Re: [PATCH Kernel v18 4/7] vfio iommu: Implementation of ioctl for dirty pages tracking.

From: Kirti Wankhede <kwankhede@nvidia.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: kevin.tian@intel.com, yi.l.liu@intel.com, cjia@nvidia.com,
	kvm@vger.kernel.org, eskultet@redhat.com, ziye.yang@intel.com,
	qemu-devel@nongnu.org, Zhengxiao.zx@Alibaba-inc.com,
	shuangtai.tst@alibaba-inc.com, dgilbert@redhat.com,
	zhi.a.wang@intel.com, mlevitsk@redhat.com, pasic@linux.ibm.com,
	aik@ozlabs.ru, alex.williamson@redhat.com, eauger@redhat.com,
	felipe@nutanix.com, jonathan.davies@nutanix.com,
	yan.y.zhao@intel.com, changpeng.liu@intel.com, Ken.Xue@amd.com
Subject: Re: [PATCH Kernel v18 4/7] vfio iommu: Implementation of ioctl for dirty pages tracking.
Date: Thu, 14 May 2020 01:56:33 +0530	[thread overview]
Message-ID: <b9b97dfb-2c1a-519b-3778-7a546cda9bda@nvidia.com> (raw)
In-Reply-To: <20200506125405.745bb99e.cohuck@redhat.com>

On 5/6/2020 4:24 PM, Cornelia Huck wrote:
> On Mon, 4 May 2020 21:28:56 +0530
> Kirti Wankhede <kwankhede@nvidia.com> wrote:
> 
>> VFIO_IOMMU_DIRTY_PAGES ioctl performs three operations:
>> - Start dirty pages tracking while migration is active
>> - Stop dirty pages tracking.
>> - Get dirty pages bitmap. Its user space application's responsibility to
>>    copy content of dirty pages from source to destination during migration.
>>
>> To prevent DoS attack, memory for bitmap is allocated per vfio_dma
>> structure. Bitmap size is calculated considering smallest supported page
>> size. Bitmap is allocated for all vfio_dmas when dirty logging is enabled
>>
>> Bitmap is populated for already pinned pages when bitmap is allocated for
>> a vfio_dma with the smallest supported page size. Update bitmap from
>> pinning functions when tracking is enabled. When user application queries
>> bitmap, check if requested page size is same as page size used to
>> populated bitmap. If it is equal, copy bitmap, but if not equal, return
>> error.
>>
>> Fixed below error by changing pgsize type from uint64_t to size_t.
>> Reported-by: kbuild test robot <lkp@intel.com>
>>
>> All errors:
>> drivers/vfio/vfio_iommu_type1.c:197: undefined reference to `__udivdi3'
>>
>> drivers/vfio/vfio_iommu_type1.c:225: undefined reference to `__udivdi3'
> 
> Move that below the '---' delimiter so that it does not end up in the
> commit? (Crediting the build bot is fine, but the details are not
> really useful when you look at the code later.)
> 

ok, removing errors.

>>
>> Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com>
>> Reviewed-by: Neo Jia <cjia@nvidia.com>
>> ---
>>   drivers/vfio/vfio_iommu_type1.c | 266 +++++++++++++++++++++++++++++++++++++++-
>>   1 file changed, 260 insertions(+), 6 deletions(-)
> 
>> @@ -2278,6 +2435,93 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
>>   
>>   		return copy_to_user((void __user *)arg, &unmap, minsz) ?
>>   			-EFAULT : 0;
>> +	} else if (cmd == VFIO_IOMMU_DIRTY_PAGES) {
>> +		struct vfio_iommu_type1_dirty_bitmap dirty;
>> +		uint32_t mask = VFIO_IOMMU_DIRTY_PAGES_FLAG_START |
>> +				VFIO_IOMMU_DIRTY_PAGES_FLAG_STOP |
>> +				VFIO_IOMMU_DIRTY_PAGES_FLAG_GET_BITMAP;
>> +		int ret = 0;
>> +
>> +		if (!iommu->v2)
>> +			return -EACCES;
>> +
>> +		minsz = offsetofend(struct vfio_iommu_type1_dirty_bitmap,
>> +				    flags);
>> +
>> +		if (copy_from_user(&dirty, (void __user *)arg, minsz))
>> +			return -EFAULT;
>> +
>> +		if (dirty.argsz < minsz || dirty.flags & ~mask)
>> +			return -EINVAL;
>> +
>> +		/* only one flag should be set at a time */
>> +		if (__ffs(dirty.flags) != __fls(dirty.flags))
>> +			return -EINVAL;
>> +
> 
> Shouldn't you also check whether the flag that is set is actually
> valid? (maybe dirty.flags & ~VFIO_IOMMU_DIRTY_PAGES_FLAG_MASK and do a
> switch/case over dirty.flags & VFIO_IOMMU_DIRTY_PAGES_FLAG_MASK)
> 

There is a check above this check, dirty.flags & ~mask, which makes sure 
that flag is valid.

Thanks,
Kirti