On Sun, Jun 19, 2022 at 11:32:07PM -0700, Christoph Hellwig wrote:
On Sun, Jun 19, 2022 at 11:57:26PM -0300, Jason Gunthorpe wrote:
The remark about io memory is because on s390 memcpy() will crash even on ioremapped memory, you have to use the memcpy_to/fromio() which uses the special s390 io access instructions.
Yes. The same is true for various other architectures, inluding arm64 under the right circumstances.
This helps because we now block io memory from ever getting into these call paths. I'm pretty sure this is a serious security bug, but would let the IBM folks remark as I don't know it all that well..
Prevent as in crash when trying to convert it to a page?
As for the kmap, I thought it was standard practice even if it is a non-highmem? Aren't people trying to use this for other security stuff these days?
Ira has been lookin into the protection keys, although they don't apply to s390. Either way I don't object to using kmap, but the commit log doesn't make much sense to me.
How about the updated commit log below? Thanks.
The pinned PFN list returned from vfio_pin_pages() is converted using page_to_pfn(), so direct access via memcpy() will crash on S390 if the PFN is an IO PFN, as we have to use the memcpy_to/fromio(), which uses the special s390 IO access instructions.
As a standard practice for security purpose, add kmap_local_page() to block any IO memory from ever getting into this call path.
dri-devel@lists.freedesktop.org
-
Nicolin Chen