netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] vhost: Don't call vq_access_ok() when using IOTLB
@ 2020-09-28 12:35 Greg Kurz
  2020-09-28 19:29 ` Michael S. Tsirkin
  2020-09-29  7:45 ` Michael S. Tsirkin
  0 siblings, 2 replies; 4+ messages in thread
From: Greg Kurz @ 2020-09-28 12:35 UTC (permalink / raw)
  To: Michael S. Tsirkin, Jason Wang
  Cc: kvm, virtualization, netdev, Laurent Vivier, David Gibson

When the IOTLB device is enabled, the vring addresses we get from
userspace are GIOVAs. It is thus wrong to pass them to vq_access_ok()
which only takes HVAs. The IOTLB map is likely empty at this stage,
so there isn't much that can be done with these GIOVAs. Access validation
will be performed at IOTLB prefetch time anyway.

BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1883084
Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API")
Cc: jasowang@redhat.com
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Greg Kurz <groug@kaod.org>
---
 drivers/vhost/vhost.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index b45519ca66a7..6296e33df31d 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1509,7 +1509,10 @@ static long vhost_vring_set_addr(struct vhost_dev *d,
 	 * If it is not, we don't as size might not have been setup.
 	 * We will verify when backend is configured. */
 	if (vq->private_data) {
-		if (!vq_access_ok(vq, vq->num,
+		/* If an IOTLB device is present, the vring addresses are
+		 * GIOVAs. Access will be validated during IOTLB prefetch. */
+		if (!vq->iotlb &&
+		    !vq_access_ok(vq, vq->num,
 			(void __user *)(unsigned long)a.desc_user_addr,
 			(void __user *)(unsigned long)a.avail_user_addr,
 			(void __user *)(unsigned long)a.used_user_addr))



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] vhost: Don't call vq_access_ok() when using IOTLB
  2020-09-28 12:35 [PATCH] vhost: Don't call vq_access_ok() when using IOTLB Greg Kurz
@ 2020-09-28 19:29 ` Michael S. Tsirkin
  2020-09-29  7:45 ` Michael S. Tsirkin
  1 sibling, 0 replies; 4+ messages in thread
From: Michael S. Tsirkin @ 2020-09-28 19:29 UTC (permalink / raw)
  To: Greg Kurz
  Cc: Jason Wang, kvm, virtualization, netdev, Laurent Vivier, David Gibson

On Mon, Sep 28, 2020 at 02:35:04PM +0200, Greg Kurz wrote:
> When the IOTLB device is enabled, the vring addresses we get from
> userspace are GIOVAs. It is thus wrong to pass them to vq_access_ok()
> which only takes HVAs. The IOTLB map is likely empty at this stage,
> so there isn't much that can be done with these GIOVAs. Access validation
> will be performed at IOTLB prefetch time anyway.
> 
> BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1883084
> Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API")
> Cc: jasowang@redhat.com
> CC: stable@vger.kernel.org # 4.14+
> Signed-off-by: Greg Kurz <groug@kaod.org>

Hmm I was sure the addresses are HVAs in any case ...
Jason?

> ---
>  drivers/vhost/vhost.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index b45519ca66a7..6296e33df31d 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -1509,7 +1509,10 @@ static long vhost_vring_set_addr(struct vhost_dev *d,
>  	 * If it is not, we don't as size might not have been setup.
>  	 * We will verify when backend is configured. */
>  	if (vq->private_data) {
> -		if (!vq_access_ok(vq, vq->num,
> +		/* If an IOTLB device is present, the vring addresses are
> +		 * GIOVAs. Access will be validated during IOTLB prefetch. */
> +		if (!vq->iotlb &&
> +		    !vq_access_ok(vq, vq->num,
>  			(void __user *)(unsigned long)a.desc_user_addr,
>  			(void __user *)(unsigned long)a.avail_user_addr,
>  			(void __user *)(unsigned long)a.used_user_addr))
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] vhost: Don't call vq_access_ok() when using IOTLB
  2020-09-28 12:35 [PATCH] vhost: Don't call vq_access_ok() when using IOTLB Greg Kurz
  2020-09-28 19:29 ` Michael S. Tsirkin
@ 2020-09-29  7:45 ` Michael S. Tsirkin
  2020-09-29  8:44   ` Greg Kurz
  1 sibling, 1 reply; 4+ messages in thread
From: Michael S. Tsirkin @ 2020-09-29  7:45 UTC (permalink / raw)
  To: Greg Kurz
  Cc: Jason Wang, kvm, virtualization, netdev, Laurent Vivier, David Gibson

On Mon, Sep 28, 2020 at 02:35:04PM +0200, Greg Kurz wrote:
> When the IOTLB device is enabled, the vring addresses we get from
> userspace are GIOVAs. It is thus wrong to pass them to vq_access_ok()
> which only takes HVAs. The IOTLB map is likely empty at this stage,
> so there isn't much that can be done with these GIOVAs. Access validation
> will be performed at IOTLB prefetch time anyway.
> 
> BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1883084
> Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API")
> Cc: jasowang@redhat.com
> CC: stable@vger.kernel.org # 4.14+
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---
>  drivers/vhost/vhost.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index b45519ca66a7..6296e33df31d 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -1509,7 +1509,10 @@ static long vhost_vring_set_addr(struct vhost_dev *d,
>  	 * If it is not, we don't as size might not have been setup.
>  	 * We will verify when backend is configured. */
>  	if (vq->private_data) {
> -		if (!vq_access_ok(vq, vq->num,
> +		/* If an IOTLB device is present, the vring addresses are
> +		 * GIOVAs. Access will be validated during IOTLB prefetch. */
> +		if (!vq->iotlb &&
> +		    !vq_access_ok(vq, vq->num,
>  			(void __user *)(unsigned long)a.desc_user_addr,
>  			(void __user *)(unsigned long)a.avail_user_addr,
>  			(void __user *)(unsigned long)a.used_user_addr))

OK I think you are right here.

Jason, can you ack pls?

However, I think a cleaner way to check this is by moving
the following check from vhost_vq_access_ok to vq_access_ok:

        /* Access validation occurs at prefetch time with IOTLB */
        if (vq->iotlb)
                return true;


> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] vhost: Don't call vq_access_ok() when using IOTLB
  2020-09-29  7:45 ` Michael S. Tsirkin
@ 2020-09-29  8:44   ` Greg Kurz
  0 siblings, 0 replies; 4+ messages in thread
From: Greg Kurz @ 2020-09-29  8:44 UTC (permalink / raw)
  To: Michael S. Tsirkin
  Cc: Jason Wang, kvm, virtualization, netdev, Laurent Vivier, David Gibson

On Tue, 29 Sep 2020 03:45:28 -0400
"Michael S. Tsirkin" <mst@redhat.com> wrote:

> On Mon, Sep 28, 2020 at 02:35:04PM +0200, Greg Kurz wrote:
> > When the IOTLB device is enabled, the vring addresses we get from
> > userspace are GIOVAs. It is thus wrong to pass them to vq_access_ok()
> > which only takes HVAs. The IOTLB map is likely empty at this stage,
> > so there isn't much that can be done with these GIOVAs. Access validation
> > will be performed at IOTLB prefetch time anyway.
> > 
> > BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1883084
> > Fixes: 6b1e6cc7855b ("vhost: new device IOTLB API")
> > Cc: jasowang@redhat.com
> > CC: stable@vger.kernel.org # 4.14+
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > ---
> >  drivers/vhost/vhost.c |    5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> > index b45519ca66a7..6296e33df31d 100644
> > --- a/drivers/vhost/vhost.c
> > +++ b/drivers/vhost/vhost.c
> > @@ -1509,7 +1509,10 @@ static long vhost_vring_set_addr(struct vhost_dev *d,
> >  	 * If it is not, we don't as size might not have been setup.
> >  	 * We will verify when backend is configured. */
> >  	if (vq->private_data) {
> > -		if (!vq_access_ok(vq, vq->num,
> > +		/* If an IOTLB device is present, the vring addresses are
> > +		 * GIOVAs. Access will be validated during IOTLB prefetch. */
> > +		if (!vq->iotlb &&
> > +		    !vq_access_ok(vq, vq->num,
> >  			(void __user *)(unsigned long)a.desc_user_addr,
> >  			(void __user *)(unsigned long)a.avail_user_addr,
> >  			(void __user *)(unsigned long)a.used_user_addr))
> 
> OK I think you are right here.
> 
> Jason, can you ack pls?
> 
> However, I think a cleaner way to check this is by moving
> the following check from vhost_vq_access_ok to vq_access_ok:
> 
>         /* Access validation occurs at prefetch time with IOTLB */
>         if (vq->iotlb)
>                 return true;
> 

Yes I agree. I'll do that in v2.

> 
> > 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-09-29  8:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-28 12:35 [PATCH] vhost: Don't call vq_access_ok() when using IOTLB Greg Kurz
2020-09-28 19:29 ` Michael S. Tsirkin
2020-09-29  7:45 ` Michael S. Tsirkin
2020-09-29  8:44   ` Greg Kurz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).