Message ID | 20230311002258.852397-2-seanjc@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp43388wrd; Fri, 10 Mar 2023 16:24:23 -0800 (PST) X-Google-Smtp-Source: AK7set/iGhIAPwqhS85QhQHFWLbzgzBb/iIQh2J5uuqH9esNkmgmMOwIZt6lRz2lOsgSKWYGSkyd X-Received: by 2002:a05:6a20:4c0a:b0:cc:1c96:d2e3 with SMTP id fm10-20020a056a204c0a00b000cc1c96d2e3mr21998285pzb.47.1678494263042; Fri, 10 Mar 2023 16:24:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678494263; cv=none; d=google.com; s=arc-20160816; b=cEkdtDyMmg4lAKL7NiahYLLj4c6DQ2BhH1XSxiZPg6+NR8qUp0hoUliWg9Bj2NLehS ZIf+v8H9eRIth0RRAeS7+cFhgkCKYsD+rKoJ6cRzpX4mfjsv3GxjGO0mFYg0qCsc2zdL Q8Qd6G/9lgsm3rXLLwDHUBZzAoUge6YcC/GB5m2nMIwL0tl7b4vlYegdt2//51ctMqIV GzkV0YTSnG6cUSk6Jkg/+EMgZKTSWSRfGnDFi6vwEmG2EqAU+cWmj2JIQUN5lNpTX21A 3Jqu8YWlp/O+FogKkCeCR+3Al9hRpkkg6GkTmikBb0vm9rZO2Y5p8fMrjObOpSxEQeR2 +D9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=; b=fK9JF7z/OitJg5jl+F5lhDLnVceyXN7euEDArfut6y3f902Be8yW62D3oA8BFWNO05 S6M1/e4MPELthjmtJ/Gb/pHJnGkEzIhTgk2owiy1hs9TLPudRMPVPHRi9+MLQ7ETm0/M WynOQ1G2I37WgWXX8rYDmwx6J2TgMDiH3+QW8TtNrMJLEazohBQghxcxIcADnOSgzymY YGZC9NZH+Ez7pKhxeSybAPsCBbIUkgYqIfe4R9aVdBjzv4exelEmZYhBVtPorrmR//w9 zvsNQ89/C5NK7G+hgEWmyjiJfux2ZZL5vujQm9qZj9NltCy1aJnmWGiEb0YeJpQbvS7t nfyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=GB1gArfo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n10-20020a65488a000000b00502e2343db2si1020603pgs.150.2023.03.10.16.24.08; Fri, 10 Mar 2023 16:24:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=GB1gArfo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229968AbjCKAXT (ORCPT <rfc822;carlos.wei.hk@gmail.com> + 99 others); Fri, 10 Mar 2023 19:23:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229998AbjCKAXN (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 10 Mar 2023 19:23:13 -0500 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 509EA13DCD for <linux-kernel@vger.kernel.org>; Fri, 10 Mar 2023 16:23:08 -0800 (PST) Received: by mail-pf1-x449.google.com with SMTP id i7-20020a626d07000000b005d29737db06so3631960pfc.15 for <linux-kernel@vger.kernel.org>; Fri, 10 Mar 2023 16:23:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1678494188; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=; b=GB1gArfoEAh+1WeCcjFVNp3vGLQPOrtMQm3umapPCUNXovRZEPAgcDRZpaYhW1tf9+ CvhEy391fDyT2xqQ1g8qmuVWNBmP7UVJsFcL3mgm7RaKcql7bw7PdbrcK9UQnXnwem1r FU9LJcIGnJbh9gm9H/XJuz/Dq+mHbXKaD4dBo7vYXZwCIQctrdx+IoLOGg34exedOP+u 2UIixuFO6RzJmTnpt07kkUCpmLTwmKqAgAU5/2WAo13OkxqmFkUmyMZjfrqgOFlBa7hO I1fwoI7LFYng69bDtaVnS5BZj1UDwY7V1Vyazsgnc4KzZhcVvFJZLbViqdtNYTuGxtqF FROg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678494188; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5rhB2a1dGUQodXCAV1sLu8Trgm2geLJIaCstXFeDsp8=; b=i+lFpoHDLwAGQ0guA0dH8+mtFRHI2NqSwjeHG2vOEieU4CtNf2Ewj6WYGRuF9FmMZG 5kai/X+5N/j5bl/nk6OwyjQ88uoIagMe3qUsYhkDVK2Q8ZqtisReb+zRTnhrpTvmmV5j ur9VwkixCNQM7vIhN5okYOIKmctqPGyDZbM3zDC4iHh6a8IPgSv4mSr1IvZXx1FNpuj/ JvjIvAqrrkZKmQHcwoQXznPGfUhs0AuknWZdAG9fmj/gik3oMVOpLsPE/AXZDd2rV6fa t/ZhpUZNmp4Dp3msJaZ1YZuMZb25XXV5tVLYOio1VJ+QN4UhcW48SyRchexQnYDCxyYG Zhpw== X-Gm-Message-State: AO0yUKVnuQzjsqU1LLyrJu24L02RNwr/yMKG2fOOSMq5Gt65ohCh5ash OhaLBMFnR6dYmqqkmZ25roP2GDuqsq4= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:7556:0:b0:501:26b5:f43d with SMTP id f22-20020a637556000000b0050126b5f43dmr9777394pgn.0.1678494188381; Fri, 10 Mar 2023 16:23:08 -0800 (PST) Reply-To: Sean Christopherson <seanjc@google.com> Date: Fri, 10 Mar 2023 16:22:32 -0800 In-Reply-To: <20230311002258.852397-1-seanjc@google.com> Mime-Version: 1.0 References: <20230311002258.852397-1-seanjc@google.com> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog Message-ID: <20230311002258.852397-2-seanjc@google.com> Subject: [PATCH v2 01/27] drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" From: Sean Christopherson <seanjc@google.com> To: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com>, Zhenyu Wang <zhenyuw@linux.intel.com>, Zhi Wang <zhi.a.wang@intel.com> Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>, Ben Gardon <bgardon@google.com> Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760028800227937997?= X-GMAIL-MSGID: =?utf-8?q?1760028800227937997?= |
Series |
drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups
|
|
Commit Message
Sean Christopherson
March 11, 2023, 12:22 a.m. UTC
Check that the pfn found by gfn_to_pfn() is actually backed by "struct
page" memory prior to retrieving and dereferencing the page. KVM
supports backing guest memory with VM_PFNMAP, VM_IO, etc., and so
there is no guarantee the pfn returned by gfn_to_pfn() has an associated
"struct page".
Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
drivers/gpu/drm/i915/gvt/gtt.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > index 4ec85308379a..58b9b316ae46 100644 > --- a/drivers/gpu/drm/i915/gvt/gtt.c > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu > *vgpu, > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > if (is_error_noslot_pfn(pfn)) > return -EINVAL; > + > + if (!pfn_valid(pfn)) > + return -EINVAL; > + Merge the two errors in one "if" to have less LOC? i.e. if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) return -EINVAL;
On 13.03.2023 16:37, Wang, Wei W wrote: > On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: >> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c >> index 4ec85308379a..58b9b316ae46 100644 >> --- a/drivers/gpu/drm/i915/gvt/gtt.c >> +++ b/drivers/gpu/drm/i915/gvt/gtt.c >> @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu >> *vgpu, >> pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); >> if (is_error_noslot_pfn(pfn)) >> return -EINVAL; >> + >> + if (!pfn_valid(pfn)) >> + return -EINVAL; >> + > > Merge the two errors in one "if" to have less LOC? > i.e. > if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) > return -EINVAL; you can just replace "if (is_error_noslot_pfn(pfn))" with "if (!pfn_valid(pfn))", it covers both cases. Regards Andrzej
On Wed, Mar 15, 2023, Andrzej Hajda wrote: > On 13.03.2023 16:37, Wang, Wei W wrote: > > On Saturday, March 11, 2023 8:23 AM, Sean Christopherson wrote: > > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > > > index 4ec85308379a..58b9b316ae46 100644 > > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu > > > *vgpu, > > > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > > > if (is_error_noslot_pfn(pfn)) > > > return -EINVAL; > > > + > > > + if (!pfn_valid(pfn)) > > > + return -EINVAL; > > > + > > > > Merge the two errors in one "if" to have less LOC? > > i.e. > > if (is_error_noslot_pfn(pfn) || !pfn_valid(pfn)) > > return -EINVAL; > > you can just replace "if (is_error_noslot_pfn(pfn))" with "if > (!pfn_valid(pfn))", it covers both cases. Technically, yes, but the two checks are for very different things. Practically speaking, there can never be false negatives without KVM breaking horribly as overlap between struct page pfns and KVM's error/noslot would prevent mapping legal memory into a KVM guest. But I'd rather not hide the "did KVM find a valid mapping" in the "is this pfn backed by struct page" check, especially since this code goes away entirely by the end of the series.
Reviewed-by: Yan Zhao <yan.y.zhao@intel.com> On Fri, Mar 10, 2023 at 04:22:32PM -0800, Sean Christopherson wrote: > Check that the pfn found by gfn_to_pfn() is actually backed by "struct > page" memory prior to retrieving and dereferencing the page. KVM > supports backing guest memory with VM_PFNMAP, VM_IO, etc., and so > there is no guarantee the pfn returned by gfn_to_pfn() has an associated > "struct page". > > Fixes: b901b252b6cf ("drm/i915/gvt: Add 2M huge gtt support") > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > drivers/gpu/drm/i915/gvt/gtt.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > index 4ec85308379a..58b9b316ae46 100644 > --- a/drivers/gpu/drm/i915/gvt/gtt.c > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu *vgpu, > pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); > if (is_error_noslot_pfn(pfn)) > return -EINVAL; > + > + if (!pfn_valid(pfn)) > + return -EINVAL; > + > return PageTransHuge(pfn_to_page(pfn)); > } > > -- > 2.40.0.rc1.284.g88254d51c5-goog >
diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c index 4ec85308379a..58b9b316ae46 100644 --- a/drivers/gpu/drm/i915/gvt/gtt.c +++ b/drivers/gpu/drm/i915/gvt/gtt.c @@ -1183,6 +1183,10 @@ static int is_2MB_gtt_possible(struct intel_vgpu *vgpu, pfn = gfn_to_pfn(vgpu->vfio_device.kvm, ops->get_pfn(entry)); if (is_error_noslot_pfn(pfn)) return -EINVAL; + + if (!pfn_valid(pfn)) + return -EINVAL; + return PageTransHuge(pfn_to_page(pfn)); }