On Tue, Sep 08, 2020 at 02:05:17AM +0530, Ajay Kaher wrote: > CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some > devices may lead to DoS scenario > > The VFIO modules allow users (guest VMs) to enable or disable access to the > devices' MMIO memory address spaces. If a user attempts to access (read/write) > the devices' MMIO address space when it is disabled, some h/w devices issue an > interrupt to the CPU to indicate a fatal error condition, crashing the system. > This flaw allows a guest user or process to crash the host system resulting in > a denial of service. > > Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped > before user access. > > Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling > remap_pfn_range(). Also provides a list of vmas actively mapping the area which > can later use to invalidate those mappings. > > Patch 3/ block the user from accessing memory spaces which is disabled by using > new vma list support to zap, or invalidate, those memory mappings in order to > force them to be faulted back in on access. > > Upstreamed patches link: > https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@xxxxxxxxxx > > [PATCH v4.9.y 1/3]: > Backporting of upsream commit 41311242221e: > vfio/type1: Support faulting PFNMAP vmas > > [PATCH v4.9.y 2/3]: > Backporting of upsream commit 11c4cd07ba11: > vfio-pci: Fault mmaps to enable vma tracking > > [PATCH v4.9.y 3/3]: > Backporting of upsream commit abafbc551fdd: > vfio-pci: Invalidate mmaps and block MMIO access on disabled memory All now queued up, thanks. greg k-h
