From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753924AbdCOLFs (ORCPT ); Wed, 15 Mar 2017 07:05:48 -0400 Received: from mail-wr0-f178.google.com ([209.85.128.178]:36750 "EHLO mail-wr0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753902AbdCOLFk (ORCPT ); Wed, 15 Mar 2017 07:05:40 -0400 Date: Wed, 15 Mar 2017 12:05:26 +0100 From: Christoffer Dall To: Suzuki K Poulose Cc: linux-arm-kernel@lists.infradead.org, andreyknvl@google.com, dvyukov@google.com, marc.zyngier@arm.com, christoffer.dall@linaro.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, kcc@google.com, syzkaller@googlegroups.com, will.deacon@arm.com, catalin.marinas@arm.com, pbonzini@redhat.com, mark.rutland@arm.com, ard.biesheuvel@linaro.org, stable@vger.kernel.org Subject: Re: [PATCH 2/3] kvm: arm/arm64: Take mmap_sem in kvm_arch_prepare_memory_region Message-ID: <20170315110526.GC31974@cbox> References: <1489503154-20705-1-git-send-email-suzuki.poulose@arm.com> <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 14, 2017 at 02:52:33PM +0000, Suzuki K Poulose wrote: > From: Marc Zyngier > > We don't hold the mmap_sem while searching for VMAs (via find_vma), in > kvm_arch_prepare_memory_region, which can end up in expected failures. > > Fixes: commit 8eef91239e57 ("arm/arm64: KVM: map MMIO regions at creation time") > Cc: Ard Biesheuvel > Cc: Christoffer Dall > Cc: Eric Auger > Cc: stable@vger.kernel.org # v3.18+ > Signed-off-by: Marc Zyngier > [ Handle dirty page logging failure case ] > Signed-off-by: Suzuki K Poulose Reviewed-by: Christoffer Dall > --- > arch/arm/kvm/mmu.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c > index f2e2e0c..13b9c1f 100644 > --- a/arch/arm/kvm/mmu.c > +++ b/arch/arm/kvm/mmu.c > @@ -1803,6 +1803,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > (KVM_PHYS_SIZE >> PAGE_SHIFT)) > return -EFAULT; > > + down_read(¤t->mm->mmap_sem); > /* > * A memory region could potentially cover multiple VMAs, and any holes > * between them, so iterate over all of them to find out if we can map > @@ -1846,8 +1847,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > pa += vm_start - vma->vm_start; > > /* IO region dirty page logging not allowed */ > - if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) > - return -EINVAL; > + if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) { > + ret = -EINVAL; > + goto out; > + } > > ret = kvm_phys_addr_ioremap(kvm, gpa, pa, > vm_end - vm_start, > @@ -1859,7 +1862,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > } while (hva < reg_end); > > if (change == KVM_MR_FLAGS_ONLY) > - return ret; > + goto out; > > spin_lock(&kvm->mmu_lock); > if (ret) > @@ -1867,6 +1870,8 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > else > stage2_flush_memslot(kvm, memslot); > spin_unlock(&kvm->mmu_lock); > +out: > + up_read(¤t->mm->mmap_sem); > return ret; > } > > -- > 2.7.4 > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoffer Dall Subject: Re: [PATCH 2/3] kvm: arm/arm64: Take mmap_sem in kvm_arch_prepare_memory_region Date: Wed, 15 Mar 2017 12:05:26 +0100 Message-ID: <20170315110526.GC31974@cbox> References: <1489503154-20705-1-git-send-email-suzuki.poulose@arm.com> <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org, ard.biesheuvel@linaro.org, marc.zyngier@arm.com, andreyknvl@google.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, stable@vger.kernel.org, kcc@google.com, syzkaller@googlegroups.com, dvyukov@google.com, catalin.marinas@arm.com, pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu To: Suzuki K Poulose Return-path: Content-Disposition: inline In-Reply-To: <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu List-Id: kvm.vger.kernel.org On Tue, Mar 14, 2017 at 02:52:33PM +0000, Suzuki K Poulose wrote: > From: Marc Zyngier > > We don't hold the mmap_sem while searching for VMAs (via find_vma), in > kvm_arch_prepare_memory_region, which can end up in expected failures. > > Fixes: commit 8eef91239e57 ("arm/arm64: KVM: map MMIO regions at creation time") > Cc: Ard Biesheuvel > Cc: Christoffer Dall > Cc: Eric Auger > Cc: stable@vger.kernel.org # v3.18+ > Signed-off-by: Marc Zyngier > [ Handle dirty page logging failure case ] > Signed-off-by: Suzuki K Poulose Reviewed-by: Christoffer Dall > --- > arch/arm/kvm/mmu.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c > index f2e2e0c..13b9c1f 100644 > --- a/arch/arm/kvm/mmu.c > +++ b/arch/arm/kvm/mmu.c > @@ -1803,6 +1803,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > (KVM_PHYS_SIZE >> PAGE_SHIFT)) > return -EFAULT; > > + down_read(¤t->mm->mmap_sem); > /* > * A memory region could potentially cover multiple VMAs, and any holes > * between them, so iterate over all of them to find out if we can map > @@ -1846,8 +1847,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > pa += vm_start - vma->vm_start; > > /* IO region dirty page logging not allowed */ > - if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) > - return -EINVAL; > + if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) { > + ret = -EINVAL; > + goto out; > + } > > ret = kvm_phys_addr_ioremap(kvm, gpa, pa, > vm_end - vm_start, > @@ -1859,7 +1862,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > } while (hva < reg_end); > > if (change == KVM_MR_FLAGS_ONLY) > - return ret; > + goto out; > > spin_lock(&kvm->mmu_lock); > if (ret) > @@ -1867,6 +1870,8 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > else > stage2_flush_memslot(kvm, memslot); > spin_unlock(&kvm->mmu_lock); > +out: > + up_read(¤t->mm->mmap_sem); > return ret; > } > > -- > 2.7.4 > From mboxrd@z Thu Jan 1 00:00:00 1970 From: cdall@linaro.org (Christoffer Dall) Date: Wed, 15 Mar 2017 12:05:26 +0100 Subject: [PATCH 2/3] kvm: arm/arm64: Take mmap_sem in kvm_arch_prepare_memory_region In-Reply-To: <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> References: <1489503154-20705-1-git-send-email-suzuki.poulose@arm.com> <1489503154-20705-3-git-send-email-suzuki.poulose@arm.com> Message-ID: <20170315110526.GC31974@cbox> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Tue, Mar 14, 2017 at 02:52:33PM +0000, Suzuki K Poulose wrote: > From: Marc Zyngier > > We don't hold the mmap_sem while searching for VMAs (via find_vma), in > kvm_arch_prepare_memory_region, which can end up in expected failures. > > Fixes: commit 8eef91239e57 ("arm/arm64: KVM: map MMIO regions at creation time") > Cc: Ard Biesheuvel > Cc: Christoffer Dall > Cc: Eric Auger > Cc: stable at vger.kernel.org # v3.18+ > Signed-off-by: Marc Zyngier > [ Handle dirty page logging failure case ] > Signed-off-by: Suzuki K Poulose Reviewed-by: Christoffer Dall > --- > arch/arm/kvm/mmu.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c > index f2e2e0c..13b9c1f 100644 > --- a/arch/arm/kvm/mmu.c > +++ b/arch/arm/kvm/mmu.c > @@ -1803,6 +1803,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > (KVM_PHYS_SIZE >> PAGE_SHIFT)) > return -EFAULT; > > + down_read(¤t->mm->mmap_sem); > /* > * A memory region could potentially cover multiple VMAs, and any holes > * between them, so iterate over all of them to find out if we can map > @@ -1846,8 +1847,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > pa += vm_start - vma->vm_start; > > /* IO region dirty page logging not allowed */ > - if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) > - return -EINVAL; > + if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) { > + ret = -EINVAL; > + goto out; > + } > > ret = kvm_phys_addr_ioremap(kvm, gpa, pa, > vm_end - vm_start, > @@ -1859,7 +1862,7 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > } while (hva < reg_end); > > if (change == KVM_MR_FLAGS_ONLY) > - return ret; > + goto out; > > spin_lock(&kvm->mmu_lock); > if (ret) > @@ -1867,6 +1870,8 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > else > stage2_flush_memslot(kvm, memslot); > spin_unlock(&kvm->mmu_lock); > +out: > + up_read(¤t->mm->mmap_sem); > return ret; > } > > -- > 2.7.4 >