From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D7161A0350
	for <public@inbox.dpdk.org>; Fri, 26 Jun 2020 11:10:47 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id A57C81BE51;
	Fri, 26 Jun 2020 11:10:47 +0200 (CEST)
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61]) by dpdk.org (Postfix) with ESMTP id 3B32F1BE51
 for <stable@dpdk.org>; Fri, 26 Jun 2020 11:10:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1593162645;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references:autocrypt:autocrypt;
 bh=7iW+fpfn+2f8Z6KNlHKUml11bK5ESRyXiQs0Bczf4m4=;
 b=b+cTrdaGz89Owa+dzHP1WfukY3Zi8qYn9sqPTpWucBkTLHo3gbk2eT0pRbI+Do4sf3IM0e
 3zBGdR2qmNKgiDwM4JmS9Pp2QPuyvyE1qLs7lJj5W24sd8txr7Y7dnb+Gcfp2g+6v2757i
 YKlkl5xSDiCLPguxfnxHaYnnrhs6el8=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-350-vU5AEociNNKtDsYz5scH-w-1; Fri, 26 Jun 2020 05:10:43 -0400
X-MC-Unique: vU5AEociNNKtDsYz5scH-w-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0CBE9800C64;
 Fri, 26 Jun 2020 09:10:42 +0000 (UTC)
Received: from [10.33.37.13] (unknown [10.33.37.13])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 2EA491944D;
 Fri, 26 Jun 2020 09:10:37 +0000 (UTC)
To: "Wang, Haiyue" <haiyue.wang@intel.com>,
 David Marchand <david.marchand@redhat.com>, Luca Boccassi <bluca@debian.org>
Cc: dev <dev@dpdk.org>, "Burakov, Anatoly" <anatoly.burakov@intel.com>,
 dpdk stable <stable@dpdk.org>, Harman Kalra <hkalra@marvell.com>
References: <20200621174035.6858-1-haiyue.wang@intel.com>
 <20200625035046.19820-1-haiyue.wang@intel.com>
 <CAJFAV8x20N=rhqGkBGgdaATZwOKkCA0sbtLPoHwRpXiLXJR9aA@mail.gmail.com>
 <d536e11a-f52e-eb4f-8b13-6ddd76c9ba47@redhat.com>
 <BN8PR11MB379570F26E47B86C9640F83AF7920@BN8PR11MB3795.namprd11.prod.outlook.com>
From: Kevin Traynor <ktraynor@redhat.com>
Autocrypt: addr=ktraynor@redhat.com; keydata=
 mQINBF2J2awBEADUEPNhgNI+nJNgiTAUcw4YIgVXEoHlsNPyyzG1BEXkWXALy0Y3fNTiw6+r
 ltWDkF9jzL9kfkecgQ67itGfk1OaBXgSGKuw1PUpxAwX2Bi76LAR6M5OsyGM9TSVVQwARalz
 hMwRBIZPzPc7or6Pw7jAOJ8SQGJ1Zlp1YJCjrvpe87V1tH/LY8Wnxn/EuoseFmWILAQZAtYS
 tGjcrAgYn3SPMLR1B0BP5bTBY06vWQjiufH8drenfDnMJAzuBdG1mqjnTqCjULZ3Hunv4xqZ
 aMnkvL/K5Tj1c12Oe4930EE53LrXIBUltRg5mBudSWHnC7twjH0082HH9f963Z/2UI63SFIT
 iUvRvAzJYytgy7XnWLQ0+goZBADKYfolOuC0H8VgCaux8u8KFF28Dy+N6TV2KI58jTlyg1Zu
 l7QwykZpnOkJFiy37Gfbu3YEOzO72cP/S7/A+zvuqkxi63jyEkd+FY99vLt/HN2MUZwRmKDw
 UPbLkmrs8WU01/POVsqDcfvz7vu2St8hqqTiSIdQGS2zyTKB2/DvPSM3jws3udkIYSuhn+X4
 QBiV6lkVZ7DSE6a065gnAauAql+b32Eymy+xnG5jCt1tR+0Cp2VZYCR9OU2gmomUKBDoX/He
 pSgED01CqYPNjN+TddirwmQX7ep4DtXc8FWvv2g/pq9WZFQk2QARAQABtCNLZXZpbiBUcmF5
 bm9yIDxrdHJheW5vckByZWRoYXQuY29tPokCTgQTAQgAOBYhBAoiOaH51tHF7VYtEI9CINER
 a+yJBQJdidmsAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEI9CINERa+yJoxIP/3VF
 2TIgW4ckxhRFCvFu/606bnvCPie88ake4uWVWMAWwcMc4fKEltRWRCpkSVOwgqoMHnyHxK5r
 kOKzx2CLJMX5TgTMfKzPuaBDHngHLUzl2DStpBzrod0cVg5TShdmmfjY61uxRJKz+DlSkwgJ
 riADdVF5PPosQXTkKSGf2ombpTGpx/pue9ocjnr3x4SDpRLlnooM6Jf/3Y3Ib4jX6HPEyWuY
 b+owIIk9y2nRRGPQ6jbqAhsrXd9V+77UL0QuGWloMuKMZFbNg8hbu7X5aFijAbfxj4YUgojS
 ba7gfGZQan8h32A9KGQWrmsCBc3j2GqEPsX0r05X7cn7WL6IOPgQJ5EiQ7PlazQYVLrvZg9B
 n0GKK0k6895mLG0ZZ5v/qajOPF52etSmvFD1WUPb4OqaHqGA9ZtMpaKFRt7Y6rpXqKNU1xzW
 F5KjbTPtTb9WF3An8dciVv+AYUI7totkZYkWvQtgss8lfaX3NKUvXLVxqK0z3dQyr7rF/tYz
 PneTKypSksjCgaEBLSrsRmM5zKfe7tSNF/fDntfIq/029Jtcw29TcWEP57peNu6TtejewQD9
 sTI+oqiXvW2D5l7LNUDYG8eMJp2oT7I0ZSBRvwcbmjH0DtN/bXCCFfCvk8Yic68F3tV1ctix
 wQARVKDBhT30uCxycRWojCYqTgNJJS71uQINBF2J2awBEADP57PR2IpSYBeNSrsAjeIcsahE
 N4SQP2C4s50S8QEWAUhqMRI7WNv5cfeef0nDvcl1IUA6oz5SokbcsbMa+mRgaNF4N5KikWTO
 LPYxq2YVJoXwJ+tKmNzyOLFUIfFJ4NBJZple5dTfWzD00Dbb19Mri1hy1mWMqNTPGBee1+hw
 Qcp6n3mmGECvajs8G5A7NyXbwL8ihN7HX9D01ucD62b4G03yKe2g/hvKgcdUVmhCldJlF27I
 2fSR9tDxH9pZqRODY4rjbFZEey/vWKXqjE+DQ8AtMSEaDfFe5D+i4Aw6erWQ3Wr+DwZt1/7G
 dIAElGA/q90T1ENVwJX9y7fsQssawKYYdDqURHCl5JuDXI+VXUypExipUUT5SPycMmbLsx0D
 iKEqPPDQWKxkIDVKqj2+EhamSuJznZUwBLJKn0h4zrIWiXWUy07lRwtVuhaDXhF3GfW+5W/x
 wAg7Qg3w00ASsb/XTHBIhMnenKDfS7ihtQA8SacwX8ySdxb+15XPyiplM979qBQ0mhnilulm
 MIJzEf/JxoYR5huuj4f1PFqqrsP06Dl+YGB7dQZp3IKggS5c3/TAynARRg9N89UsDXNtp7X0
 tgIPFF5k6fnHE0J5O64GYHeTqN/1aE6dAEOV9WrGzQAJxU9ipikb8jKAWXzLewRIKGmoPcRZ
 WdB0NmIjmQARAQABiQI2BBgBCAAgFiEECiI5ofnW0cXtVi0Qj0Ig0RFr7IkFAl2J2awCGwwA
 CgkQj0Ig0RFr7IkkORAAl/NbX93WK5MEoRw7/DaPTo/Lo6Pj1XMeSqGyACigHK/452UDvlEH
 NjNJMzYYrNIjMtEmN9VVCfjT38CSca7mpGQVwchc0mC7QSPAETLCS+UacVf/Kwxz5FfkEUUw
 UT7A+uyVOIgW3d9ldlRzkHA2czonSSgTQU+i2g6DM4ha+BuQb4byAXH6HQHt/Zh1J64z0ohH
 v6iGsCzCY/sMWF8+LEGSnzMGRCLiiwSF0vJBHbzWK68fANaF4gBV0Z/+6tQRFN7YMhj/INmk
 qgvHj1ZzHFNtirjMGPRxoZs51YoLQM/aBPxKrnmXThx1ufH+0L6sGmFTugiDt0XSEkC5reH7
 a+VhQ1VTFFQrClA8NmDSPzFeuhru4ryaaDHO+uEB16cNHxHrQtlP/2hts2JM5lwkZRWJ5A57
 h8eDEIK5be47T85NVHfuTaboNRmgg1HygVejhGUtt69u/0MVRg/roUTa0FyEbNsvz4qAecyW
 yWzMcVrcGJDQLC9JLKEpoyUF6gdTKaiDL2Vao4+XRIA3Y57b6MO35a3HuzAv7+i5Z0mnDEJO
 XxXqTOmKYpMIGexzM/PtuA0712sT1abG9tAJ17ao/B7cqMW5IkKkalemFbWfI2unns4Papvo
 tk9igVqyp6EJDU98z5TJioCVojwK2laDaoIjTJk9YYv3iwCsqPd5feU=
Message-ID: <d7542170-3e26-846a-13a8-fd96e9c7756a@redhat.com>
Date: Fri, 26 Jun 2020 10:10:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <BN8PR11MB379570F26E47B86C9640F83AF7920@BN8PR11MB3795.namprd11.prod.outlook.com>
Content-Language: en-US
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [dpdk-stable] [PATCH v4] bus/pci: fix VF bus error for memory
	access
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

On 25/06/2020 19:33, Wang, Haiyue wrote:
>> -----Original Message-----
>> From: Kevin Traynor <ktraynor@redhat.com>
>> Sent: Friday, June 26, 2020 00:46
>> To: David Marchand <david.marchand@redhat.com>; Wang, Haiyue <haiyue.wang@intel.com>; Luca Boccassi
>> <bluca@debian.org>
>> Cc: dev <dev@dpdk.org>; Burakov, Anatoly <anatoly.burakov@intel.com>; dpdk stable <stable@dpdk.org>;
>> Harman Kalra <hkalra@marvell.com>
>> Subject: Re: [PATCH v4] bus/pci: fix VF bus error for memory access
>>
>> On 25/06/2020 15:09, David Marchand wrote:
>>> On Thu, Jun 25, 2020 at 6:00 AM Haiyue Wang <haiyue.wang@intel.com> wrote:
>>>>
>>>> To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
>>>> and block MMIO access on disabled memory, it will send a SIGBUS to the
>>>> application:
>>>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fddede3e0a08dee
>> 1dcde08fc0eb8476
>>>>
>>>> When the application opens the vfio PCI device, the vfio-pci module will
>>>> enable the bus memory space through PCI read/write access. According to
>>>> the PCIe specification, the 'Memory Space Enable' is always zero for VF:
>>>>
>>>>              Table 9-13 Command Register Changes
>>>>
>>>> Bit Location | PF and VF Register Differences | PF         | VF
>>>>              | From Base                      | Attributes | Attributes
>>>> -------------+--------------------------------+------------+-----------
>>>>              | Memory Space Enable - Does not |            |
>>>>              | apply to VFs. Must be hardwired|  Base      |  0b
>>>>      1       | to 0b for VFs. VF Memory Space |            |
>>>>              | is controlled by the VF MSE bit|            |
>>>>              | in the VF Control register.    |            |
>>>> -------------+--------------------------------+------------+-----------
>>>>
>>>> Afterwards the vfio-pci will initialize its own virtual PCI config space
>>>> data ('vconfig') by reading the VF's physical PCI config space, then the
>>>> 'Memory Space Enable' bit in vconfig will always be 0b value. This will
>>>> make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS
>>>> will be triggered if access these BARs.
>>>>
>>>> By investigation, the VF PCI device *passthrough* into the Guest OS by
>>>> QEMU has the 'Memory Space Enable' with 1b value. That's because every
>>>> PCI driver will start to enable the memory space, and this action will
>>>> be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space
>>>> Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but
>>>> VF runs in host OS has 'Mem-'.
>>>>
>>>> Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI
>>>> bus memory space explicitly to avoid access on disabled memory.
>>>>
>>>> Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")
>>>> Cc: stable@dpdk.org
>>>>
>>>> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
>>>> Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
>>>> Tested-by: Harman Kalra <hkalra@marvell.com>
>>>> Tested-by: David Marchand <david.marchand@redhat.com>
>>> Tested-by: Thierry Martin <thierry.martin.public@gmail.com>
>>>
>>> Applied, thanks again Haiyue.
>>>
>>>
>>> Kevin, Luca,
>>>
>>> I can see that some distros have already started backporting the fix
>>> in kernel (fc31, fc32 and rhel7 at least for what I saw).
>>> 18.11 and 19.11 will need this fix at some point.
>>> I'll let you decide on the proper timing.
>>>
>>>
>>
>> It looks an important fix. I think it's worth having in 18.11.9. I will
>> apply and create an 18.11.9-rc2 tomorrow, so if anyone hasn't started
>> validation already, they can validate with it in.
> 
> Alex post a fix in kernel just now. So looks like the DPDK patch is nice
> to have, not a MUST. ;-)
> 

Thanks for the update Haiyue. That may be true in the future, but not at
the moment. The patch is just submitted yesterday, so I don't know how
long it will take to filter through to all the distro kernels (and users
to update).

I think it's still worth to take this patch now in 18.11. I will wait
until this afternoon in case anyone has reasons not to.

thanks,
Kevin.

> https://lore.kernel.org/kvm/159310421505.27590.16617666489295503039.stgit@gimli.home/T/#u
>