From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C510EC00140 for ; Wed, 10 Aug 2022 12:19:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C84358E0002; Wed, 10 Aug 2022 08:19:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C33038E0001; Wed, 10 Aug 2022 08:19:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AFBC18E0002; Wed, 10 Aug 2022 08:19:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A10078E0001 for ; Wed, 10 Aug 2022 08:19:55 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 77AC1A1339 for ; Wed, 10 Aug 2022 12:19:55 +0000 (UTC) X-FDA: 79783589550.16.C167BFA Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by imf30.hostedemail.com (Postfix) with ESMTP id 0079B80071 for ; Wed, 10 Aug 2022 12:19:54 +0000 (UTC) Received: by mail-wr1-f67.google.com with SMTP id l22so17552752wrz.7 for ; Wed, 10 Aug 2022 05:19:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc; bh=RY2Ewo6bOI+v2XIS1ytjQN36YoqMz59NHMWH4OJMAHc=; b=RPF7rm/X78U5LLWWcqww7LvuWd7cnT3VyaR9t5pnnOHSSeNI6gaLK19VnuEZnr9Xxu ql2mH1jULHhHK1iyB7SY6LOaV20CaBEI88IbKOfcSvy1YZzsrzLxhW1BIOZxJuLPRJbs XjXYXe5HKztRcVBF0e+xdH0zXb2ZSpo4KihOg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc; bh=RY2Ewo6bOI+v2XIS1ytjQN36YoqMz59NHMWH4OJMAHc=; b=sj3uEdUDRKLIuvlCg8wHhvJCRejINq2IdyCtFWJetybPrhyCp3LBFABazvV+V2htsd rGL1xbTDAcgNA/Kk8WgJN2o1y1WvSKxRdwcPncLempswBazwmqv/atB0prRXlHSjQted eHQabgCQGUvsAkqZSw4vvOGGWS4ZSBjpkbQ3cQ/e6UxLD8KjBWu82TIvnqP8AUvvBMOi KGYfTavtfuWWu0/Z1wjvzMEoA2ByGEJX433k4zbTXh0nkyAGPzODns1nkpHdUNi9264s oFJqjLLIJE/2E6EUGuo3v1N1rJWVj8VhpF7jRI96swwrLLwb1Mnd8UvYb5RMUZ2Oss+C kyyQ== X-Gm-Message-State: ACgBeo05V1mGoxMzb8KgqBSBpzQ9wEdGE5X3YMJS0gttf6esYGtXg0U0 m5FX5kmrCUG4BlZwJJnfMCT3aw== X-Google-Smtp-Source: AA6agR4yZWOcUa33jynrJHs2cf/zf0goQtVxoIpzpPE5JePnnd3YXT9tMWXVXa6vunC8PfoLgNNPFQ== X-Received: by 2002:a05:6000:1704:b0:220:69a7:ec2b with SMTP id n4-20020a056000170400b0022069a7ec2bmr17957746wrc.436.1660133993546; Wed, 10 Aug 2022 05:19:53 -0700 (PDT) Received: from phenom.ffwll.local ([2a02:168:57f4:0:efd0:b9e5:5ae6:c2fa]) by smtp.gmail.com with ESMTPSA id q3-20020a056000136300b0021b956da1dcsm15910553wrz.113.2022.08.10.05.19.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Aug 2022 05:19:53 -0700 (PDT) Date: Wed, 10 Aug 2022 14:19:51 +0200 From: Daniel Vetter To: Yonghua Huang Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, reinette.chatre@intel.com, zhi.a.wang@intel.com, yu1.wang@intel.com, fei1.Li@intel.com, Linux MM , DRI Development Subject: Re: [PATCH] virt: acrn: obtain pa from VMA with PFNMAP flag Message-ID: Mail-Followup-To: Yonghua Huang , gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, reinette.chatre@intel.com, zhi.a.wang@intel.com, yu1.wang@intel.com, fei1.Li@intel.com, Linux MM , DRI Development References: <20220228022212.419406-1-yonghua.huang@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220228022212.419406-1-yonghua.huang@intel.com> X-Operating-System: Linux phenom 5.10.0-8-amd64 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660133995; a=rsa-sha256; cv=none; b=OhfgzEoI2Vb2O1bnQzqcnmzTpFPDskXvEWF+C856CSNG9gYwwO0Jz+4Dl5e+Yv8xANozjH c52yxvcstGlCVjzX+6b3oRrrkyj3TXG/6bkzHxl0ZDWXq+yrgnqGdmxyrV9KJBQOuGgWkF Wd2KGGU+B0EmxvesaIjmCb3Ad2sQkqM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1660133995; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RY2Ewo6bOI+v2XIS1ytjQN36YoqMz59NHMWH4OJMAHc=; b=XQ6cgPFi2qUyz2/eBHcNXVj53WzxxJehEOM4SFCo9qcSIp7RML3jxFNN5rdytlBC4wfLTW 1UbQLgXSMO5eEj6gsv9xInANc4sAJcIrClBmuvf258jUxqs2gTqUXlFsdPqbDLPFkYoPqC cs4SbRHT2MiRj8tub47Quiw6y8D9Gw8= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=ffwll.ch header.s=google header.b="RPF7rm/X"; spf=none (imf30.hostedemail.com: domain of daniel@ffwll.ch has no SPF policy when checking 209.85.221.67) smtp.mailfrom=daniel@ffwll.ch; dmarc=none X-Stat-Signature: u3oswiw9rjo6hrziqk1ddxgbupatyc4c X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 0079B80071 Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=ffwll.ch header.s=google header.b="RPF7rm/X"; spf=none (imf30.hostedemail.com: domain of daniel@ffwll.ch has no SPF policy when checking 209.85.221.67) smtp.mailfrom=daniel@ffwll.ch; dmarc=none X-HE-Tag: 1660133994-738359 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Feb 28, 2022 at 05:22:12AM +0300, Yonghua Huang wrote: > acrn_vm_ram_map can't pin the user pages with VM_PFNMAP flag > by calling get_user_pages_fast(), the PA(physical pages) > may be mapped by kernel driver and set PFNMAP flag. > > This patch fixes logic to setup EPT mapping for PFN mapped RAM region > by checking the memory attribute before adding EPT mapping for them. > > Fixes: 88f537d5e8dd ("virt: acrn: Introduce EPT mapping management") > Signed-off-by: Yonghua Huang > Signed-off-by: Fei Li > --- > drivers/virt/acrn/mm.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/drivers/virt/acrn/mm.c b/drivers/virt/acrn/mm.c > index c4f2e15c8a2b..3b1b1e7a844b 100644 > --- a/drivers/virt/acrn/mm.c > +++ b/drivers/virt/acrn/mm.c > @@ -162,10 +162,34 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) > void *remap_vaddr; > int ret, pinned; > u64 user_vm_pa; > + unsigned long pfn; > + struct vm_area_struct *vma; > > if (!vm || !memmap) > return -EINVAL; > > + mmap_read_lock(current->mm); > + vma = vma_lookup(current->mm, memmap->vma_base); > + if (vma && ((vma->vm_flags & VM_PFNMAP) != 0)) { > + if ((memmap->vma_base + memmap->len) > vma->vm_end) { > + mmap_read_unlock(current->mm); > + return -EINVAL; > + } > + > + ret = follow_pfn(vma, memmap->vma_base, &pfn); This races, don't use follow_pfn() and most definitely don't add new users. In some cases follow_pte, but the pte/pfn is still only valid for as long as you hold the pte spinlock. > + mmap_read_unlock(current->mm); Definitely after here there's zero guarantees about this pfn and it could point at anything. Please fix, I tried pretty hard to get rid of follow_pfn(), but some of them are just too hard to fix (e.g. kvm needs a pretty hug rewrite to get it all sorted). Cheers, Daniel > + if (ret < 0) { > + dev_dbg(acrn_dev.this_device, > + "Failed to lookup PFN at VMA:%pK.\n", (void *)memmap->vma_base); > + return ret; > + } > + > + return acrn_mm_region_add(vm, memmap->user_vm_pa, > + PFN_PHYS(pfn), memmap->len, > + ACRN_MEM_TYPE_WB, memmap->attr); > + } > + mmap_read_unlock(current->mm); > + > /* Get the page number of the map region */ > nr_pages = memmap->len >> PAGE_SHIFT; > pages = vzalloc(nr_pages * sizeof(struct page *)); > > base-commit: 73878e5eb1bd3c9656685ca60bc3a49d17311e0c > -- > 2.25.1 > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch