| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20201124181228.GA276043@xz-x1>
Date: Tue, 24 Nov 2020 13:12:28 -0500
From: Peter Xu <peterx@...hat.com>
To: Jia He <justin.he@....com>
Cc: Alex Williamson <alex.williamson@...hat.com>,
Cornelia Huck <cohuck@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vfio iommu type1: Bypass the vma permission check in
vfio_pin_pages_remote()
Hi, Jia,
On Thu, Nov 19, 2020 at 10:27:37PM +0800, Jia He wrote:
> The permission of vfio iommu is different and incompatible with vma
> permission. If the iotlb->perm is IOMMU_NONE (e.g. qemu side), qemu will
> simply call unmap ioctl() instead of mapping. Hence vfio_dma_map() can't
> map a dma region with NONE permission.
>
> This corner case will be exposed in coming virtio_fs cache_size
> commit [1]
> - mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> memory_region_init_ram_ptr()
> - re-mmap the above area with read/write authority.
If iiuc here we'll remap the above PROT_NONE into PROT_READ|PROT_WRITE, then...
> - vfio_dma_map() will be invoked when vfio device is hotplug added.
... here I'm slightly confused on why VFIO_IOMMU_MAP_DMA would encounter vma
check fail - aren't they already get rw permissions?
I'd appreciate if you could explain why vfio needs to dma map some PROT_NONE
pages after all, and whether QEMU would be able to postpone the vfio map of
those PROT_NONE pages until they got to become with RW permissions.
Thanks,
--
Peter Xu
Powered by blists - more mailing lists