| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0b726a75574ad98200b815f173e59a5378e9df04.camel@linux.ibm.com>
Date: Tue, 04 Jun 2024 18:07:44 +0200
From: Ilya Leoshkevich <iii@...ux.ibm.com>
To: Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
virtualization@...ts.linux-foundation.org
Cc: "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni
<pabeni@...hat.com>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann
<daniel@...earbox.net>,
Jesper Dangaard Brouer <hawk@...nel.org>,
John
Fastabend <john.fastabend@...il.com>, netdev@...r.kernel.org,
bpf@...r.kernel.org, Christoph Hellwig <hch@...radead.org>,
Alexander
Potapenko <glider@...gle.com>
Subject: Re: [PATCH vhost v13 04/12] virtio_ring: support add premapped buf
On Thu, 2023-08-10 at 20:30 +0800, Xuan Zhuo wrote:
> If the vq is the premapped mode, use the sg_dma_address() directly.
>
> Signed-off-by: Xuan Zhuo <xuanzhuo@...ux.alibaba.com>
> ---
> drivers/virtio/virtio_ring.c | 19 +++++++++++++++++--
> 1 file changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/virtio/virtio_ring.c
> b/drivers/virtio/virtio_ring.c
> index 8e81b01e0735..f9f772e85a38 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -361,6 +361,11 @@ static struct device *vring_dma_dev(const struct
> vring_virtqueue *vq)
> static int vring_map_one_sg(const struct vring_virtqueue *vq, struct
> scatterlist *sg,
> enum dma_data_direction direction,
> dma_addr_t *addr)
> {
> + if (vq->premapped) {
> + *addr = sg_dma_address(sg);
> + return 0;
> + }
> +
I wonder if something needs to be done for KMSAN here, like it's done
by the next block in this function? I'm looking into what seems to be a
KMSAN false positive on s390x:
BUG: KMSAN: uninit-value in receive_buf+0x45ca/0x6990
receive_buf+0x45ca/0x6990
virtnet_poll+0x17e0/0x3130
net_rx_action+0x832/0x26e0
handle_softirqs+0x330/0x10f0
[...]
Uninit was created at:
__alloc_pages_noprof+0x62a/0xe60
alloc_pages_noprof+0x392/0x830
skb_page_frag_refill+0x21a/0x5c0
virtnet_rq_alloc+0x50/0x1500
try_fill_recv+0x372/0x54c0
virtnet_open+0x210/0xbe0
__dev_open+0x56e/0x920
__dev_change_flags+0x39c/0x2000
dev_change_flags+0xaa/0x200
do_setlink+0x197a/0x7420
rtnl_setlink+0x77c/0x860
[...]
My understanding is that virtnet_rq_alloc() allocates a page for
receiving data from a virtio device, which is then wrapped in struct
scatterlist by virtnet_rq_init_one_sg(), which is in turn associated
with a virtqueue through the virtqueue_add_inbuf_ctx() ->
virtqueue_add() -> virtqueue_add_split() -> vring_map_one_sg()
call chain.
Someone should unpoison this page (since KMSAN doesn't know that the
hypervisor writes to it), and today for the non-premapped case this is
vring_map_one_sg(). So I tried the following naive fix:
if (vq->premapped) {
*addr = sg_dma_address(sg);
+ if (!vq->use_dma_api) {
+ kmsan_handle_dma(phys_to_page(*addr), sg-
>offset, sg->length, direction);
+ }
but it didn't help. I plan to investigate this further, but any hints
are much appreciated.
> if (!vq->use_dma_api) {
> /*
> * If DMA is not used, KMSAN doesn't know that the
> scatterlist
Powered by blists - more mailing lists