| Message ID | 20230311002258.852397-2-seanjc@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp43388wrd;
Fri, 10 Mar 2023 16:24:23 -0800 (PST)
X-Google-Smtp-Source:
AK7set/iGhIAPwqhS85QhQHFWLbzgzBb/iIQh2J5uuqH9esNkmgmMOwIZt6lRz2lOsgSKWYGSkyd
X-Received: by 2002:a05:6a20:4c0a:b0:cc:1c96:d2e3 with SMTP id
fm10-20020a056a204c0a00b000cc1c96d2e3mr21998285pzb.47.1678494263042;
Fri, 10 Mar 2023 16:24:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678494263; cv=none;
d=google.com; s=arc-20160816;
b=cEkdtDyMmg4lAKL7NiahYLLj4c6DQ2BhH1XSxiZPg6+NR8qUp0hoUliWg9Bj2NLehS
ZIf+v8H9eRIth0RRAeS7+cFhgkCKYsD+rKoJ6cRzpX4mfjsv3GxjGO0mFYg0qCsc2zdL
Q8Qd6G/9lgsm3rXLLwDHUBZzAoUge6YcC/GB5m2nMIwL0tl7b4vlYegdt2//51ctMqIV
GzkV0YTSnG6cUSk6Jkg/+EMgZKTSWSRfGnDFi6vwEmG2EqAU+cWmj2JIQUN5lNpTX21A
3Jqu8YWlp/O+FogKkCeCR+3Al9hRpkkg6GkTmikBb0vm9rZO2Y5p8fMrjObOpSxEQeR2
+D9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:references
:mime-version:in-reply-to:date:reply-to:dkim-signature;
bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=;
b=fK9JF7z/OitJg5jl+F5lhDLnVceyXN7euEDArfut6y3f902Be8yW62D3oA8BFWNO05
S6M1/e4MPELthjmtJ/Gb/pHJnGkEzIhTgk2owiy1hs9TLPudRMPVPHRi9+MLQ7ETm0/M
WynOQ1G2I37WgWXX8rYDmwx6J2TgMDiH3+QW8TtNrMJLEazohBQghxcxIcADnOSgzymY
YGZC9NZH+Ez7pKhxeSybAPsCBbIUkgYqIfe4R9aVdBjzv4exelEmZYhBVtPorrmR//w9
zvsNQ89/C5NK7G+hgEWmyjiJfux2ZZL5vujQm9qZj9NltCy1aJnmWGiEb0YeJpQbvS7t
nfyg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=GB1gArfo;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
n10-20020a65488a000000b00502e2343db2si1020603pgs.150.2023.03.10.16.24.08;
Fri, 10 Mar 2023 16:24:23 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20210112 header.b=GB1gArfo;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229968AbjCKAXT (ORCPT <rfc822;carlos.wei.hk@gmail.com>
+ 99 others); Fri, 10 Mar 2023 19:23:19 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42686 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229998AbjCKAXN (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 10 Mar 2023 19:23:13 -0500
Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com
[IPv6:2607:f8b0:4864:20::449])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 509EA13DCD
for <linux-kernel@vger.kernel.org>;
Fri, 10 Mar 2023 16:23:08 -0800 (PST)
Received: by mail-pf1-x449.google.com with SMTP id
i7-20020a626d07000000b005d29737db06so3631960pfc.15
for <linux-kernel@vger.kernel.org>;
Fri, 10 Mar 2023 16:23:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112; t=1678494188;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:from:to:cc:subject:date:message-id:reply-to;
bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=;
b=GB1gArfoEAh+1WeCcjFVNp3vGLQPOrtMQm3umapPCUNXovRZEPAgcDRZpaYhW1tf9+
CvhEy391fDyT2xqQ1g8qmuVWNBmP7UVJsFcL3mgm7RaKcql7bw7PdbrcK9UQnXnwem1r
FU9LJcIGnJbh9gm9H/XJuz/Dq+mHbXKaD4dBo7vYXZwCIQctrdx+IoLOGg34exedOP+u
2UIixuFO6RzJmTnpt07kkUCpmLTwmKqAgAU5/2WAo13OkxqmFkUmyMZjfrqgOFlBa7hO
I1fwoI7LFYng69bDtaVnS5BZj1UDwY7V1Vyazsgnc4KzZhcVvFJZLbViqdtNYTuGxtqF
FROg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1678494188;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=;
b=i+lFpoHDLwAGQ0guA0dH8+mtFRHI2NqSwjeHG2vOEieU4CtNf2Ewj6WYGRuF9FmMZG
5kai/X+5N/j5bl/nk6OwyjQ88uoIagMe3qUsYhkDVK2Q8ZqtisReb+zRTnhrpTvmmV5j
ur9VwkixCNQM7vIhN5okYOIKmctqPGyDZbM3zDC4iHh6a8IPgSv4mSr1IvZXx1FNpuj/
JvjIvAqrrkZKmQHcwoQXznPGfUhs0AuknWZdAG9fmj/gik3oMVOpLsPE/AXZDd2rV6fa
t/ZhpUZNmp4Dp3msJaZ1YZuMZb25XXV5tVLYOio1VJ+QN4UhcW48SyRchexQnYDCxyYG
Zhpw==
X-Gm-Message-State: AO0yUKVnuQzjsqU1LLyrJu24L02RNwr/yMKG2fOOSMq5Gt65ohCh5ash
OhaLBMFnR6dYmqqkmZ25roP2GDuqsq4=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a63:7556:0:b0:501:26b5:f43d with SMTP id
f22-20020a637556000000b0050126b5f43dmr9777394pgn.0.1678494188381; Fri, 10 Mar
2023 16:23:08 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 10 Mar 2023 16:22:32 -0800
In-Reply-To: <20230311002258.852397-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230311002258.852397-1-seanjc@google.com>
X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog
Message-ID: <20230311002258.852397-2-seanjc@google.com>
Subject: [PATCH v2 01/27] drm/i915/gvt: Verify pfn is "valid" before
dereferencing "struct page"
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Zhenyu Wang <zhenyuw@linux.intel.com>,
Zhi Wang <zhi.a.wang@intel.com>
Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
Yan Zhao <yan.y.zhao@intel.com>,
Ben Gardon <bgardon@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1760028800227937997?=
X-GMAIL-MSGID: =?utf-8?q?1760028800227937997?=
|
| Series |
drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups
|
|
Commit Message
Sean Christopherson
March 11, 2023, 12:22 a.m. UTC
Check that the pfn found by gfn_to_pfn() is actually backed by "struct
page" memory prior to retrieving and dereferencing the page. KVM
supports backing guest memory with VM_PFNMAP, VM_IO, etc., and so
there is no guarantee the pfn returned by gfn_to_pfn() has an associated
"struct page".
Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
drivers/gpu/drm/i915/gvt/gtt.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > index 4ec85308379a..58b9b316ae46 100644 > --- a/drivers/gpu/drm/i915/gvt/gtt.c > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu > *vgpu, > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > if (is_error_noslot_pfn(pfn)) > return -EINVAL; > + > + if (!pfn_valid(pfn)) > + return -EINVAL; > + Merge the two errors in one "if" to have less LOC? i.e. if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) return -EINVAL;
On 13.03.2023 16:37, Wang, Wei W wrote: > On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: >> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c >> index 4ec85308379a..58b9b316ae46 100644 >> --- a/drivers/gpu/drm/i915/gvt/gtt.c >> +++ b/drivers/gpu/drm/i915/gvt/gtt.c >> @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu >> *vgpu, >> pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); >> if (is_error_noslot_pfn(pfn)) >> return -EINVAL; >> + >> + if (!pfn_valid(pfn)) >> + return -EINVAL; >> + > > Merge the two errors in one "if" to have less LOC? > i.e. > if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) > return -EINVAL; you can just replace "if (is_error_noslot_pfn(pfn))" with "if (!pfn_valid(pfn))", it covers both cases. Regards Andrzej
On Wed, Mar 15, 2023, Andrzej Hajda wrote: > On 13.03.2023 16:37, Wang, Wei W wrote: > > On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: > > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > > > index 4ec85308379a..58b9b316ae46 100644 > > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu > > > *vgpu, > > > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > > > if (is_error_noslot_pfn(pfn)) > > > return -EINVAL; > > > + > > > + if (!pfn_valid(pfn)) > > > + return -EINVAL; > > > + > > > > Merge the two errors in one "if" to have less LOC? > > i.e. > > if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) > > return -EINVAL; > > you can just replace "if (is_error_noslot_pfn(pfn))" with "if > (!pfn_valid(pfn))", it covers both cases. Technically, yes, but the two checks are for very different things. Practically speaking, there can never be false negatives without KVM breaking horribly as overlap between struct page pfns and KVM's error/noslot would prevent mapping legal memory into a KVM guest. But I'd rather not hide the "did KVM find a valid mapping" in the "is this pfn backed by struct page" check, especially since this code goes away entirely by the end of the series.
Reviewed-by: Yan Zhao <yan.y.zhao@intel.com> On Fri, Mar 10, 2023 at 04:22:32PM -0800, Sean Christopherson wrote: > Check that the pfn found by gfn_to_pfn() is actually backed by "struct > page" memory prior to retrieving and dereferencing the page. KVM > supports backing guest memory with VM_PFNMAP, VM_IO, etc., and so > there is no guarantee the pfn returned by gfn_to_pfn() has an associated > "struct page". > > Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support") > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > drivers/gpu/drm/i915/gvt/gtt.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > index 4ec85308379a..58b9b316ae46 100644 > --- a/drivers/gpu/drm/i915/gvt/gtt.c > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu *vgpu, > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > if (is_error_noslot_pfn(pfn)) > return -EINVAL; > + > + if (!pfn_valid(pfn)) > + return -EINVAL; > + > return PageTransHuge(pfn_to_page(pfn)); > } > > -- > 2.40.0.rc1.284.g88254d51c5-goog >
diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index 4ec85308379a..58b9b316ae46 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.c +++ b/drivers/gpu/drm/i915/gvt/gtt.c @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu *vgpu, pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); if (is_error_noslot_pfn(pfn)) return -EINVAL; + + if (!pfn_valid(pfn)) + return -EINVAL; + return PageTransHuge(pfn_to_page(pfn)); }