Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp4197405pxk; Tue, 8 Sep 2020 13:17:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyKoRM1OIQz6jaQOTep/31XtSJBkJAYvS4dZyP7SDqVMf1Skqf1rgAM7EE49KYfs21kjzQX X-Received: by 2002:a17:906:48d6:: with SMTP id d22mr185668ejt.462.1599596225802; Tue, 08 Sep 2020 13:17:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599596225; cv=none; d=google.com; s=arc-20160816; b=aHybp8k0RLzKOZumEfkscLDxShgWqLj65YcFGw5O4BAho3N6aavrfs37XYipvAHMmV IYVtqv+8BKjPzwfEnb8iBpxoShx5EDCKaRXKpPR9OaGwUO9Ho7lQrz8gQY6scO6AYi3N WtyyDyjYo1KFsWrunPoYGfNAluc5rlXVgge5+cOy+H2Gd8oPVy5KOuuR3SCw56Ez+2GG n6leA0r+jg7/oQNrCZC2i2XmFbHWmQAU42u+2nN1lIjfWwB+tUo0HmVd7ajbXG0UnN/o JYYbl078sNMRnaD/N2bBZnMGj188RtHnIHAB9Zcg28bMlEM4GdeZ9KKLDfGJ9tBSRYEL keLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=FZa+iT6uJluJlrs0f7SlUYi8Jd20qJSgs2ucWw1RdNE=; b=Oqa93gJuZnb2SsqA4WLxjRIg/RZCgnx+8K5DjyX1O9T4kqJvZOnmnZbiKWDv3TTvU0 M54qeBcY3LHGDBOu/tzWJfAsBz+5Uo4xbEy4C2wjAma3Ib/EEIVpSPLd1YclV04A8Xuh FyWBnrmIMy9rMj7XLHg+rJl3ftuEu2D8nzzo2NuzGB7GQl5jSwRRppx7TvVZBnuQoeB8 HrWTfcil1M6W4D1PU5oXls2btw2KSZy76l5pjoz+UBIDVb+P/ay4iJ8Qs7zwX4SWL0HK KgCAKboi+URkNkNEWtlXm+csLd74f7/ZwtBvJF4dYFajTsCHPQm8pF65tNY4MbEQQnR0 kcIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KNM4TtzK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m25si52549ejb.269.2020.09.08.13.16.41; Tue, 08 Sep 2020 13:17:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KNM4TtzK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730435AbgIHUQI (ORCPT + 99 others); Tue, 8 Sep 2020 16:16:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:60803 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730067AbgIHPKC (ORCPT ); Tue, 8 Sep 2020 11:10:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599577783; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FZa+iT6uJluJlrs0f7SlUYi8Jd20qJSgs2ucWw1RdNE=; b=KNM4TtzKm2ZvhqJZIscJeevndAlkwg7sKMf73shwY4ZYBnGHV9iphOgR+SObdC6fmkfwpW 5BUI7H1aC/8cfqXtl73fr0FLSJYwFny4FLL4M/iYHtKv2dUGyEfeOLF0lDBy9xdy5FRLAx b9iU4nbF8NQWtaZJl/iSclGvAVVSEIE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-565-COb6RyaJPwm5J6x8ijO5ng-1; Tue, 08 Sep 2020 10:29:17 -0400 X-MC-Unique: COb6RyaJPwm5J6x8ijO5ng-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6D9021005E5C; Tue, 8 Sep 2020 14:29:15 +0000 (UTC) Received: from w520.home (ovpn-112-71.phx2.redhat.com [10.3.112.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3928560C84; Tue, 8 Sep 2020 14:29:05 +0000 (UTC) Date: Tue, 8 Sep 2020 08:29:04 -0600 From: Alex Williamson To: Ajay Kaher Cc: , , , , , , , , , Subject: Re: [PATCH v4.14.y 0/3] vfio: Fix for CVE-2020-12888 Message-ID: <20200908082904.045ff744@w520.home> In-Reply-To: <1599509828-23596-4-git-send-email-akaher@vmware.com> References: <1599509828-23596-1-git-send-email-akaher@vmware.com> <1599509828-23596-4-git-send-email-akaher@vmware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 8 Sep 2020 01:47:08 +0530 Ajay Kaher wrote: > CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some > devices may lead to DoS scenario > > The VFIO modules allow users (guest VMs) to enable or disable access to the > devices' MMIO memory address spaces. If a user attempts to access (read/write) > the devices' MMIO address space when it is disabled, some h/w devices issue an > interrupt to the CPU to indicate a fatal error condition, crashing the system. > This flaw allows a guest user or process to crash the host system resulting in > a denial of service. > > Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped > before user access. > > Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling > remap_pfn_range(). Also provides a list of vmas actively mapping the area which > can later use to invalidate those mappings. > > Patch 3/ block the user from accessing memory spaces which is disabled by using > new vma list support to zap, or invalidate, those memory mappings in order to > force them to be faulted back in on access. > > Upstreamed patches link: > https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home > > [PATCH v4.14.y 1/3]: > Backporting of upsream commit 41311242221e: > vfio/type1: Support faulting PFNMAP vmas > > [PATCH v4.14.y 2/3]: > Backporting of upsream commit 11c4cd07ba11: > vfio-pci: Fault mmaps to enable vma tracking > > [PATCH v4.14.y 3/3]: > Backporting of upsream commit abafbc551fdd: > vfio-pci: Invalidate mmaps and block MMIO access on disabled memory > I'd recommend also including the following or else SR-IOV VFs will be broken for DPDK: commit ebfa440ce38b7e2e04c3124aa89c8a9f4094cf21 Author: Alex Williamson Date: Thu Jun 25 11:04:23 2020 -0600 vfio/pci: Fix SR-IOV VF handling with MMIO blocking SR-IOV VFs do not implement the memory enable bit of the command register, therefore this bit is not set in config space after pci_enable_device(). This leads to an unintended difference between PF and VF in hand-off state to the user. We can correct this by setting the initial value of the memory enable bit in our virtualized config space. There's really no need however to ever fault a user on a VF though as this would only indicate an error in the user's management of the enable bit, versus a PF where the same access could trigger hardware faults. Fixes: abafbc551fdd ("vfio-pci: Invalidate mmaps and block MMIO access on disabled memory") Signed-off-by: Alex Williamson