All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: "Wang, Haiyue" <haiyue.wang@intel.com>,
	David Marchand <david.marchand@redhat.com>,
	Luca Boccassi <bluca@debian.org>
Cc: dev <dev@dpdk.org>,
	"Burakov, Anatoly" <anatoly.burakov@intel.com>,
	dpdk stable <stable@dpdk.org>, Harman Kalra <hkalra@marvell.com>
Subject: Re: [dpdk-dev] [PATCH v4] bus/pci: fix VF bus error for memory access
Date: Fri, 26 Jun 2020 10:10:36 +0100	[thread overview]
Message-ID: <d7542170-3e26-846a-13a8-fd96e9c7756a@redhat.com> (raw)
In-Reply-To: <BN8PR11MB379570F26E47B86C9640F83AF7920@BN8PR11MB3795.namprd11.prod.outlook.com>

On 25/06/2020 19:33, Wang, Haiyue wrote:
>> -----Original Message-----
>> From: Kevin Traynor <ktraynor@redhat.com>
>> Sent: Friday, June 26, 2020 00:46
>> To: David Marchand <david.marchand@redhat.com>; Wang, Haiyue <haiyue.wang@intel.com>; Luca Boccassi
>> <bluca@debian.org>
>> Cc: dev <dev@dpdk.org>; Burakov, Anatoly <anatoly.burakov@intel.com>; dpdk stable <stable@dpdk.org>;
>> Harman Kalra <hkalra@marvell.com>
>> Subject: Re: [PATCH v4] bus/pci: fix VF bus error for memory access
>>
>> On 25/06/2020 15:09, David Marchand wrote:
>>> On Thu, Jun 25, 2020 at 6:00 AM Haiyue Wang <haiyue.wang@intel.com> wrote:
>>>>
>>>> To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
>>>> and block MMIO access on disabled memory, it will send a SIGBUS to the
>>>> application:
>>>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fddede3e0a08dee
>> 1dcde08fc0eb8476
>>>>
>>>> When the application opens the vfio PCI device, the vfio-pci module will
>>>> enable the bus memory space through PCI read/write access. According to
>>>> the PCIe specification, the 'Memory Space Enable' is always zero for VF:
>>>>
>>>>              Table 9-13 Command Register Changes
>>>>
>>>> Bit Location | PF and VF Register Differences | PF         | VF
>>>>              | From Base                      | Attributes | Attributes
>>>> -------------+--------------------------------+------------+-----------
>>>>              | Memory Space Enable - Does not |            |
>>>>              | apply to VFs. Must be hardwired|  Base      |  0b
>>>>      1       | to 0b for VFs. VF Memory Space |            |
>>>>              | is controlled by the VF MSE bit|            |
>>>>              | in the VF Control register.    |            |
>>>> -------------+--------------------------------+------------+-----------
>>>>
>>>> Afterwards the vfio-pci will initialize its own virtual PCI config space
>>>> data ('vconfig') by reading the VF's physical PCI config space, then the
>>>> 'Memory Space Enable' bit in vconfig will always be 0b value. This will
>>>> make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS
>>>> will be triggered if access these BARs.
>>>>
>>>> By investigation, the VF PCI device *passthrough* into the Guest OS by
>>>> QEMU has the 'Memory Space Enable' with 1b value. That's because every
>>>> PCI driver will start to enable the memory space, and this action will
>>>> be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space
>>>> Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but
>>>> VF runs in host OS has 'Mem-'.
>>>>
>>>> Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI
>>>> bus memory space explicitly to avoid access on disabled memory.
>>>>
>>>> Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")
>>>> Cc: stable@dpdk.org
>>>>
>>>> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
>>>> Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
>>>> Tested-by: Harman Kalra <hkalra@marvell.com>
>>>> Tested-by: David Marchand <david.marchand@redhat.com>
>>> Tested-by: Thierry Martin <thierry.martin.public@gmail.com>
>>>
>>> Applied, thanks again Haiyue.
>>>
>>>
>>> Kevin, Luca,
>>>
>>> I can see that some distros have already started backporting the fix
>>> in kernel (fc31, fc32 and rhel7 at least for what I saw).
>>> 18.11 and 19.11 will need this fix at some point.
>>> I'll let you decide on the proper timing.
>>>
>>>
>>
>> It looks an important fix. I think it's worth having in 18.11.9. I will
>> apply and create an 18.11.9-rc2 tomorrow, so if anyone hasn't started
>> validation already, they can validate with it in.
> 
> Alex post a fix in kernel just now. So looks like the DPDK patch is nice
> to have, not a MUST. ;-)
> 

Thanks for the update Haiyue. That may be true in the future, but not at
the moment. The patch is just submitted yesterday, so I don't know how
long it will take to filter through to all the distro kernels (and users
to update).

I think it's still worth to take this patch now in 18.11. I will wait
until this afternoon in case anyone has reasons not to.

thanks,
Kevin.

> https://lore.kernel.org/kvm/159310421505.27590.16617666489295503039.stgit@gimli.home/T/#u
> 


  reply	other threads:[~2020-06-26  9:10 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-21 17:40 [dpdk-dev] [PATCH v1] bus/pci: fix VF bus error for memory access Haiyue Wang
2020-06-22  6:30 ` [dpdk-dev] [PATCH v2] " Haiyue Wang
2020-06-22  8:52   ` Burakov, Anatoly
2020-06-22 11:25     ` Wang, Haiyue
2020-06-22 11:13 ` [dpdk-dev] [PATCH v3] " Haiyue Wang
2020-06-22 12:11   ` Burakov, Anatoly
2020-06-23 15:12   ` Harman Kalra
2020-06-24 20:01   ` David Marchand
2020-06-25  4:01     ` Wang, Haiyue
2020-06-25  3:50 ` [dpdk-dev] [PATCH v4] " Haiyue Wang
2020-06-25 14:09   ` David Marchand
2020-06-25 16:45     ` Kevin Traynor
2020-06-25 18:33       ` Wang, Haiyue
2020-06-26  9:10         ` Kevin Traynor [this message]
2020-06-26  9:17         ` David Marchand
2020-06-26 14:14           ` Wang, Haiyue
2020-06-25 13:58 Thierry MARTIN
2020-06-25 14:18 ` David Marchand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d7542170-3e26-846a-13a8-fd96e9c7756a@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=anatoly.burakov@intel.com \
    --cc=bluca@debian.org \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=haiyue.wang@intel.com \
    --cc=hkalra@marvell.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.