 01:47:08 +0530
Message-ID: <1599509828-23596-4-git-send-email-akaher@vmware.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1599509828-23596-1-git-send-email-akaher@vmware.com>
References: <1599509828-23596-1-git-send-email-akaher@vmware.com>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: None (EX13-EDG-OU-001.vmware.com: akaher@vmware.com does not
 designate permitted sender hosts)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
    
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when it is disabled, some h/w devices issue an
interrupt to the CPU to indicate a fatal error condition, crashing the system.
This flaw allows a guest user or process to crash the host system resulting in
a denial of service.
    
Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped
before user access.
    
Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling
remap_pfn_range(). Also provides a list of vmas actively mapping the area which
can later use to invalidate those mappings.
    
Patch 3/ block the user from accessing memory spaces which is disabled by using
new vma list support to zap, or invalidate, those memory mappings in order to
force them to be faulted back in on access.
    
Upstreamed patches link:
https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home
        
[PATCH v4.14.y 1/3]:
Backporting of upsream commit 41311242221e:
vfio/type1: Support faulting PFNMAP vmas
        
[PATCH v4.14.y 2/3]:
Backporting of upsream commit 11c4cd07ba11:
vfio-pci: Fault mmaps to enable vma tracking
        
[PATCH v4.14.y 3/3]:
Backporting of upsream commit abafbc551fdd:
vfio-pci: Invalidate mmaps and block MMIO access on disabled memory