Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp485669pxu; Wed, 25 Nov 2020 08:04:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJz6SXRPJxrLlrEY1CwBQduM63xZSoLtVsjilVpXw8Yryc5l8UEf4/2HOOmG6y3WXZByXCYe X-Received: by 2002:aa7:d459:: with SMTP id q25mr4223897edr.104.1606320258391; Wed, 25 Nov 2020 08:04:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606320258; cv=none; d=google.com; s=arc-20160816; b=pULc1P9BRnOzCALJJX8VVVcx2Cn73Cy5w8rc+Rdlrb7N9ed1ST+ABc35gF0a2xmim4 FMUpECMFS1OvF4U/ykVhA+TR6h89xsKf0bWWBp6Iv2SEUUD8zhIu/ruZ7/CIUNLy0WuQ pgnbL4BBixb9iC7+vPyfKWvJt9vP3nWX6JDEI9x6aeV7NSKy/3W0x3VeQBWbiQjb1aUY 8O3tABOxLwDxHLbWOljMUtpIYHRC8NjqpADXh5V/kkW6By8xcMc7YGGdlCTCrfL/1Dea +SnvMG/8uaDA5r0JMIneiYU+65igx5NaxM6BW38ZpGXHucoJmNj1+emiIG67dnSrce0S mJ/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6UsChBqvJlhq7/VCtB24VhPBOq4VAuCpHpvRtmkDfHo=; b=Vv2cux2T3Re4EyqZ+7E5nA1whNcGLLVitQ1NxwdnLbxv4ieMh8Poe5htASwE9KVkxu TySDKMsBmdvTYbG7DjYtlxBPuequ9Q1RQtCjjA5ofXorAHo9WiBuIM75anFn0Md4tZmg 3l7RHTxx8fExQZgdYhI7y0mUgd5125gyTKY1mfmFb4gfMrL2v5zRk/wdFo1b1yEr8Wz9 /KAn08TQ0k9M0ybsksOXH/vwvNWF11nXpitaPqDvOO4FwOyIhKqm5Dpie4WHG5PZjoJ+ mUbIccKxyT4+WmCvBbYYgoCnppCRawmohlqCg25R/1tdbKZXsn8eXd6O3Tyhka/iEMgm 6TFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="TeMmV/4J"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a16si1419178ejd.678.2020.11.25.08.03.52; Wed, 25 Nov 2020 08:04:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="TeMmV/4J"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730409AbgKYP5S (ORCPT + 99 others); Wed, 25 Nov 2020 10:57:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:41470 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730254AbgKYP5S (ORCPT ); Wed, 25 Nov 2020 10:57:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606319837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=6UsChBqvJlhq7/VCtB24VhPBOq4VAuCpHpvRtmkDfHo=; b=TeMmV/4JInvg6xGTZI71Pov+sRJMMreW4g/G3+Mn7tn39eKJ6EazeqoplBNygf/lFYhMEb Y1yV9Nm2s8CoH8Ldi7fLK2SZkQoxjBMlGGN0Xyn79nchZIz45jh3rJA5LnP1/0heQEycKj Vj7mbbQYFL92Y2DKvPUS0JDUti1EnNw= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-270-OtmzrRf_P7quDOm848VKug-1; Wed, 25 Nov 2020 10:57:14 -0500 X-MC-Unique: OtmzrRf_P7quDOm848VKug-1 Received: by mail-qk1-f198.google.com with SMTP id w189so2876656qkd.6 for ; Wed, 25 Nov 2020 07:57:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6UsChBqvJlhq7/VCtB24VhPBOq4VAuCpHpvRtmkDfHo=; b=LMpew5E8ihj48B7eUaSKhiBafaK+kJ9Jf5IKuKNBoR1hlhBxWHbhEmzPQULU7t3iSN yvXy+cv00hZdkzNVfmZO+bbv8e3dGcWYz+ZCTizOwI/fpwgQCnf8P44SrjWHBYhEz/RY wfNIYef6prIfknDrIvEBL0CnTp9u6i74rYYAqgNbPRaGjfKc0kHKfQYQNX+CkgFWJO1f gf6PTM+s/pGBmd8YHuVHfmO3MYl7Juwp50yuRjwy2sHkHmF5k+LEOw5Ixsx3Tq32RB+r 3S4TpXoNVPNoHspGvvXqiy73GWUb+VgfOv5ltqVsIN89TADjgB/7cXiKnOmKIAGF0cis Qzkw== X-Gm-Message-State: AOAM5314Eme3Wp5ouxpXxKMSozHr1EUJAOC2v2Gl+NllGycUlgCqSkew mXAjMQ+OQxqrVFZzSWzCD6JR8u5BDVF6VsAiw6hNyxyTU70eg0JdbSv5Q2lnHyqZfc2oeOcTmTH g42Zq3nXoj9sflyDH3J2ovOT4 X-Received: by 2002:ac8:3a22:: with SMTP id w31mr3607605qte.361.1606319834457; Wed, 25 Nov 2020 07:57:14 -0800 (PST) X-Received: by 2002:ac8:3a22:: with SMTP id w31mr3607591qte.361.1606319834220; Wed, 25 Nov 2020 07:57:14 -0800 (PST) Received: from xz-x1 ([142.126.81.247]) by smtp.gmail.com with ESMTPSA id d19sm2387953qtd.32.2020.11.25.07.57.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Nov 2020 07:57:13 -0800 (PST) Date: Wed, 25 Nov 2020 10:57:11 -0500 From: Peter Xu To: Justin He Cc: Alex Williamson , Cornelia Huck , "kvm@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Stefan Hajnoczi Subject: Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote() Message-ID: <20201125155711.GA6489@xz-x1> References: <20201119142737.17574-1-justin.he@arm.com> <20201124181228.GA276043@xz-x1> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 25, 2020 at 01:05:25AM +0000, Justin He wrote: > > I'd appreciate if you could explain why vfio needs to dma map some > > PROT_NONE > > Virtiofs will map a PROT_NONE cache window region firstly, then remap the sub > region of that cache window with read or write permission. I guess this might > be an security concern. Just CC virtiofs expert Stefan to answer it more accurately. Yep. Since my previous sentence was cut off, I'll rephrase: I was thinking whether qemu can do vfio maps only until it remaps the PROT_NONE regions into PROT_READ|PROT_WRITE ones, rather than trying to map dma pages upon PROT_NONE. Thanks, -- Peter Xu