All of lore.kernel.org
 help / color / mirror / Atom feed
* [PULL for-6.1 0/1] Block patches
@ 2021-07-26  8:53 Stefan Hajnoczi
  2021-07-26  8:53 ` [PULL for-6.1 1/1] block/nvme: Fix VFIO_MAP_DMA failed: No space left on device Stefan Hajnoczi
  2021-07-26 19:43 ` [PULL for-6.1 0/1] Block patches Peter Maydell
  0 siblings, 2 replies; 3+ messages in thread
From: Stefan Hajnoczi @ 2021-07-26  8:53 UTC (permalink / raw)
  To: qemu-devel, Peter Maydell
  Cc: Fam Zheng, Kevin Wolf, qemu-block, Stefan Hajnoczi, Max Reitz

The following changes since commit a2376507f615495b1d16685449ce0ea78c2caf9d:

  Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging (2021-07-24 11:04:57 +0100)

are available in the Git repository at:

  https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 15a730e7a3aaac180df72cd5730e0617bcf44a5a:

  block/nvme: Fix VFIO_MAP_DMA failed: No space left on device (2021-07-26 09:38:12 +0100)

----------------------------------------------------------------
Pull request

Phil's block/nvme.c ENOSPC fix for newer Linux kernels that return this errno.

----------------------------------------------------------------

Philippe Mathieu-Daudé (1):
  block/nvme: Fix VFIO_MAP_DMA failed: No space left on device

 block/nvme.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

-- 
2.31.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PULL for-6.1 1/1] block/nvme: Fix VFIO_MAP_DMA failed: No space left on device
  2021-07-26  8:53 [PULL for-6.1 0/1] Block patches Stefan Hajnoczi
@ 2021-07-26  8:53 ` Stefan Hajnoczi
  2021-07-26 19:43 ` [PULL for-6.1 0/1] Block patches Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Stefan Hajnoczi @ 2021-07-26  8:53 UTC (permalink / raw)
  To: qemu-devel, Peter Maydell
  Cc: Fam Zheng, Kevin Wolf, qemu-block, Michal Prívozník,
	qemu-stable, Max Reitz, Alex Williamson, Stefan Hajnoczi,
	Maxim Levitsky, Philippe Mathieu-Daudé

From: Philippe Mathieu-Daudé <philmd@redhat.com>

When the NVMe block driver was introduced (see commit bdd6a90a9e5,
January 2018), Linux VFIO_IOMMU_MAP_DMA ioctl was only returning
-ENOMEM in case of error. The driver was correctly handling the
error path to recycle its volatile IOVA mappings.

To fix CVE-2019-3882, Linux commit 492855939bdb ("vfio/type1: Limit
DMA mappings per container", April 2019) added the -ENOSPC error to
signal the user exhausted the DMA mappings available for a container.

The block driver started to mis-behave:

  qemu-system-x86_64: VFIO_MAP_DMA failed: No space left on device
  (qemu)
  (qemu) info status
  VM status: paused (io-error)
  (qemu) c
  VFIO_MAP_DMA failed: No space left on device
  (qemu) c
  VFIO_MAP_DMA failed: No space left on device

(The VM is not resumable from here, hence stuck.)

Fix by handling the new -ENOSPC error (when DMA mappings are
exhausted) without any distinction to the current -ENOMEM error,
so we don't change the behavior on old kernels where the CVE-2019-3882
fix is not present.

An easy way to reproduce this bug is to restrict the DMA mapping
limit (65535 by default) when loading the VFIO IOMMU module:

  # modprobe vfio_iommu_type1 dma_entry_limit=666

Cc: qemu-stable@nongnu.org
Cc: Fam Zheng <fam@euphon.net>
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Reported-by: Michal Prívozník <mprivozn@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210723195843.1032825-1-philmd@redhat.com
Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
Buglink: https://bugs.launchpad.net/qemu/+bug/1863333
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/65
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/nvme.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/block/nvme.c b/block/nvme.c
index 2b5421e7aa..e8dbbc2317 100644
--- a/block/nvme.c
+++ b/block/nvme.c
@@ -1030,7 +1030,29 @@ try_map:
         r = qemu_vfio_dma_map(s->vfio,
                               qiov->iov[i].iov_base,
                               len, true, &iova);
+        if (r == -ENOSPC) {
+            /*
+             * In addition to the -ENOMEM error, the VFIO_IOMMU_MAP_DMA
+             * ioctl returns -ENOSPC to signal the user exhausted the DMA
+             * mappings available for a container since Linux kernel commit
+             * 492855939bdb ("vfio/type1: Limit DMA mappings per container",
+             * April 2019, see CVE-2019-3882).
+             *
+             * This block driver already handles this error path by checking
+             * for the -ENOMEM error, so we directly replace -ENOSPC by
+             * -ENOMEM. Beside, -ENOSPC has a specific meaning for blockdev
+             * coroutines: it triggers BLOCKDEV_ON_ERROR_ENOSPC and
+             * BLOCK_ERROR_ACTION_STOP which stops the VM, asking the operator
+             * to add more storage to the blockdev. Not something we can do
+             * easily with an IOMMU :)
+             */
+            r = -ENOMEM;
+        }
         if (r == -ENOMEM && retry) {
+            /*
+             * We exhausted the DMA mappings available for our container:
+             * recycle the volatile IOVA mappings.
+             */
             retry = false;
             trace_nvme_dma_flush_queue_wait(s);
             if (s->dma_map_count) {
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PULL for-6.1 0/1] Block patches
  2021-07-26  8:53 [PULL for-6.1 0/1] Block patches Stefan Hajnoczi
  2021-07-26  8:53 ` [PULL for-6.1 1/1] block/nvme: Fix VFIO_MAP_DMA failed: No space left on device Stefan Hajnoczi
@ 2021-07-26 19:43 ` Peter Maydell
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2021-07-26 19:43 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: Fam Zheng, Kevin Wolf, QEMU Developers, Qemu-block, Max Reitz

On Mon, 26 Jul 2021 at 09:53, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> The following changes since commit a2376507f615495b1d16685449ce0ea78c2caf9d:
>
>   Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging (2021-07-24 11:04:57 +0100)
>
> are available in the Git repository at:
>
>   https://gitlab.com/stefanha/qemu.git tags/block-pull-request
>
> for you to fetch changes up to 15a730e7a3aaac180df72cd5730e0617bcf44a5a:
>
>   block/nvme: Fix VFIO_MAP_DMA failed: No space left on device (2021-07-26 09:38:12 +0100)
>
> ----------------------------------------------------------------
> Pull request
>
> Phil's block/nvme.c ENOSPC fix for newer Linux kernels that return this errno.
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.1
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-07-26 19:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-26  8:53 [PULL for-6.1 0/1] Block patches Stefan Hajnoczi
2021-07-26  8:53 ` [PULL for-6.1 1/1] block/nvme: Fix VFIO_MAP_DMA failed: No space left on device Stefan Hajnoczi
2021-07-26 19:43 ` [PULL for-6.1 0/1] Block patches Peter Maydell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.