lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <0b726a75574ad98200b815f173e59a5378e9df04.camel@linux.ibm.com> Date: Tue, 04 Jun 2024 18:07:44 +0200 From: Ilya Leoshkevich <iii@...ux.ibm.com> To: Xuan Zhuo <xuanzhuo@...ux.alibaba.com>, virtualization@...ts.linux-foundation.org Cc: "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Jesper Dangaard Brouer <hawk@...nel.org>, John Fastabend <john.fastabend@...il.com>, netdev@...r.kernel.org, bpf@...r.kernel.org, Christoph Hellwig <hch@...radead.org>, Alexander Potapenko <glider@...gle.com> Subject: Re: [PATCH vhost v13 04/12] virtio_ring: support add premapped buf On Thu, 2023-08-10 at 20:30 +0800, Xuan Zhuo wrote: > If the vq is the premapped mode, use the sg_dma_address() directly. > > Signed-off-by: Xuan Zhuo <xuanzhuo@...ux.alibaba.com> > --- > drivers/virtio/virtio_ring.c | 19 +++++++++++++++++-- > 1 file changed, 17 insertions(+), 2 deletions(-) > > diff --git a/drivers/virtio/virtio_ring.c > b/drivers/virtio/virtio_ring.c > index 8e81b01e0735..f9f772e85a38 100644 > --- a/drivers/virtio/virtio_ring.c > +++ b/drivers/virtio/virtio_ring.c > @@ -361,6 +361,11 @@ static struct device *vring_dma_dev(const struct > vring_virtqueue *vq) > static int vring_map_one_sg(const struct vring_virtqueue *vq, struct > scatterlist *sg, > enum dma_data_direction direction, > dma_addr_t *addr) > { > + if (vq->premapped) { > + *addr = sg_dma_address(sg); > + return 0; > + } > + I wonder if something needs to be done for KMSAN here, like it's done by the next block in this function? I'm looking into what seems to be a KMSAN false positive on s390x: BUG: KMSAN: uninit-value in receive_buf+0x45ca/0x6990 receive_buf+0x45ca/0x6990 virtnet_poll+0x17e0/0x3130 net_rx_action+0x832/0x26e0 handle_softirqs+0x330/0x10f0 [...] Uninit was created at: __alloc_pages_noprof+0x62a/0xe60 alloc_pages_noprof+0x392/0x830 skb_page_frag_refill+0x21a/0x5c0 virtnet_rq_alloc+0x50/0x1500 try_fill_recv+0x372/0x54c0 virtnet_open+0x210/0xbe0 __dev_open+0x56e/0x920 __dev_change_flags+0x39c/0x2000 dev_change_flags+0xaa/0x200 do_setlink+0x197a/0x7420 rtnl_setlink+0x77c/0x860 [...] My understanding is that virtnet_rq_alloc() allocates a page for receiving data from a virtio device, which is then wrapped in struct scatterlist by virtnet_rq_init_one_sg(), which is in turn associated with a virtqueue through the virtqueue_add_inbuf_ctx() -> virtqueue_add() -> virtqueue_add_split() -> vring_map_one_sg() call chain. Someone should unpoison this page (since KMSAN doesn't know that the hypervisor writes to it), and today for the non-premapped case this is vring_map_one_sg(). So I tried the following naive fix: if (vq->premapped) { *addr = sg_dma_address(sg); + if (!vq->use_dma_api) { + kmsan_handle_dma(phys_to_page(*addr), sg- >offset, sg->length, direction); + } but it didn't help. I plan to investigate this further, but any hints are much appreciated. > if (!vq->use_dma_api) { > /* > * If DMA is not used, KMSAN doesn't know that the > scatterlist
Powered by blists - more mailing lists