| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Apr 2021 10:06:39 +0100
From: Marc Zyngier <maz@...nel.org>
To: Krishna Reddy <vdumpa@...dia.com>
Cc: Sumit Gupta <sumitg@...dia.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
"eric.auger@...hat.com" <eric.auger@...hat.com>,
"alex.williamson@...hat.com" <alex.williamson@...hat.com>,
"eric.auger.pro@...il.com" <eric.auger.pro@...il.com>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
"jiangkunkun@...wei.com" <jiangkunkun@...wei.com>,
"joro@...tes.org" <joro@...tes.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"kvmarm@...ts.cs.columbia.edu" <kvmarm@...ts.cs.columbia.edu>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"lushenming@...wei.com" <lushenming@...wei.com>,
"robin.murphy@....com" <robin.murphy@....com>,
"tn@...ihalf.com" <tn@...ihalf.com>,
"vivek.gautam@....com" <vivek.gautam@....com>,
Vikram Sethi <vsethi@...dia.com>,
"wangxingang5@...wei.com" <wangxingang5@...wei.com>,
"will@...nel.org" <will@...nel.org>,
"zhangfei.gao@...aro.org" <zhangfei.gao@...aro.org>,
"zhukeqian1@...wei.com" <zhukeqian1@...wei.com>,
Sachin Nikam <Snikam@...dia.com>,
Bibek Basu <bbasu@...dia.com>,
Shanker Donthineni <sdonthineni@...dia.com>
Subject: Re: [PATCH v14 00/13] SMMUv3 Nested Stage Setup (IOMMU part)
On Fri, 23 Apr 2021 18:58:23 +0100,
Krishna Reddy <vdumpa@...dia.com> wrote:
>
> >> Did that patch cause any issue, or is it just not needed on your system?
> >> It fixes an hypothetical problem with the way ATS is implemented.
> >> Maybe I actually observed it on an old software model, I don't
> >> remember. Either way it's unlikely to go upstream but I'd like to know
> >> if I should drop it from my tree.
>
> > Had to revert same patch "mm: notify remote TLBs when dirtying a PTE" to
> > avoid below crash[1]. I am not sure about the cause yet.
>
> I have noticed this issue earlier with patch pointed here and root
> caused the issue as below. It happens after vfio_mmap request from
> QEMU for the PCIe device and during the access of VA when PTE access
> flags are updated.
>
> kvm_mmu_notifier_change_pte() --> kvm_set_spte_hve() -->
> kvm_set_spte_hva() --> clean_dcache_guest_page()
>
> The validation model doesn't have FWB capability supported.
> __clean_dcache_guest_page() attempts to perform dcache flush on pcie
> bar address(not a valid_pfn()) through page_address(), which doesn't
> have page table mapping and leads to exception.
>
> I have worked around the issue by filtering out the request if the
> pfn is not valid in __clean_dcache_guest_page(). As the patch
> wasn't posted in the community, reverted it as well.
That's papering over the real issue, and this mapping path needs
fixing as it was only ever expected to be called for CoW.
Can you please try the following patch and let me know if that fixes
the issue for good?
Thanks,
M.
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 77cb2d28f2a4..b62dd40a4083 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1147,7 +1147,8 @@ int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte)
* We've moved a page around, probably through CoW, so let's treat it
* just like a translation fault and clean the cache to the PoC.
*/
- clean_dcache_guest_page(pfn, PAGE_SIZE);
+ if (!kvm_is_device_pfn(pfn))
+ clean_dcache_guest_page(pfn, PAGE_SIZE);
handle_hva_to_gpa(kvm, hva, end, &kvm_set_spte_handler, &pfn);
return 0;
}
--
Without deviation from the norm, progress is not possible.
Powered by blists - more mailing lists